Interesting because I thought PayPal would have much higher preferred status among this demographic.

Credit Card: 65%

Debit Card: 22%

Checking: 8%

PayPal: 3%

Other: 2%

Generation Y includes those born in 80’s to 90’s (18 - 28 year olds). Thank you First Annapolis for the data and Transaction Trends for publishing.

The Justice Department unveiled possibly their largest indictment of credit card data hackers yesterday. Nine people from the U.S. Estonia, Ukraine, China and Belarus are being charged for allegedly stealing over 40 million credit card records from nine retailers.

They successfully stole credit card data by using ’sniffing’ programs on both wireless networks and on cash registers. Once captured, the criminals would load the data onto the magnetic strip of blank credit cards and then withdraw cash from ATM’s.

The issuing financial institutions of the stolen cards take large financial losses because cardholders are not responsible for fraud - they are. For example, Justice Department reports that at one Dave & Busters restaurant location the sniffing program captured roughly 5,000 cards that resulted in over $600,000 of losses to the finanical institutions that issued those cards.

The affected retailers include Sports Authority, Office Max, BJ’s Wholesale Club, Marshall’s, T.J. Maxx and a few others.

Other related posts:
The cost of a credit card breach
PCI Compliance basics
The cost to become PCI Compliant

Visa & MasterCard have announced some pretty significant changes. Visa is out with two new categories: Debt Repayment and Government to Government. Tax Payment is officially coming out of pilot and interchange reductions at the pump. MasterCard introduces a recurring billing ‘preauthorized request’ - a great idea. All these will be effective October 3rd, 2008:

Visa Updates
Debt Repayment Programs for U.S. consumer auto loan, credit card, residential mortgage and student loan for debit card only.
- Availability for Financial Institutions Merchandise & Services, Non Financial Foreign Currency Money Orders (no wire transfers) and Travelers Cheques).
- Cannot be used for bad debt, uncollectible debt charge-off debt and debt sold to collection agencies.

Fuel - making a move to reduce the pain at the pump (and appease angry gas station owners):
- Consumer Debit Cards: a maximum interchange amount is now in place, replacing what was formerly a discount rate and transaction fee that varied with amount.
- Consumer Credit Cards: lowered by as much as .50 bps on certain cards and consolidated into a single rate for 6 different card types- Automated Fuel Dispenser (AFD) Partial Authorization
- Partial Authorization: POS Vendors will be required to support this functionality by 10/3/08. As some context, when a consumer swipes a card today today at an AFD an authorization is done for $50 to check validity and availability of funds before approving to pump. That’s referred to as a ‘Partial Authorization’ so if the consumer only pumps $40 of fuel the initial $50 authorization, the merchant can capture for the $40. A problem with that method is that if a check (Signature Debit) or pre-paid card is used and the card does not have the available funds it will be denied. With the Partial Authorization implemented, the issuer would respond with the available amount instead of denying the transaction.

Tax Payments - Visa has had this program in pilot mode for several years now:
- Merchants are required to register for this - no sign up fees before April 1, 2009.
- Existing interchange rates will apply
- Interchange rate of $2.50 will apply to consumer debit transactions that are qualified
- Service or convenience fee may be assessed. Fee can be variable for consumer credit and commercial cards but a flat fee must be charged for consumer debit transactions and may not exceed $3.95 (could they make it any more difficult?)

Commercial Card GSA
- Introduction of Government-to-Government interchange program (G2G). Level II & III data is not required.
- $5,000 minimum has been removed
- Special interchange rate for transactions over $8,750 is removed with interchange rate increasing .25 bps and $4.
- GSA Purchase cards will not be available for Commercial Card Level III rates.

MasterCard
Test transaction for Recurring Billing
- $1 authorization for account status before requesting full amount authorization. (nice work whomever came up with this idea!)

What’s going on MasterCard? Only 1 Update?

The deadline to comply with PCI DSS Requirement 6.6 was June 30th, 2008. Merchants have been given two options:

1. Have all custom application code reviewed for common vulnerabilities by an organization that specializes in application security.
2. Install an application-layer firewall in front of web-facing applications.

The driver behind this new requirement is that a large percentage of credit card breaches are due to SQL Injection, Cross Site Scripting (XSS) and Buffer Overflow attacks. The intent of this requirement is to eliminate those vulnerabilities which would contribute to a significant reduction in breaches.

Here is the Information Supplement supplied by the PCI Security Standards Council.

It is known by some, but not all, that businesses pay fees in order to accept credit cards as a form of payment. In fact, over 7 million merchants in the U.S. accept credit cards. During 2006 they collectively paid over 30 billion in credit card acceptance fees to customers to pay with plastic.

Despite the size of the industry, its a mystery to most who is pocketing all this money and how prices are determined and reported. I had a CPA tell me the other day, “I’m a smart guy. I understand numbers, pricing and reconciliation, but for whatever reason I just cannot get my head around credit card processing fees and the unbelievably complicated way companies report them.” He’s not alone. Hopefully this article will clear up some of that confusion as I provide some context about where credit card fees come from, who’s making the money, and how fees and rates are determined.

Issuing Financial Institutions make roughly 85% of all credit and debit card processing fees
The financial institutions that issue credit and debit cards are the biggest benefactors. Some financial institutions such as banks co-issue debit and credit cards with Visa and or MasterCard while others such as American Express and Discover issue them directly (though now after years of litigation, some banks are now issuing American Express to cardholders). Visa and MasterCard are now public membership associations owned by the issuing banks, and collectively own roughly 75% of the credit cards in the market. For example, Visa is a membership association of over 13,000 banks nationwide.

These issuing financial institutions make money every time a card they issued is used to purchase something. For example, let’s assume that a business is paying an effective rate of 3.5% to accept credit cards (that 3.5% is usually comprised of a discount rate and a per transaction fee but I just used a flat rate for simplification purposes). Roughly 85% of that 3.5% is going to the issuing bank. The remaining 15% is divided among Visa or MasterCard, the credit card processor, and if there is one, the Independent Sales Organization (ISO).

How do financial institutions justify their fees?
Credit card usage has seen explosive growth in the past 20 years for a number of reasons. Benefits of using plastic include 15 to 45 days to pay original purchases, rewards, a line of credit for extra spending power, fraud protection, a monthly accounting of all purchases and general convenience. The use of Purchase Cards by Corporations or the government (GSA) has also been growing rapidly to lower the cost and to streamline Accounts Receivable and Payables.

An example of some of the costs these financial institutions incur providing and maintaining card holders include fraud, bad debt, customer support, rewards and other perks, and float (they pay for your purchases before you pay them). Usage rewards alone account for roughly 40% of the fees they generate and end up back in the pockets of cardholders. They fiercely compete for new cardholders primarily on their rewards programs.

Continuing our example from above, if you buy movie tickets for $20 and the movie theater is paying 3.5%, the financial institution that issued that credit card would make $0.60 ($20 x 3.5% = $0.70, x 85% equals $0.60). Visa and MasterCard add their respective fees of .0925% and .0950% on top of what the banks charge (Note: that’s 9.25 and 9.50 basis points. 100 basis points equals 1%). Adding the fees from the bank and Visa or MasterCard together form what is called ‘interchange’.

You now understand why you find a credit card offer in your mailbox everyday. Outside of the 18% interest rates, annual fees, and late fees, being a card issuer is a lucrative business! The issuing institutions are making money on both the front and back end.

That seems simple enough, why does everyone say it’s so complex?
From a high level, the rate structure seems pretty simple, but it gets messy fast once we get into the details. There are over 100 different interchange ‘rates’ or ‘categories’. The particular rate that is charged on any given transaction depends on a number of variables, including:

1) The type of card that is used in the transaction i.e. debit, credit, rewards, or business card, international, etc.
2) Where the card is used i.e. restaurant, retail, gas, business to business, ecommerce, etc.
3) The method of usage i.e. swiped, over the phone, or via ecommerce.
4) What information the business captures during the transaction i.e. name, address, tax ID, tax amount, unit description, etc. (the information required is a whole other layer of complexity).
5) When the transaction is submitted to the processor for settlement and funds transfer after the initial authorization.

As you can see, it’s a very complicated matrix. Very few people, including those who’ve been in the industry for years, really understand interchange.

Qualifying for different rate categories and getting hit with downgrades
Merchants can often do more than they think to better manage the credit card fees they pay. For example, transactions can be ‘downgraded’ (penalized) when they don’t meet interchange requirements. Example reasons for downgrades include not capturing the correct information when processing (such as billing zip), settling the transaction after a certain period of time, not swiping the transaction and many more. Learning how to recognize these penalties and then making the appropriate adjustments can help you lower the fees that are paid.

One downgrade example is if an a restaurant employee hand keys a credit card number into the point of sale system because the magnetic strip can’t be read, the transaction falls into a different and higher rate category . The transaction is penalized because ‘non swiped’ transactions carry more risk and therefore higher interchange fees. The increase in rate can be significant ranging from 30 basis points to 2%, or more depending on how the service provider has the account priced.

Different rate categories and downgrades are the dirty little secret for merchant service providers. It’s where they make most of their margin because they offer artificially low rates and don’t disclose higher market ups on transactions that don’t fall into a specific rate category. Too many merchants fall for this and think their paying the single, highly competitive rate that was advertised.

A quick search of merchant service providers will demonstrate that non disclosure of fees is a standard practice. See two examples here.

The undecipherable monthly credit card statement
As icing on the cake, the unreadable format most merchant service providers use to present this information to you on a monthly basis doesn’t help. Of course, the format used is not because they have no other option, it’s because that’s what makes them the most amount of money.

The frustration with credit card fees
Some merchants accept credit cards because they find them to be a easier and more efficient method of accepting money from customers. Most merchants however accept them because they have no other choice. Many merchants and advocacy groups have cried foul lately with Visa and MasterCard increasing ‘interchange’ fees over 117% in the past five years while maintaining over 75% market share. The Card Associations have been accused of being monopolistic.

Interchange has come under increased pressure lately
A few years ago, Wal-Mart won a class action lawsuit against Visa and MasterCard. They claimed that debit card interchange was being improperly priced because it had the same interchange rate as credit cards. Among other things, they argued that debit cards should be have a lower interchange rate because money comes directly out of the cardholders account versus a credit card where there is 15 to 45 days between purchase and payment. The courts agreed and awarded Wal-Mart and other retailers billions of dollars in compensatory damages. There are currently a number of other legal battles against the Card Associations surrounding interchange.