Skip navigation
All Places > In the News > Blog > 2018 > September
2018

Last year, 85%-90% of all business assets were digital. The average security breach costs U.S. businesses an average of $7.35 million, making information security a top strategic priority for modern businesses. Plus data breaches can end up costing much more in the long-term from reputational damage and brand erosion.  

 

Point-to-Point Encryption (P2PE) is a security development that allows businesses to remove clear text data from their network. A P2PE solution consists of a combination of validated hardware, software, applications and processes to encrypt cardholder data. P2PE ensures that confidential card payment data is encrypted at the point the payment is taken, removing the clear text data from the retailer’s network. That data is only decrypted once it’s passed to the solution provider’s secure environment.

 

P2PE uses a key management process in which every transaction is created using a unique key. This means that each transaction would have to be individually broken to gain access to sensitive data. The processing power and time to hack individual transactions to gain substantial amounts of cardholder data is incredibly difficult.

A P2PE listed solution provides businesses with access to the latest technology to protect customers’ data.

 

Make sure you can spot the difference between P2PE hype and truth with our handy infographic:

 

Dispelling the myths about P2PE

We're currently conducting the WorldPay's Developer Insights Survey - a survey to explore the landscape of developers coding for payments and commerceHere are some highlights we've collected so far: 

 

  1. Almost 75% of respondents identify as full-stack or back-end developers:
  2. About 1/3 develop computer software and nearly 1/4 are coding for into financial services:
  3. Most of the developers surveyed started coding as kids, between the ages of 10-17.
  4. Payments developers love Python (C++ is in the 2nd place).
  5. Developers choose  cats and narwhals over  dogs and unicorns
  6. 61% of payments developers use Agile development methodology
  7. Developers prefer to work in an office. Only 5% of responders work from home.
  8. When asked how long they've been coding, most professional payments developers selected "a long, long time, young padawan." 
  9.  Only 21% of survey respondents were under 30.

Thanks for reading!

If you can spare 5–10 minutes, go take the survey yourself:

Considerations when choosing a gateway integration

There are a lot of payment gateways out there, and choosing the right payment solution can be overwhelming. Especially when you consider that there is no single right answer for every business. Different developers do not need the same features, so for comparison, here's a developer's checklist of considerations  for any payment gateway integration.

 

cost per payment transaction matters

 

Developer Checklist for payment gateway integration

1) Cost per payment transaction

For most merchants, the cost is always an issue. A difference of 0.2% in an average cost per transaction may not sound like much, but for a small business with five million dollars in annual receipts, this represents $10K of lost profits.

 

Gateways often publish what is referred to as “discount rates” – for example, $2.9% plus a fixed cost per transaction with a tiered discount schedule as their volume grows. Larger payment providers may offer “interchange plus” schemes where merchants pay actual interchange fees and assessments plus an additional fixed fee for processing services.

 

These types of processing agreements may be subject to additional fees as well. While interchange plus fees can be more complex, larger merchants often prefer them because they provide visibility to the component costs of each transaction.

Understanding all the details of the fee structure including potential extra costs related to refunds, chargebacks, and miscellaneous fees is important regardless of the payment solution you select.

 


2) Percentage of transactions that complete successfully

A consideration often overlooked is the percentage of Authorizations and Captures that complete successfully on a gateway. This is arguably even more important than minor differences in the cost per transaction because failed authorizations can translate directly to lost business and a reduction of top-line revenue.

 

This is an area where the gateways offered by larger payment processors often have a significant edge over third-party gateways. Tier-one eCommerce gateways have success rates for completed transactions in the range of 95%, whereas better-known brand name gateways often fare poorly with success rates in the 80% range.¹

 

This critical conversion consideration is important for most merchants, so developers and ISVs should consider this carefully as well when choosing a gateway.

1. The Payment Gateways Report – August 2016 – Evan Bakker, BI Intelligence

 

 

3) Type of bank account required

Another consideration for any payment gateway integration is the type of bank account required for use with the payment gateway. Most gateways will require that the merchant have a merchant bank account and their own Merchant ID (MID). Other gateways essentially act as aggregators, collecting payments themselves and then distributing them to a merchant’s bank account periodically or as requested using ACH transfers.

 

This second model allows smaller merchants to use a regular bank account and get up and running quickly avoiding the need to have a MID and the fees involved with a merchant account.  PayPal and Stripe are examples of payment gateways that allow for this.

While this is an option, merchants doing a reasonable volume of sales, needing fast settlement will generally be better served by having a proper merchant account.

 

 

4) Support for card present/point of sale applications

Many popular payment gateways are built specifically for eCommerce transactions. This is logical, since most businesses adding a storefront already have established point-of-sale solutions, and eCommerce providers may not need one.

 

As the lines blur between traditional retail and commerce, however, it is useful to have a single payment infrastructure for both  and in-store payments. Not only does aggregating volume help reduce rates, this can be useful when offering capabilities like order  and pick up in-store, order-ahead, in-store refunds for purchases, and other capabilities that consumers increasingly demand.

 

Some gateways offer features required for point of sale payments such as batch processing, lane management, support for various terminal devices (card readers, EMV, pin pads etc.), and vertical application extensions for auto rental, lodging, healthcare and other industries.

For merchants that hope to use a single payment solution for both in-store and   channels, support for card present features can be important criteria when selecting a gateway.

 

 

 

5) Ease of integration and maintenance

For some developers or ISVs, ease of integration can be an important consideration. Some application gateways are developer friendly offering hosted payment pages or easy-to-use SDKs implemented in multiple programming languages. Some gateways even offer SDKs targeting specific mobile platforms like iOS or Android; supporting use-cases like in-app or mobile web wallet purchases.

 

Other payment gateways don’t offer SDKs but provide an interface specification instead (usually accessed via a REST or SOAP / XML POST API) where client applications send and receive payment transactions that they encode themselves in XML or JSON formats.

 

There are pros and cons to each solution. Some developers will prefer an SDK, but others view SDKs as problematic since they introduce a dependency on their code that can complicate the release management process. These developers would prefer to code directly to a specification where they have full control, even if it means more coding effort.

 

There is no right or wrong answer, but understanding the nature of the developer interface is also an important consideration in choosing a gateway.

 

6) Throughput & performance

Another factor in selecting a gateway is performance. Gateways often pass payment data through multiple providers, and each additional “hop” introduces latency and increases opportunities for errors or outages. Payment approval times can range from sub-second response times to several seconds or even tens-of-seconds depending on the gateway; these delays directly affect the user experience.

 

Generally, the closer the gateway is to a payment processor, the better the performance and reliability.

 


pci compliance-security-encryption-myth
7) Security, encryption and PCI scope

How the gateway handles sensitive cardholder data is another key consideration for both merchants and developers. Most gateways offer hosted payment solutions, iFrame-based solutions, or JavaScript libraries that vault credentials at the point of capture providing a low-value, non-PCI sensitive token to be used in place of the actual card number.

 

Gateways may also provide a separate token in response to a payment transaction that can be safely stored in the merchant’s database to facilitate “card on file” functionality so that consumers don’t need to rekey their card for subsequent purchases.

 

In selecting a gateway, it is important to understand features related to encryption and tokenization and avoid solutions that put the payment application in PCI scope. The same is true for gateways supporting card present solutions as well.

Ideally, the gateway should facilitate secure processing, using point-to-point encryption for any point of entry, including EMV, swiped, tapped or keyed transactions eliminating the applications need to store, handle or transmit card data.

 

The breadth of payment methods accepted – An important strategy for maximizing conversions is offering multiple payment methods. Ideally, a gateway should support payments for all major credit and debit cards.

 

Developers should also consider capabilities related to other popular payment methods like PayPal, MasterPass or Visa Checkout. Mobile wallet based payments are expected to increase in popularity in the coming years (Apple Pay, Android Pay, and others) as consumers increasingly prefer “one touch” checkout for faster speed of service both in-store and .

 

8) Breadth of payment processors supported

For ISVs, it can be advantageous to support multiple payment processors. This is often an argument for coding to a third-party gateway, for this reason alone. Some gateways have an established relationship with a single payment processor (e.g. Stripe) whereas other gateways support multiple processors (e.g. Vantiv’s Express Gateway).

There is no right or wrong answer here either, but before selecting a gateway, it is important to understand how this might constrain your merchant’s choices in terms of payment processors and banking services.

 

 

9) Multi-currency support

For  merchants selling internationally, multi-currency support is important as well. Multi-currency support should not be confused with accepting international cards. For example, a US domiciled merchant may sell goods or services to a Canadian resident where the amounts are presented and paid in US dollars, so multi-currency support is not strictly necessary.

 

Organizations selling internationally will see value in gateway solutions that allow customers to pay in their home currency however as this will increase conversions and sales.

Consumers prefer to pay in their home currency for a variety of reasons including concerns about noncompetitive currency exchange rates that may be levied by banks or credit card companies.

For merchants and ISVs, selecting the right payment gateway is an important decision. Different gateways have different strengths and weaknesses, and the right solution will depend on your unique needs and the merchants and customers that you serve.

 

For more information:  

Is Your Payment Gateway Right for Your Business? 

Top Five Integrations with a Payment Gateway 

Choosing the Right Payment API for Developers 

If you don't grow, you go.

 

Why don’t more executives and their employees invest in self-education? One reason is a time constraint. Another reason: it’s boring. If you carve out time to read a book but you keep falling asleep before you finish chapter one, you won’t learn anything. (Except how to cure your insomnia.)

 

One tactic I’ve implemented to keep my self-improvement quest lively is to periodically (a.k.a. whenever I feel like it) add a sports-related book to my reading pile. I’m sharing with you today one of those books – Everyone’s A Coach: Five Business Secrets for High-Performance Coaching by Ken Blanchard and Hall of Fame football coach Don Shula. Shula is a bonafide sage and has a dry wit that keeps you turning the pages. Blanchard is wise and entertaining as well; quote #29 below is guaranteed to make you smile.

 

Let’s dive into my favorite passages from Everyone’s A Coach … just in time to kickoff the 2018 NFL season!

 

  1. Secret #1 for high-performance coaching: Conviction-driven. Effective leaders stand for something. Never compromise your beliefs.
  2. Secret #2: Overlearning. Effective leaders help their teams achieve “practice perfection.” Practice until it’s perfect.
  3. Secret #3: Audible-ready. Effective leaders, and the people and teams they coach, are ready to change their game plan when the situation demands it.
  4. Secret #4: Consistency. Respond predictably to performance.
  5. Secret #5: Honesty-based. Effective leaders have high integrity and are clear and straightforward in their interactions with others. Walk your talk.
  6. Everything I do is to prepare people to perform to the best of their ability. And you do that one day at a time. – Shula
  7. Blanchard to his employees: If you don’t grow, you go. We all have to strive to continually get better.
  8. A river without banks is a puddle. Like those riverbanks, a good coach provides the direction and concentration for performers’ energies, helping channel all their efforts toward a single desired outcome. – Shula
  9. Great coaches want to win, but they don’t fall apart when they lose. – Blanchard
  10. As long as you have credibility, you have leadership. Credibility is your people believing that what you say is something they can hang their hat on. – Shula
  11. Usually we’re so busy with our tasks, we forget that above all else, what our people get from us is us – our values, our attitudes, our perceptions. – Blanchard
  12. If you find you like coaching, give it all you’ve got. If not, let someone else do it. – Shula
  13. Overlearning: the players are so prepared for a game that they have the skill and confidence needed to make that big play. Constant practice, constant attention to getting the details right every time. – Shula
  14. Overlearning system: Limit the number of goals; make people master of their assignments; reduce players’ practice errors; strive for continuous improvements.
  15. Most organizations overemphasize the goal-setting process and don’t pay enough attention to what needs to be done to accomplish goals. – Shula
  16. Failure is successfully finding out what you don’t want to repeat. – Blanchard
  17. As a coach, if you let errors go unnoticed, you’ll ensure that more of them will occur. – Blanchard
  18. The important thing is not just being intense but focusing that intensity on the things that matter. – Blanchard
  19. It’s not the mood he’s in but people’s performance that dictates his response. – Blanchard
  20. One thing I never want to be accused of is not noticing. – Shula
  21. A significant gap exists between what managers believe motivates employees most and what employees say motivates them. – Blanchard
  22. When a learner makes a mistake, be sure the person knows that the behavior was incorrect, but take the blame upon yourself (“Maybe I didn’t make it clear enough”) and then patiently go back to the beginning and give redirection. – Blanchard
  23. Effective leaders are clear and straightforward in their interactions with others. If people can’t have job security today, they want honesty. – Blanchard
  24. Softening a blow is not one of my gifts. I approach things in a straightforward way – sit down and look the guy in the eye and say, “This is what I think. You may not agree with it. But this is the way I feel, and this is why I am doing it. I know it’s tough to swallow, but I just want you to try to understand what I’m thinking and what my purpose is.” – Shula
  25. Astute business managers know there is no right way to do a wrong thing. – Blanchard
  26. Effective coaches confront their people, praise them sincerely, redirect or reprimand them without apology, and above all are honest with them. – Shula
  27. No matter what situation you are in, coaching others will require new things of you. Dealing with others in a leadership capacity will test your character, especially if your role is a highly visible one. – Shula
  28. A sense of humor permits you to accept criticism without  getting consumed by it. – Shula
  29. I think people in organizations today take themselves too seriously. They all seem to have tight underwear on. – Blanchard
  30. It’s hard to be honest and forthright with folks whose egos and pride are always up for grabs. – Blanchard
  31. You haven’t learned a thing until you can take action and use it. – Shula & Blanchard

 

For more On the Edge content, please visit the Worldpay Partner Advantage website.

 

Jim Roddy is a Reseller & ISV Business Advisor for Worldpay’s PaymentsEdge Advisory Services. He has been active in the POS channel since 1998, including 11 years as the President of Business Solutions Magazine, six years as a Retail Solutions Providers Association (RSPA) board member, and one term as RSPA Chairman of the Board. Jim is regularly requested to speak at industry conferences and he is author of the book Hire Like You Just Beat Cancer.