Bye, bye, Revolution Money!

American Express just announced they are buying it for not much more than what has been invested in it. There has been so much smoke and mirrors about this company, for anyone that actually knows what they are talking about, it at least has provided some entertainment value. If American Express cannot figure out how to copy anything of value that this company had (and if anyone can explain to me what that was) for a lot less than $300M, it is a pretty bad situation.

PayPhrase?

I am sure I am missing something about this new feature from Amazon. I was really looking forward to having yet another Username/Password to remember (not!). I guess by calling it a PayPhrase, we are not supposed to realize it is just another Username. I only have about 100 others. When I saw the release, I immediately went and signed up presuming that perhaps this was something genuinely new and different. Alas, it was not.

With GoogleCheckout heading toward oblivion and PayPal seemingly unstoppable, I realize that desperation can drive other copycats to try and force innovation, but this one really seems like a very long stretch.

If anyone understands what this is supposed to accomplish and can explain it to me, I would really appreciate it.

Thanks!!!

Whose Data Is It? - Can you get it back?

As a result of PCI compliance a lot of merchants are relying on 3rd parties to store their credit card info. That does make sense for many merchants, large and small. However, it is imperative, especially if you are a subscription based service or have "1-click" accounts set up for your customers that should you leave that particular service provider, there is an agreement and the processes in place to securely and in a timely fashion get your data back.
Here at Vindicia, we have a standard clause in our agreement that covers this possible outcome and as long as the merchant has become PCI compliant themselves or is switching to another PCI compliant vendor they can have it back.
Unfortunately, as we have recently learned, not all outsourced providers are treating this issue this way and in fact are using PCI as an excuse to handcuff their customers and potentially bring great harm to them financially if they ever leave.
We brought on a new customer about 9 months ago and have been engaged, along with the customer, every since in trying to help them get their data back. First we were told No, then Yes, but they claimed they did not have the capability to extract the data argument and the latest is No again. I will not name the provider (yet), but they are hiding behind PCI. PCI is not an excuse for handcuffing your customers. More on this as it evolves, but be careful who you trust with your data.

Hosted Order Pages?

On the surface (like with a lot of things in payment), it would seem to make sense to use a HOP. But, unless you are a mom & pop merchant with little choice and a serious lack of technical resource, be aware of the compromises that you are making. It is tempting to "solve" your PCI requirements by letting someone else host the order page and therefore handle all the credit card storage. Here are a few things to think about;
1) whose data is it? If you ever decide to change providers or take the order page back under your control, will you be able to easily get your data back? Does your contract cover that? Is your provider prepared to do this in a timely, efficient, and secure manner?
2) maintenance windows? Remember, yours for the rest of your site and your providers for the HOP will rarely be the same so there are going to be times when your store is open, but your checkout page is not available.
3) security settings? If your consumer has their security settings set high, the transition from your shopping pages to the HOP may cause a warning box to pop up. This could lead to confusion, concern and of course the dreaded shopping cart abandonment syndrome.
4) branding/look & feel? Most HOPs allow you to attempt to make the page look like the rest of your site but it will never be perfect and therefore again this transition could lead to shopping cart abandonment.
5) customer service? If you are using a HOP, are you going to have the info you need to provide customer service? Are your CSRs going to have to switch from one system to the other to get access to info?
6) chargeback handling? Does the HOP give you adequate info to prevent and/or handle chargebacks when they arise?
I am sure there are things that I am missing but I hope I have at least caused the people who are in a position to make choices on matters like this have some add'l food for thought to help make an informed decision.

echeck?

Just recently the desire by ecommerce merchants to accept electronic checks has been expressed a few times so I thought I would make a few comments. Merchants are often led to this interest by a rational desire to save money. However, for most ecommerce merchants, this is clearly the case where the lowest cost is not usually a valid enough reason. It is true that accepting electronic checks usually costs between $.25 and $.50 flat per item. Compare that to 2.25% + $.25 for a typical $20 or more transaction with a credit or debit card and the math looks very appealing. However, when you consider what you get for your ~$.375, it may not make sense. First of all, many consumers are leery of giving their checking account number/routing & transit number to a merchant, and rightly so. In the wrong hands, someone can access the consumer's demand deposit (DDA) account (sometimes referred to as their "current" account) and drain it, causing mortgage payments and other critical payments to bounce. While, in the case of true fraud, these problems can be reversed, they are very time consuming. Secondly, there is no way to verify if that account is valid and if it has funds in it in real time like there is with a credit/debit card. That means that the merchant needs to either sit on the order, if physical goods or permit access if a digital good, then wait 5-7 days and if the transaction is not funded, then reverse the order/shut off access.

There are a variety of alternatives that have been launched, are being piloted or are being planned that access the DDA account and offer some solutions to the aforementioned problems but they typically involve some enrollment step (see earlier blog post on this topic) which is the kiss of death for success or are priced much closer to regular credit/debit cards and therefore are not as compelling.

Welcome your feedback/questions!

Coming to the DRF?

One of my favorite conferences each year is the Direct Response Forum. Other than the fact that it is in Tampa in August (what were they thinking?), I am very much looking forward to it. I enjoyed my years on the Advisory Board! It is a great event for both networking and content. If you are coming and want to get together, let me know. If are unfamiliar with the DRF, check it out! www.directresponse.org

RFID? (my apologies that this is not about ecommerce)

Whether you call it PayWave (Visa), ExpressPay (AMEX), or PayPass (MasterCard), you do not hear much about this technology these days. Today I was at my local Office Depot and I noticed that they had capable terminals so I purposefully pulled out the one enabled card I have, AMEX Blue, and tried to use it. Apologies to all my former POS colleagues but it was not working. The clerk had to grab my card and swipe the old standby Mag Stripe through the terminal's reader. He commented - "it fails about every 20th transactions". My luck!

We Americans take a lot of guff from the global payment marketplace that we never adopted Chip cards and with all the noise about RFID, it is barely scratching the suface. Having personally sold a few hundred thousand mag stripe based terminals, I recognized one key value of RFID was solving the mag stripe wear and tear issue. Of course, that isn't enough to justify the deployment expense. One of the other projected values, speed of transaction, barely exists under the best of circumstances especially compared to customer activated terminals and <$25 receipt-less transactions becoming all the rage. The only thing left is a slight enhanced security benefit from the dynamic CVV, but unfortunately that is probably not enough to justify the expense of deployment even combined with the mag stripe failure issue.

About all I can say is I am glad my physical POS hardware days are behind me!!