Google reports Checkout increasing merchant sales
Posted on Tuesday, December 18, 2007 by Bryan Johnson
Google has been pretty tight-lipped about both internal and external performance metrics surrounding Checkout since it launched 18 months ago. In an interview with Yi-Why Yen from Fortune, they finally provided some data about the impact it's having for online merchants.
Google claims that users are 10% more likely to click on an ad that displays Checkout and 40% more likely to make a purchase once they reach the site. The 40% higher likelihood of a purchase seems high to me. Wall Street analysts estimate that Google has spent $80 to $100 million since June 2006 to get sellers and shoppers to use the service. While that data is better than nothing it still does not provide any meaningful information about the ROI or future viability of Checkout.
Checkout makes a lot of sense for Google as they can further entrench themselves in the search to transaction value chain and layer on added value to advertisers. The big question is what happens to Checkout when it's not free? Will more websites turn to traditional merchant credit card accounts?
My suspicions tell me that Checkout has been a disappointment internally and that the long term viability could potentially be in question. Their challenge will obviously be to gain broad enough demand from both consumers and merchants to justify their presence. I wish that they would share some more detailed information but their unwillingness to do so is probably a good indication of what's really going on.
Discover Card bundling processing with Visa and MasterCard
Posted on Friday, December 14, 2007 by Bryan Johnson
Discover has started the process of bundling their credit card processing with Visa and MasterCard. This means that merchant account providers will soon be offering merchants a single daily deposit for Visa, MasterCard, and Discover, a consolidated monthly statement and one phone number for customer service.
If merchants accept American Express they will still receive a separate deposit and monthly statement for related sales. This change should help simplify things for both providers and merchants. Discover has been around for 22 years and currently has roughly 4 million merchants in the U.S. Visa and MasterCard have about 35% more merchants. T
his move is to try and close that gap. In the near future, merchants will be automatically signed up to accept Discover. Discover Card is also beefing up efforts with it's offerings to consumers to try and increase the number of cardholders. After all, if they lock up the supply side but can't improve the demand side, nothing has been gained.
'07 Cyber Monday sales up 21% to $733 Million
Posted on Monday, December 10, 2007 by Bryan Johnson
Comscore released the following data for Cyber Monday sales:
More than $10.7 billion has been spent online during the season-to-date (Nov. 1 - 26), marking a 17-percent gain versus the corresponding days last year. Cyber Monday saw $733 million in online spending, representing a 21-percent increase versus last year and an 84-percent jump from the average daily online spending totals during the preceding four weeks.
Other interesting data:
1) The number of online buyers was up 38 percent compared to Cyber Monday 2006, while the average dollars spent per buyer was down 12 percent. The decline in dollars per buyer may be due to two factors -- deeper and broader price discounts offered by online merchants this year and the fact that new Cyber Monday buyers tended to spend less online than returning buyers.
2) 6 percent of the Internet users on Cyber Monday made an online purchase.
3) 44 percent of Internet users on Cyber Monday shopped online (i.e. visited an online retail site or used a comparison shopping engine) 4) 60 percent of dollars spent online on Cyber Monday came from work computers, with the balance coming from home and university computers.
Read the entire press release.
Best Practices for PCI Compliance
Posted on Friday, November 30, 2007 by Bryan Johnson
Ben Rothke and I wrote an article Best Practices for PCI Compliance for the December issue of CDW’s Biztech Magazine.
Top 5 vulnerabilities leading to credit card data breaches
Posted on Thursday, November 29, 2007 by Bryan Johnson
I just sat through a presentation by Visa on PCI Compliance. Here are a few things they shared. Breaches are currently evenly split between retail/restaurant and ecommerce merchants. Over 80% of breaches are occurring at Level 4 merchants but the larger breaches at Level 1 merchants account for the majority of stolen information.
Top 5 vulnerabilities leading to credit card data breaches:
1. Storage of prohibited data
2. Un-patched systems
3. Vendor default settings and passwords (i.e. unsecure wireless networks)
4. Poorly coded web facing applications resulting in SQL injection attacks
5. Unnecessary services on servers
Other related posts:
PCI Compliance and the cost of a credit card breach
PCI Compliance basics for credit card security
FTC cracks down on non-disclosure of fees in the credit card processing industry
Posted on Wednesday, November 28, 2007 by Bryan Johnson
The FTC is suing MPI, a provider of credit card processing services to businesses, for engaging in deceptive sales and marketing practices. In other words, they getting nailed for misrepresenting to business owners the true costs of using them for credit card processing.
- Count One: Deception. MPI misrepresented fees to merchants and overstatement of expected savings.
- Count Two: Deception. MPI failed to disclose additional credit card fees such as surcharges for certain types of transactions.
- Count Three: Deception. MPI misrepresented lease buy-outs. Stated that they would pay off balances on merchant existing leases but did not do so.
- Count Four: Unfairness. MPI made unilateral modifications of contracts after merchants signed the agreements and without their knowledge requiring merchants to pay substantial fees and surcharges.
In the process however, MPI failed to disclose all of the other fees such as surcharges on certain types of credit cards. With the additional fees included, merchants would usually end up paying more for credit card processing.
The practice by merchant service providers of offering an enticing low rate and not disclosing other fees is not unique to MPI. They were just more egregious and aggressive with their practices and ended up on the FTC radar screen.
Here is the FTC’s formal complaint:
60 Minutes segment on credit card data security
Posted on Tuesday, November 27, 2007 by Bryan Johnson
60 Minutes recently did a segment on credit card data security. They primarily reported on vulnerable wireless networks and how criminals exploit this to steal sensitive customer data from retailers. I thought they did a disservice letting the National Retail Federation make such unfounded and overreaching claims. I’m not sure why this continues to be a misunderstanding by most, but merchants are not required to store the credit card number (PAN) or other card holder data after settlement.
Purchase cards, GSA SmartPay, and Level 2 & 3 credit card processing
Posted on Monday, November 05, 2007 by Bryan Johnson
Level 3 processing is a unique class of credit card processing. The Level 3 classification only applies to specially issued Purchase Cards (p-cards) that are able to accept an enhanced set of data about the goods and services that are being purchased.
Banks started issuing p-cards to federal, state, and local government agencies (GSA SmartPay) and larger corporations to help them streamline
the collection of payment from their customers. The U.S. Federal government, spent $26 billion in 2006 using the GSA SmartPay purchase card and has over 3,000,000 cardholders. Businesses spent over $700 billion in 2006 and the growth rate (27% CAGR) is nearly twice that of regular credit cards.
Government agencies and businesses prefer to use P-cards for a number of reasons including cost savings from e-procurement, enhanced reporting on purchases, greater employee purchasing control, and lower negotiated rates with businesses (e.g. airlines) . The Federal government saved over $1 billion in 2006 by using p-cards.
It's probably fair to assume a similar cost savings were realized by businesses in terms of percentage of spend. Merchants enjoy accepting the purchase cards because payment can be received quicker, invoicing costs are substantially reduced, and government agencies and larger corporations have been known to give preferential treatment to businesses that are able to accept these cards and provide the necessary Level 3 data.
What most businesses do not know is that standard merchant accounts are not typically set up for Level 3 acceptance and not all providers of merchant accounts can offer Level 3 capabilities. If a merchant's goods or services can be sold to government agencies or larger corporations, they are wise to get setup with a merchant account that can facilitate Level 3 processing. Level 3 processing is exclusively used in business to business and business to government environments.
Merchants should also be aware that when the appropriate information is included in a Level 3 purchase, they are rewarded with lower processing rates which can be as much as 1.00%, depending on the provider. Merchants also score additional points with the accounting departments of these organizations because of the usefulness of the enhanced data reporting. Here are the different information fields that need to be captured in order to qualify for the best processing rates:
PCI Compliance for Higher Education
Posted on Tuesday, October 30, 2007 by Bryan Johnson
I recently connected up with Walt Conway, co-editor for the blog Treasury Institute. He and Mark Welch maintain the blog exclusively to discuss PCI Standard related issues for colleges and universities. I thought their unique approach was worth calling out because most other information sources are very general and not as helpful to the end user. Their efforts will help optimize experience curve effects, create best practices, and ultimately expedite compliance while reducing cost and expense.
What small businesses need to know about PCI Compliance
Posted on Thursday, October 25, 2007 by Bryan Johnson
There is no question, small business owners have more to do than they could ever get done. Some things can wait and other things cannot. One thing that should probably move to the 'get done now' list is learning about and properly addressing PCI Compliance, an industry mandated security requirement for all merchants that accept credit cards. In a nut shell, the requirement is about what and how credit credit card information is stored. The reason why this merits attention over other high priority tasks is because the financial risk of a data breach can be enormous. Businesses can be fined up to $500,000 per incident if credit card information is stolen plus be responsible for additional remediation expenses. Merchants can protect themselves from certain fines and penalties by becoming and staying compliant. RSPA is a non-profit organization that put together a 12 minute video to explain what PCI Compliance means and the security risks many merchants are facing. The video showcases a merchant who experienced a security breach and details the challenges they faced due to the compromise of magnetic stripe data from their point-of-sale system.
