What are Subscription Companies?
Subscription merchants are companies with a business model that...
Payment security is a key consideration for today’s digital merchants, as acquiring a reputation for not protecting customers’ payment details can be an existential threat. That said, all merchants have to balance the need for security with providing a superior customer experience, which can have a critical impact on successfully closing transactions. Using multiple payment service providers (PSPs), while potentially adding complexity to the payment system, can contribute to each of these competing imperatives.
All merchants must engage with at least one PSP, which acts as the intermediary between the merchant and the remainder of the payment ecosystem, routing transactions through the various parties involved (gateways, card networks, issuing and acquiring banks, among others). Many merchants initially engage with a single, full-service PSP, accessing a broad range of services and paying a relatively simplified, flat processing fee for each sale. However, as they seek greater flexibility, and leverage to negotiate processing fees, many merchants find it valuable to engage with multiple processors; this allows (and requires) them to orchestrate each payment, directing it to the processor whose services are the most beneficial. Such multi-processor payment routing can aid in directing sales to the PSP that is the most likely to be able to process the payment; offers the lowest processing rates; or provides a security layer appropriate to the sale.
Fraudulent payments can be a threat to merchants and consumers alike. When a fraudulent payment is processed it can result in
Additionally, the reputational damage to a merchant that suffers a hack, data leak, or other fraud attack can devastate their growth plans.
Bad actors can attack the payment process from a number of vectors, including, among many others:
When a merchant is looking to add one or more additional PSPs to their original payment partner, they have to plan for how to manage stored payment information: consumers expect and require merchants to allow them to store their details so they only have to enter payment information once.
When merchants make the decision to store cardholder data within their own environment, it can create a very dangerous attack vector: even when data is held in an encrypted form, hackers can either steal or calculate the decryption key, transforming all the information back to plain text, and making it usable. In order to avoid this eventuality, merchants who store this sensitive data are required to comply with the PCI-DSS regulations, which can be an onerous and expensive proposition - and, as numerous very public reports of data breaches demonstrate, not necessarily a foolproof one. Either way, as merchants transition from their initial full-service PSP to an orchestrated multi-processor payment routing approach, ensuring that consumer data is fully protected is vital.
While each PSP offers some set of security services, they don’t necessarily include everything a given merchant might need. Merchants might look for providers that, for instance, scan transactions for unusually high amounts, transactions arriving in suspicious volumes from a single buyer, or don’t fully match stored mailing addresses. Similarly, they might subscribe to services like credit card updaters outside their PSPs’ areas of control. In order to achieve any of this, merchants must, almost by definition, commit to multi-processor payment routing, in order not to have to default to whatever is offered by their one and only payment partner.
In order to execute this shift to multi-processor payment routing, merchants must first have access to the true customer cardholder data, in order to submit it to their security partners prior to transmitting it to the payments ecosystem. Doing so requires the merchant to either
With full control over their customers’ cardholder data, merchants can institute sophisticated decisioning for each and every transaction, improving payment security by
Additionally, the decisioning engine can route each transaction to the right payment partner, based on whatever instructions have been configured by the merchant. Making the choice in a multi-processor payment routing environment may be based on
Using a multi-processor payment routing strategy is unequivocally beneficial for the merchant, with its ability to increase close rates and decrease aggregated processing fees. Done right, though, it also delivers strong security benefits for consumers, as additional transaction monitoring and approval steps can be added to the overall payment process. Merchants going this route have one core decision to make: store cardholder data locally and commit to the risky and expensive processes required to protect that information, or contract with a third-party token vault provider so they can focus on their core business.
Subscription merchants are companies with a business model that...
Payment network tokenization is a process of replacing sensitive payment information, such as a...
The terms “payment gateway” and “payment processor” are, at times, used interchangeably in payment...