Thursday, August 27, 2009

Hosted Order Pages?

On the surface (like with a lot of things in payment), it would seem to make sense to use a HOP. But, unless you are a mom & pop merchant with little choice and a serious lack of technical resource, be aware of the compromises that you are making. It is tempting to "solve" your PCI requirements by letting someone else host the order page and therefore handle all the credit card storage. Here are a few things to think about;
1) whose data is it? If you ever decide to change providers or take the order page back under your control, will you be able to easily get your data back? Does your contract cover that? Is your provider prepared to do this in a timely, efficient, and secure manner?
2) maintenance windows? Remember, yours for the rest of your site and your providers for the HOP will rarely be the same so there are going to be times when your store is open, but your checkout page is not available.
3) security settings? If your consumer has their security settings set high, the transition from your shopping pages to the HOP may cause a warning box to pop up. This could lead to confusion, concern and of course the dreaded shopping cart abandonment syndrome.
4) branding/look & feel? Most HOPs allow you to attempt to make the page look like the rest of your site but it will never be perfect and therefore again this transition could lead to shopping cart abandonment.
5) customer service? If you are using a HOP, are you going to have the info you need to provide customer service? Are your CSRs going to have to switch from one system to the other to get access to info?
6) chargeback handling? Does the HOP give you adequate info to prevent and/or handle chargebacks when they arise?
I am sure there are things that I am missing but I hope I have at least caused the people who are in a position to make choices on matters like this have some add'l food for thought to help make an informed decision.

Sunday, August 23, 2009


Just recently the desire by ecommerce merchants to accept electronic checks has been expressed a few times so I thought I would make a few comments. Merchants are often led to this interest by a rational desire to save money. However, for most ecommerce merchants, this is clearly the case where the lowest cost is not usually a valid enough reason. It is true that accepting electronic checks usually costs between $.25 and $.50 flat per item. Compare that to 2.25% + $.25 for a typical $20 or more transaction with a credit or debit card and the math looks very appealing. However, when you consider what you get for your ~$.375, it may not make sense. First of all, many consumers are leery of giving their checking account number/routing & transit number to a merchant, and rightly so. In the wrong hands, someone can access the consumer's demand deposit (DDA) account (sometimes referred to as their "current" account) and drain it, causing mortgage payments and other critical payments to bounce. While, in the case of true fraud, these problems can be reversed, they are very time consuming. Secondly, there is no way to verify if that account is valid and if it has funds in it in real time like there is with a credit/debit card. That means that the merchant needs to either sit on the order, if physical goods or permit access if a digital good, then wait 5-7 days and if the transaction is not funded, then reverse the order/shut off access.

There are a variety of alternatives that have been launched, are being piloted or are being planned that access the DDA account and offer some solutions to the aforementioned problems but they typically involve some enrollment step (see earlier blog post on this topic) which is the kiss of death for success or are priced much closer to regular credit/debit cards and therefore are not as compelling.

Welcome your feedback/questions!

Sunday, August 2, 2009

RFID? (my apologies that this is not about ecommerce)

Whether you call it PayWave (Visa), ExpressPay (AMEX), or PayPass (MasterCard), you do not hear much about this technology these days. Today I was at my local Office Depot and I noticed that they had capable terminals so I purposefully pulled out the one enabled card I have, AMEX Blue, and tried to use it. Apologies to all my former POS colleagues but it was not working. The clerk had to grab my card and swipe the old standby Mag Stripe through the terminal's reader. He commented - "it fails about every 20th transactions". My luck!

We Americans take a lot of guff from the global payment marketplace that we never adopted Chip cards and with all the noise about RFID, it is barely scratching the suface. Having personally sold a few hundred thousand mag stripe based terminals, I recognized one key value of RFID was solving the mag stripe wear and tear issue. Of course, that isn't enough to justify the deployment expense. One of the other projected values, speed of transaction, barely exists under the best of circumstances especially compared to customer activated terminals and <$25 receipt-less transactions becoming all the rage. The only thing left is a slight enhanced security benefit from the dynamic CVV, but unfortunately that is probably not enough to justify the expense of deployment even combined with the mag stripe failure issue.

About all I can say is I am glad my physical POS hardware days are behind me!!