Credit cards are by far the most common form of online payments. There are about two credit cards per man, woman and child in the US, and among those who have credit cards, the average is about 3.5 cards per credit card holder. Credit card issuers are typically banks and credit unions, and they have done a great job popularizing this method of payment by marketing various credit cards to different segments of the consumer population.
When submitting credit card payments to your gateway, it should typically take seconds to submit a payment and receive an answer. It might take longer depending on traffic, but it usually takes no longer than 10 seconds for the transaction to complete.
Records of inactive credit cards are stored until you delete them in Zuora.
Credit Card Tiers
There are numerous tiers of credit cards, depending on the card brand/network. For example, Visa has Visa Traditional, Visa Traditional Rewards, and Visa Signature. Each of these card types has different levels of benefits, starting from basic features like zero-liability to advanced features like 24/7 concierge services. The cost of accepting these various card types is different for merchants, and in a typical tiered (qualified, non-qualified, mid-qualified) merchant discount rate structure, a merchant agrees to pay more to accept the rewards cards than they would to accept a basic card. Of course, a merchant has little control over the kind of card a consumer pulls out of their wallets to pay, so banks heavily market these rewards cards to consumers, partially funding the rewards with higher merchant interchange, and charging the customer a fixed annual fee for the privilege of earning reward points.
The Card Verification Value (CVV) or Credit Card Security Code (CSC) is the three or four digit number located either on the front or back of a credit or debit card. As a merchant, you can request the CVV/CSC code from cardholders as a way to reduce fraudulent transactions and verify the identity of your customer. The CVV/CSC code can be entered by the end customer and passed to the gateway to authorize the card the first time the payment method is created in Zuora or when a payment method is updated.
This code is not stored by Zuora (and passed for recurring payments). PCI regulations prohibit storing this information to avoid it being accessed by others.
Debit cards are issued by the bank where the cardholder has a checking account, and non-banks cannot issue debit cards. The card's funds are withdrawn directly from the bank account, either immediately (PIN debit) or after a couple of days delay (Signature Debit). Due to the funds being secured against actual bank account funds, the risk of non-payment by the cardholder is lower than that for credit cards, and therefore the cost of servicing debit cards is usually much lower for banks, though that doesn't necessarily translate to lower card acceptance costs for the merchant.
Records of inactive debit cards are stored until you delete them in Zuora.
Signature debit cards are Visa or MasterCard branded cards that are linked to your bank account, and need the cardholder's signature at the time of making the payment, similar to a credit card. Though debit interchange is much lower than credit interchange, merchant account providers typically provide signature debit acceptance at the same cost to the merchant, and many merchants are quite unaware of the difference. Signature debit transactions actually travel over credit rails, as opposed to PIN-debit transactions that travel over debit rails. Signature debit is sometimes called offline debit, because transactions conducted with signature debit cards require 2–3 days to be reflected on users’ account balances.
Signature debit cards carry the logo of their signature network (Visa or MasterCard) on the front of the card, and there can only be one signature logo per debit card.
PIN debit cards require electronic authorization of every transaction and the debits are reflected in the user’s account immediately. The transaction is additionally secured using a PIN that is previously set up by the user. PIN debit networks are Star, Nyce, Pulse, AccelExchange and others. There may be multiple PIN debit networks encoded onto a card, and the logos for each of these networks are located on the back of the debit card.
Credit Card Reference (CCRef) Transactions
Tokenization is the process of replacing sensitive credit card/payment data with unique, generated placeholder, or "token". Tokens have no meaning by themselves and are worthless if a company’s system is breached in any way. For example, if someone’s actual credit card number was 1223 3456 5678 6789, it might become AGDV234MUD54367 when a token is generated. The token is randomly generated and there is no algorithm to regain the original card number.
Tokens do not change how a merchant’s payment is processed. Like credit cards, tokens are used for customer sales, refunds, voids, and credits. Tokenization minimizes the amount of data a business needs to keep and increases the security of credit card and e-commerce transactions while complying with industry standards and government regulations.
Some payment gateways support tokens that can identified as either single-use or multi-use tokens. A single-use token is used to represent a specific, single transaction. A multi-use token represents a specific primary account number (PAN), and may be used to track an individual PAN across multiple transactions. A multi-use token always maps a particular PAN value to the same token value within the tokenization system.
Bank Transfers / Electronic Funds Transfer (EFT)
Bank transfers are a payment method from a customer bank to a merchant bank.
Zuora supports the following direct debit payment types:
- Direct Entry AU (BECS)
- Direct Debit: ACH
- Direct Debit NZ (BECS NZ)
- Single Euro Payments Area (SEPA)
- Direct Debit UK (BACS)
- Denmark Direct Debit (Betalingsservice)
- Sweden Direct Debit (Autogiro)
- Canadian Pre-Authorized Debit (PAD)
Direct debit has specific requirements about how payments are captured, processed for collection, and managed.
ACH, Direct Debit, E-check and others are a form of EFT (electronic funds transfers) and a means of collecting payment from a customer by pulling the funds directly from their bank account and transferring it to the merchant's account. It is referred to by different names in different countries, for example, in the United States it may be referred to as ACH and in the United Kingdom it is called direct debit.
Mechanics of Direct Debit
Direct Debit in all countries is architected using one or more clearing house associations in each country. Some include government bodies (for example, the Federal reserve is a member of the US-based NACHA that processes 60% of US ACH transactions) and others are bank-only associations (for example, US-based EPN that processes the remaining 40% of ACH). These clearing houses adjust credits and debits to all the bank accounts in their member banks based on net settlements. Due to this clearing-house model, direct debit takes 2-7 business days.
Pros and Cons of Direct Debit
One of the most powerful benefits of direct debit payments is that there is a fixed transaction fee, which can be substantially less than the fees for credit card processing. Comparatively, credit card fees are typically based on a percentage of the sale amount. So, if you have a $1000 payment, a merchant could pay $30 in credit card fees (using 3% as an example) or .50 in direct debit fees (using .50 as an example). The cost of a merchant-initiated payment (called a Direct Debit or Preauthorized Payment) is higher than that for a customer-initiated one (also called a remote payment), due to the inherent risks in the latter, but in either case, they are much lower than credit card fees. Zuora supports merchant-initiated Direct Debit.
An important drawback of direct debit is the credibility of the approval process. A credit card transaction is immediately approved for payment, which means that the account is good and there is an available balance. With direct debit transactions, there is no immediate approval for a payment. Instead, the direct debit network will respond with an initial approval or decline after checking the format of the bank account number and transit routing number as well as other specific direct debit information. Similar to checks, you can accept and process the payment, but it takes 5-7 days to know if the payment was rejected (and not settled) or was accepted (and settled) by the bank upon settlement. Rejections may be due to a variety of reasons such as insufficient funds or closed account. The biggest difference between ACH processing and credit card transactions is that, with a credit card transaction, the merchant effectively captures funds from the consumer, with a guarantee of payment, but ACH provides no guarantees.
For the vast majority of merchants, the lower transaction processing costs more than offset the losses from rejected direct debit payments, so it is overall a more cost-effective option.
SEPA (Single Euro Payment Area)
The SEPA Direct Debit (SDD) Schemes allow a merchant (biller) to collect funds from a customer (payer's) account, provided that a signed mandate has been completed by the customer. A mandate authorizes the merchant to collect a payment and to instruct the customer’s bank to pay this collection. Mandate forms are provided by the merchant or service providers.
Apple Pay is a mobile payment method (digital wallet) by Apple Inc. that lets users make payments using an iPhone, Apple Watch, iPad or Mac.
When you add a credit or debit card with Apple Pay, the actual card numbers are not stored on the device nor on Apple servers. Instead, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element on your iPhone or Apple Watch. Each transaction is authorized with a one-time unique number using your Device Account Number and instead of using the security code from the back of your card, Apple Pay creates a dynamic security code to securely validate each transaction.
To enable Apple Pay on your website, see Apple Pay on Web for more information.
Apple Pay is supported by the following payment gateway integrations in Zuora:
- Chase Paymentech Orbital 7.0.1
- Vantiv (Now Worldpay)
- CyberSource, Payment API v2.0
- Adyen Integration v2.0
Contact Zuora Global Support and the Customer Support of the gateway to enable Apple Pay in your tenant.
Google Pay is a digital wallet payment method to support in-app, online, and in-person contactless payments on mobile devices. It enables users to make payments over the web or through Android devices with credit or debit cards stored in their Google account.
Google Pay is only supported by Adyen Integration v2.0 in Zuora for now. This feature is currently only available in the Sandbox environment.
To set up and use a Google Pay payment method on Adyen Integration v2.0, see Set up Google Pay for Adyen Integration v2.0 for more information.
A Digital wallet is an electronic device that allows an individual to make purchases online with a computer or using a smartphone. Digital wallets can be linked to an individual's bank account or used like a credit card.
Only the PayPal Express Checkout and PayPal Payflow Pro payment gateways support the PayPal E-Wallet payment method.
Prepaid Card and Gift Card
All of the payment gateways supported by Zuora (other than PayPal Adaptive) support prepaid card and gift card payments. This includes payments from Visa, MasterCard, and Amex.
Understanding How Prepaid and Gift Cards Work
Offering a variety of different payment methods allows you to reach more customers. However, it is important to understand how these different payment methods work and differ from one another. For example, prepaid cards and gift cards have a cash value that is added to the card. Once the cash value is fully utilized, the card is maxed out and no further payments can be charged to it. The customer cannot spend any more than the value on the card, and there is no credit check (authorization) performed on their account when processing payments against these types of cards.
If your company accepts these types of cards, ensure you have a workflow in place that handles failed payments and card rejections so that you can alert customers and request an alternative methods. If your company does not wish to accept prepaid or gift cards for recurring payments, it can be challenging to identify these cards in order to stop them from being accepted. Pre-paid and gift cards look and work very much the same as credit cards.
Here are a couple things you can do to prevent your application from accepting these cards as it would a credit card:
- Check AVS and decline transactions where AVS does not match.
- Check the Bank Identification Numbers (BINs). BIN tables/lists are generally located online and you can reject payment methods on the BIN list for pre-paid or gift cards.
Wire transfers permit highly secure real-time or near-real-time transfer of funds between bank accounts using a network like Fedwire (US) or Swift (international). The difference between wire transfers and Direct debit or other clearing-house models is that the funds travel directly from one specific account to another, as opposed to being part of a bulk settlement between banks. The other advantage is that wire transfers allow international (cross-border) payments, which clearing-houses operate only within the borders of the country in which they are domiciled with the exception of Europe, where SEPA (Single Euro Payments Area) allows for cross-border transfers.
Banks charge both, the sender and the recipient. The sending bank typically collects a fee separate from the funds being transferred, while the receiving bank and intermediate banks deduct fees from the money being transferred so that the recipient receives less than what the sender sent.
Payment Method Acceptance
Merchants often face the question about what methods of payment to accept. Consider the following factors when deciding on which payment methods to accept.
Would I get a sales boost by accepting an additional form of payment? American Express typically tends to have a higher acceptance cost than MasterCard and Visa. However, for many merchants (for example, airport vendors), it makes economic sense to accept Amex rather than lose potential sales to high-spending affluent individuals who prefer to rack up rewards points or miles on Amex, or road warriors armed with expense-accounts whose companies institute policies mandating the use of Amex for reimbursable expenses. They would rather pay slightly more in card fees than lose a big sale. Of course the math works differently for merchants who sell low-ticket items, or operate stores in locations that are not frequented by this kind of customer. And if some of your customers do not have credit cards, or prefer not to use them, alternatives like ACH are likely good investments.
Cost of Acceptance
Some forms of payment are costlier to accept than others. For example, Amex Credit often costs more than Visa Credit, which in turn (depending on your specific contract), could cost more than Visa or MC Signature Debit cards. Balance this against the opportunity cost of not accepting the card (see above).
Fraud and Chargeback Rates
Cost of fraud, while not significant except in certain industries (for example, travel), is an additional consideration when doing a cost-benefit analysis. Some methods of payment tend to have lower chargeback rates that can be attributed to cardholder demographics, usage scenarios (online vs offline), and merchant industry.
Days to Funding
Some methods of payment include a holdback amount, or have a longer interval between when the transaction is settled by their processor and the funding/crediting of their merchant bank account.