Choosing the most appropriate payment solution provider (PSP) can be a challenge for most businesses.
The continuous change of technology and regulations creates a complex payment industry to navigate,
especially because payment providers need to remain flexible to keep up with regulations, trending
technologies and competitive demand. ISVs should take a detailed look into the specifics that payment
solution providers offer to ensure a healthy and happy partnership.
There are several key considerations to evaluate when searching for a payment provider:
Compliance,
Security,
Flexibility,
Solutions,
Integrations,
Pricing,
Service, and
Partnership are all important
factors.
Compliance
Choose a payment solution provider that helps you address PCI DSS or PA-DSS compliance.
The Payment Card Industry Data Security Standard (PCI DSS) was initiated
by top global credit card providers in order to protect consumers’ cardholder data from identity
theft and ensure secure payment solutions for all. PCI DSS applies to merchants, processors, and ISVs
with Web-based Software as a Service (SaaS) payment applications. The Payment Application Data Security
Standard (PA-DSS) applies only to Independent Software Vendors
(ISVs) with distributed code applications. The PCI DSS set regulations that went into effect on June
30th, 2005, that have since been modified and continuously updated to meet the needs of
developing technologies.
Through the years, the constant changing and updating of regulations has created a lot of confusion for ISVs
and merchants that accept credit card payments. As of July 1st, 2010, all merchants who receive,
store, and accept credit card information and payments are required to use only PA-DSS validated solutions.
This applies to all organizations regardless of size. ISVs can also be required to meet PA-DSS regulations,
which can become costly trying to achieve and maintain compliance.
An alternative approach is to have the software application stay out of scope of compliance by not capturing
cardholder data. In this scenario, there is no need to be PA-DSS compliant. There are options to keep an
application out of scope, depending on the payment environment.
E-commerce providers can utilize a Hosted Payment solution that has the payment solution providers receiving
and handling sensitive information directly via their PCI DSS compliant platform, relieving liability from
the ISVs and the e-commerce providers.
For card present and card not present environments, there are devices that offer Point-to-Point Encryption
(P2PE) that immediately encrypts cardholder data upon entry or swipe, rendering the sensitive information
valueless to hackers and creating an out of scope environment for
PCI compliance requirements.
Choosing a payment solution provider that is current with PCI DSS and PA-DSS requirements is extremely
important to a business. It is crucial for merchants and ISVs to partner with a payment service provider
that helps to address PCI DSS and PA-DSS compliance to ensure removal of any risk of financial liability,
loss of customers, and hefty fines.
Security
Choose a payment provider that effectively protects cardholder data from breach, loss or theft.
Security risks will always exist in payment processing. There is no one solution that addresses all the
security risks involved but there are advanced technologies that provide a substantial amount of protection
such as Point-to-Point Encryption (P2PE) and tokenization.
P2PE allows sensitive information to safely travel through vulnerable channels by encrypting the cardholder data
upon entry or swipe. Once the recipient receives the encrypted data, the processor can then decrypt the information.
This process bars hackers from intercepting cardholder data through transit, and accessing valuable information.
Tokenization is the solution for merchants that need to store
cardholder data for recurring payments or card-on-file billing. Tokenization substitutes unique, randomly generated
values to reference cardholder data that are typically stored in the software application. This eliminates the
need for merchants to store and protect actual cardholder data and reduces risks of breach and liability.
P2PE and Tokenization offer greater efficiency and optimal security for managing cardholder data. Utilizing the
technology of P2PE and Tokenization reduces PCI scope and risk, making it the direction that the PCI Security
Standards Council expects processors, software providers and merchants to be moving towards.
When choosing a payment solution provider, inquire about their security measures. Are they using point-to-point
encryption and tokenization to keep their customers safe?
Flexibility
Choose a payment vendor that offers flexibility in how you work with them.
Flexibility has many different meanings, but in the case of choosing a payment vendor, it refers to the relationship
offerings to the ISVs. Excellent payment solution providers should offer their customers the option of
payment processing or a gateway service.
Payment providers should offer both options depending on the need of their ISVs and merchant customers. Gateway
service will require merchants to set up a separate merchant account with a bank to process credit card payments.
A payment gateway facilitates the transfer of cardholder data between a payment portal, such as a website or software
application, and the Front End Processor or acquiring bank. Typically the payment gateway acts as a “link”
between the merchant and the processor. This may not be optimal for all merchants.
A payment processor, on the other hand, will conduct card transactions for merchant banks. Payment processors provide
the merchant account and handle the authorization request from the point of sale to the card issuer. Once the
payment processor has confirmed the card details have been verified, the information will be relayed back to the
merchant, who will then complete the payment transaction.
Payment service providers that can serve as both a gateway and a processor reduces the need and costs incurred with a
separate gateway provider, and eliminates an additional point of failure in the payment process. A single provider
simplifies integration and management issues, and provides more flexibility for processing needs over time.
When searching for a payment vendor, businesses should consider their needs and pay close attention to any limited
options. The flexibility of payment providers can be a determining factor in choosing the right payment service provider.
Solutions
Choose a payment provider that offers solutions to meet a variety of payment needs and has a track record of innovation.
Providing more options for diverse payment needs allows ISVs to choose solutions that better fit their business and
merchant customers’ requirements. Payment providers should be aligned with industry organizations, dialed-in
to advancing technologies and committed to innovation in order to keep up and ahead of the constantly changing payment
industry. Payment providers that are forward thinking and innovative can bring significant value to the ISV’s
business and merchant customers by providing insight, often well ahead of competitors.
For example, innovations have been made resulting in new keyboard-emulated
(driverless PIN pad) devices that feature Point-to-Point
Encryption (P2PE) technology. These devices serve every payment environment including CP/CNP, PIN Debit and Credit.
Robust solutions like these are designed to address the evolving payment industry’s regulations and keep ISVs
ahead of the curve.
Regardless of the payment environment, choosing a payment provider that offers a variety of solution options ensures
that the ISV can easily adapt the business to new opportunities as the need arises. As mentioned earlier, security is
crucial to payment processing, and a payment solution provider should offer the most current security options as apart
of their solutions offering.
Integration
Choose a payment provider that will not add unnecessary complexity and cost.
Payment processors that offer semi-integrated and multi-integrated solutions require maintenance of the distributed
software. These solutions command that staff be trained to support and manage application updates. This can create
multiple points of failure and add unnecessary costs into the payment process.
Alternatively, looking for a payment processor that utilizes software
as a Service (SaaS) web-based solutions will eliminate the need to maintain a third-party code. An optimal solution
enables developers to code to the processing platform in their native programming language, simplifying the process
and reducing integration time.
A key term to look for is “backwards compatibility.” If the platform is backwards compatible, then
the ISV does not need to make non-PCI compliance related code changes when modifications are made to the platform.
This seemingly minor tip can save an ISV substantial programming time, money and resources.
Overall, it is best to pursue processing platforms that are designed using XML or Web services in order to make it
easy for software integration. Furthermore, platforms
designed with service oriented architecture allow new features and upgrades to be made available to merchants
without requiring a download of distributed code.
Merchant Pricing
Choose a payment vendor that helps your customers understand their pricing obligation clearly.
Payment processing costs can be a complex medley of fees and charges: application fees, set-up fees, statement
fees, settlement fees, chargeback costs and a monthly point-of-sale terminal cost. In addition, card issuers
require merchants to pay card issuing banks interchange fees for accepting their cards, and gateway/merchant
account providers also collect a fee.
Many merchant payment solution providers charge using tiered pricing schemes, also known as “bucket
pricing,” that involves more than a hundred different interchange rate categories, and are based on
average monthly dollar volume processed. Merchants end up paying higher transaction charges under Bucket
Pricing due to the combined interchange fee structure.
To reduce payment-processing fees, find a payment vendor that only charges for individual rates per each
transaction (Pass-Through Pricing).
This way, when Visa and MasterCard raise interchange rates, only the affected categories increase, not an
entire bucket, and the actual rates are passed through to the merchant, without mark-up. These fair payment
providers will charge a consistent set fee for each transaction that is negotiated at the time of the
processing agreement signing.
Service
Choose a payment solution provider that offers the service level both you and your customers expect.
When choosing a payment provider there are two service considerations: the service provided to the ISV and
the service provided to merchants. The ISV provides software-related service and the processor provides
merchant account-related service.
It is vital that the ISV and payment processor deliver a complementary service level to ensure that the
customer experience is consistent and meets expectations.
Some payment solution providers only offer self-serve online FAQs. An online only support approach is
usually not an acceptable option for merchants and ISVs.
When exploring payment solution providers, seek ones that provide service to ISVs on a partnership level.
It is imperative to have a technical relationship and direct contact with an account manager or senior
executive in order to avoid any hiccups.
Partnership
Choose a payment provider that delivers more than a processing solution.
The relationship between an ISV and a payment solution provider is more successful as a partnership than
a service agreement. Partners are interested in a mutually beneficial relationship that results in
long-term success for both.
Valuable service offerings from a partner-focused payment provider include marketing, sales support, a
dedicated day-to-day relationship manager, and strategic guidance to help optimize profitability from the
partnership.
In choosing a payment provider,
inquire about the overall relationship. Payment providers that take a partnership approach will discuss
revenue sharing models and profitability for the ISVs, and will be interested in providing merchants with
highly competitive pricing that secures revenues and reinforces customer loyalty.
Evaluating payment solution providers can be a time consuming and somewhat difficult task, but nevertheless,
one that is extremely important to a business. ISVs have many providers to choose from. Finding a payment
provider that takes a partnering approach, demonstrates a strong commitment to innovation, and shares a
similar customer service model will help narrow down the options. However, ultimately an ISV will be most
successful with a processing provider that compliments their software application and helps them safely
and securely deliver more value and innovative solutions to their merchant customers.
For additional information on Element as a payment solution provider,
contact Element’s Payment Services customer service representatives at
1.866.435.3636 or send an email through the contact form.