The Mercury Mindset

It’s that time again. After much preparation, we’re heading to Vegas to participate in RSPA’s RetailNow 2010. We look forward to it every year, not just because of all the fun, food, and entertainment to be had in Las Vegas, but also because we get to see so many of our great partners in the retail industry.
RetailNow is the mecca for upcoming industry trends and emerging technologies. Attending the expo gives us a great opportunity to connect with our partners and learn about their latest developments and challenges. Exhibiting at the expo gives us a chance to share our latest developments in turn. This year our hot topics are our new MercuryGift Card Cash Program for resellers and our suite of MercuryShield security solutions.
Catch up with us at our booth, our meetings, or our VIP party!

Dealer Meeting
Monday, July 26
3-4:30 p.m.
Jasmine EFG
Attend our meeting to learn about the latest products, meet our executive team, and participate in a Q&A session.

VIP Party
Monday, July 26
6-10 p.m
Eyecandy Lounge
Come relax with an open bar, food, music and fun. It’s our treat!

Expo
Booth #501
Tuesday, July 27
Wednesday, July 28
Stop by the booth to register for hourly giveaways including iPads, monthly residual boosts, and marketing packages.

Sales Meetings
July 26-28
Meet with a Mercury representative to discuss topics that are important to you, and formulate a strategy for increasing your sales.

Follow us on Twitter for real-time updates on conference events, and be the first to know about prize giveaways at the booth. If you haven’t registered for any of our events yet, don’t worry. You can still receive a MVP All Access Badge for Mercury events during the show. Just ask. Hope to see you there.

Keynote speaker Ian Morrison at the HFMA 2010 ANI Conference

The 2010 Healthcare Financial Management Association (HFMA) 2010 ANI Conference was the first since the healthcare reform bill was signed. The discussions were disconcerting, challenging and inspiring.

Speakers included doctor and former Senator Bill Frist, Pulitzer Prize-winning columnist George Will, and healthcare consultant and author Ian Morrison. All three keynote speakers painted a picture of U.S. doom, and gave their take on the shortcomings of the healthcare reform. They challenged us in the healthcare financial community to “bend the cost curve” for the U.S. and lead the way in the next decade of change.

Dr. Frist gave an insightful but conflicting keynote that challenged healthcare financial leadership He noted the U.S shortage of primary care physicians and warned that it will worsen over the next decade. He rhetorically asked, “Why would new doctors want to pursue a primary care career, when that career will have pay cuts and the almost certainty of two lawsuits over five million dollars?”

Frist forecasted a U.S. debt beyond recovery. “In about 10 years, if the rate of growth in our nation’s debt level continues at its current pace, the level of debt will be equal to 100 percent of our economy.”

Although he praised President Obama in accomplishing what no other president has done, he minimized this accomplishment when it fell short on the task. He believes that President Obama failed to address how to implement the Healthcare Reform Bill. When asked how he would have voted for the bill if he was still in Congress, he stalled, danced, stuttered and finally said he would rather not answer. But eventually, he did. He said he would probably not vote for the reform bill. Doctor Frist started his keynote as a healer and finished as Senator Frist, the politician.

Columnist George Will described Americans as having developed a “culture of dependency” leading us into a “welfare state.” Will described a dismal outlook for the U.S. economy due to “American demand for entitlements.” He too challenged the healthcare financial community for leadership. He claims that this will be “ground zero of our coming problems with the welfare state.” His pessimism implied that the healthcare industry needed dramatic change but then he suggested that the healthcare reform bill take a slower path due to the “law of unintended consequences.” He said, “It’s this (American) culture of dependency on government and the feeling of entitlement that must be overcome if we are to lower the costs of healthcare in our country.” He chastised Americans when he stated, “There is something wrong with the displaced sense of personal responsibility.”

Ian Morrison, healthcare consultant, futurist and author of the book, “Healthcare in the New Millennium,” described the U.S. as “being on an unprecedented reform roller coaster.” He opened his keynote by renaming the healthcare reform bill as the “insurance reform bill.”

Morrison described America’s untenable demand for the “holy trinity” of healthcare – unlimited access to healthcare, the highest quality of healthcare, and maximum security to always receive healthcare. He claims that droves of physicians are reaching out to hospitals to employ them and relieve them of the burden of the business of healthcare.

With the pending changes to Medicare, hospitals will be challenged on cost management. Hospitals will not remain profitable on Medicare reimbursement alone. Morrison encouraged bundling healthcare payments to include physician services, surgical procedures and hospitalization costs. He cautioned hospitals to gain strong competency to manage risk. The reform initiatives include new Accountable Care Organizations (ACO).

According to Morrison, “Their goal is not just integrated care, but accountable care,” for higher performance and higher quality of care. He challenged healthcare leadership for, “Speed, agility, flexibility and experimentation,” to develop under this new reformed healthcare environment.

The highlight for me was the message from the CEO of HFMA, Dr. Dick Clarke, to “step up” and adopt his proposal for reform strategies. Clark demonstrated his leadership for the healthcare financial challenge with the new HFMA MAP Keys. Clark described HFMA MAP Keys as the new standards for revenue cycle excellence. These keys define the indicators, offer resources to track and improve performance, and honor excellence. He suggested strategies to stay abreast of new regulations, to develop planning teams to address the impact of new laws, and to develop key competencies in physician integration, risk management, cost, and pricing improvements.

I commend Clark and the HFMA initiatives to step up to the challenges for healthcare change. I also agree with Will. We are at “ground zero,” not for the coming of a welfare state, but for the coming of a healthier U.S.

Authorization, the process for a card issuer to approve or decline a transaction, is a necessary part of accepting credit card payments. An authorization code indicates that funds are available and the card has not been reported stolen. Obtaining an authorization code does not guarantee payment since an approved transaction can still be reported stolen, disputed and/or result in a chargeback. The tips below can help merchants protect their business against fraud and chargebacks.

Settlement

Authorization codes are typically only valid for 30 days. It’s extremely important to settle batches at the end of each night.  If a batch is forgotten, it’s possible that transactions will not be finalized before they expire. Daily batch closure will help to avoid unnecessary transaction downgrades and ensure timely funding.

E-commerce or MO/TO (Mail Order/Telephone Order) authorizations are only good for 7 days. When authorizations have expired, a new authorization approval must be obtained. Settling authorizations past their expiration increases the chargeback risk.

Gratuity

Never estimate a transaction or tip amount. Merchants are protected up to 20 percent of the base ticket amount for a tip on Visa and MasterCard and 15 percent on American Express.  In the event the tip amount exceeds 20 percent, an additional authorization should be obtained to avoid potential chargebacks. Never give cash back for any amount included with the tip.

Bar and Restaurant Tabs

Currently there is no Card Association-accepted or designated method for running bar tabs.  Obtaining a preauthorization to open a tab is not allowed. Preauthorizing makes the specified amount unavailable to the cardholder until the authorization falls off in several days. If multiple authorizations are processed, the cardholder could have their funds held up on an account for several days until the authorizations fall off.  This scenario often results in cardholder complaints. Restaurants and bars should only authorize cards for known purchase amounts

Voice Authorizations

Occasionally, additional information may be requested from the card issuer at the time of an authorization request. The issuer may send a response asking for the merchant to call a voice authorization center. If a response of “Call ND” or “Call AE” is received, the merchant must call the corresponding phone number for an approval:

Voice Authorization Numbers

Visa/MasterCard/Discover  1-800-944-1111

American Express  1-800-528-2121

The most common reasons to get a voice authorization are:

-Card doesn’t swipe

-Large transaction

- Power outage or lost connection to authorize through the POS/ terminal

-Suspect Fraud

If a valid authorization code is obtained, the transaction must be processed through the POS/terminal with the transaction code that was given. Never input a code as an authorization not received from the Authorization Center.

Following these guidelines can save merchants money by protecting them from downgraded transactions, fraud and chargebacks, and ensures compliance with the Card Association rules.

Every business relationship is formed with the expectation of benefit. We want to know what’s in it for us. Will we realize increased sales? Higher profits? New competitive advantages that complement our product and service line?
Most of the time it’s easy to run the numbers and measure the return we’re getting through the relationship. But what’s the value of something like free marketing materials?
Assuming the free stuff is professionally designed and produced, is easy to co-brand with your business logo, and it actually works for you, one way to measure the value is to look at what it would cost if you had to come up with it on your own. The typical scenario goes something like this:
Meeting #1. 30 minutes. You and a couple other people from your office. What is your time worth?
Meeting # 2 because there were no concrete decisions at Meeting #1. 60 minutes. Brought in another idea person, so now four people from your office are involved.
Decision. Print 30 8 ½ X 11 full color sales flyers and 180 8 ½ x 3 ¼ full color statement stuffers.
Call printer. Too confusing to handle by phone. Go to printer. Give them your scribbled notes. Explain in detail what you need. Another two hours of your time.
Wait seven working days for graphic designer to come up with initial mock-ups. Review mock-ups. Yuck. Start over. Another hour of your time.
4 days later. Better. What will it cost to print? For your quantities (too small for the press), the printer will use a color copier. At $2/sheet, estimated cost is $60 for the sales flyers, $120 for the statement stuffers (3 to a page), plus $480 for graphic design (12 hours at $40/hr. average) and cutting the statement stuffers ($10).
Hard cost? $670
Man hours? 8½. How much could have been billed out if you and others from your team weren’t occupied with this task?
Lost time? What’s the value of the other things you could have gotten done?
Lost opportunities? How many prospects did you see who should have gotten these sales flyers?
When you break it down like this, the value of free marketing collateral becomes quite clear.

What do you think?

As the healthcare industry expert for Mercury, I get asked by dealers all the time, “How do I get started?”  It may seem daunting to enter a new market, but looking at your past successes and strategies can give you some great insight into how to start.  Ask yourself some key questions:

How have you been successful in the past?

Have you sold to specialty markets or sold to all markets?  I like to divide and conquer by specializing in multiple segments.  Each segment has its own specialized needs, terminology and products.   Healthcare in general is a huge market, but it can be broken down into segments.   Retail healthcare segments include pharmacy, vision care, veterinary, and durable medical equipment (DME) sold by orthopedists, chiropractors and podiatrist. They sell inventory just like other retailers and normally bill immediately. 

General and specialty healthcare practices sell services and bill in a revenue cycle collecting from government and commercial insurance then directly to the patient.  There are other healthcare segments also such as medical therapy, labs, dental, Lasik, cosmetic surgery, and many other specialists.  Of course, there are the big targets like hospitals, medical centers and long term care facilities with diverse needs from hospitality, food services, gift, practices, labs, therapy and more.

Understanding the needs of the different segments can help you determine an appropriate target for your business.    

What products do you sell today? 

Are your manufacturers pursuing healthcare?  Most manufacturers of POS keyboards, printers, barcode readers, and monitors have been offering or vying for a healthcare offering.  ScanSource has recently released its healthcare website with great information on healthcare hardware.  I suspect many of the manufacturers you sell today are posting their healthcare offerings.  Could you expand your offerings without seeking out new vendors to start? 

How do you acquire you expertise, your unique selling position and your confidence to sell to your current targets?

 Did you jump into the cold new waters or did you research?   I learn from the internet, trade shows and from the streets.  The internet is a non-threatening means to learn terminology, acronyms, concepts and buzzwords.  When you type in search words, you learn more search words and resources.  I learned about the HITECH Act and ARRA incentives to practices to buy new technology.  I learned about HIPAA for healthcare security. I studied the new medical technology standards called CCHIT. These resources refined for me the problems and solutions. And then my understanding and confidence grew.  After learning basic concepts, I went to local trade shows to ask, but not to sell. I listened and learned.  I learned not to use terms like “customer” but patients; not “merchants” but practices and clinics; not “sales cycle” but revenue cycle.   I also learned about super bills, 835/837’s, automating CPT code entry, ePrescribing requirements, HL7 standard for healthcare interchange language, and deductible balance estimating.   Some national healthcare associations have national and regional conferences that can greatly accelerate your learning curve and may even produce some new products, services …and maybe some leads.  Check out HIMSS (Healthcare Information and Management Systems Society), HFMA (Healthcare Financial Management Association), and MGMA (Medical Group Management Association).  Of course, you can find associations and conferences for the other healthcare segments such as dental, pharmacy, and veterinary.

How do you confirm what others say …will sell? 

I take my sales jacket off and put on my research jacket and go to the streets.  I asked my own doctor what software he uses, how does he prevent delayed patient payments and write-offs, and what did he think about the new healthcare reform with 32 million new patients?  Immediately, he winced until I told him I was not selling anything, but I needed his help. Then he opened up.  I knew I had to stay in research mode, not shift to my selling mode.  I had to suppress my “know it all” attitude and sincerely show my “help me” attitude. From there, I asked …and listened to my vet, my dentist, my eye doctor.  I recently asked a fellow airplane traveler who sold to dentists.  He has over 1000 dentist customers in southern Colorado.  That could be a career of prospects.

 I also learned a key lesson from my son, a doctor.  He told me “doctors spent a third of their lives and over $150,000 in education…just to learn how to help people, not to run businesses.  Doctors know they are under pressure to add new technology to follow new regulations. They sense their practices’ profitability is shrinking from Medicare reductions, insurance denials and patient payment write-offs.” 

Many healthcare providers are threatening to get out of their own practices due these changes. To me, this sounds like businessmen with needs, who have no time to waste on weak value propositions.  If we present a strong value, they will buy!

The bottom line is, educate yourself on the healthcare industry in as many ways as you can.  Knowledge is half the battle and the strategies you’ve used to succeed in the past can help you here as well.  Mercury is here to support you, I’m here to support you, and together we can get a toehold in this surging industry.

Card-not-present transactions, such as mail, telephone, fax and e-commerce transactions pose the greatest risk to merchants for chargebacks and fraud. Merchants can help reduce these risks for card-not-present transactions by following these suggested best practices:

• Obtain an authorization. Visa authorizations are valid up to seven days and MasterCard for up to 30 days. Transactions need to be completed within these time frames or the authorization will expire and a new one will have to be obtained.
• Obtain the cardholder’s billing and shipping address and also obtain address verification (AVS ) on the billing address. AVS is a simple check that compares the address provided by the customer to the statement billing address. AVS will provide a response code, which should be checked by the merchant for a match. A shipment to an address different than the AVS approved address jeopardizes the merchant’s protection from chargebacks. Whenever possible, a merchant should utilize a delivery option that allows for obtaining a cardholder signature for shipment receipt.
• Merchants should perform Card Verification Value (CVV) verification on their POS or terminal. This is a 3-4 digit number that is printed on the back of the card and can be verified with the issuer during authorization. Merchants should record and retain the one character result code. However, the CVV number should never be recorded or stored.
• Always ask the customer for the expiration date of the card. This is just another way to verify the customer is in physical possession of the card at the time of the transaction.
• Complete a sales draft. This should include a brief description of goods sold and the sale amount. The sales draft should be provided to the cardholder with the shipment. Whether the sales draft is provided to the cardholder via mail or email, the entire card number should never be present. The card number should be truncated to only display the last four digits. The expiration date of the card should also be truncated or masked.
Implementing these suggested procedures will help reduce fraud and chargebacks. For more information on how to prevent chargebacks, review Visa Card-Not-Present Merchant Guide to Greater Fraud Control.

The National Restaurant Association Show in Chicago, May 22-25, is a great place to gather merchants, resellers, and POS developers together in one place. Everyone has something to gain by learning about the latest trends, technologies, and creative business solutions. That’s why it’s one of our favorite events.
We are exhibiting in booth #5567 and look forward to meeting with our existing partners, and hope to make some new ones as well. Developers attending will be among the first to learn about our suite of new security products.
Mercury has several new security technology solutions for POS systems that reduce risk and the costs of PA-DSS compliance. Several members of Mercury’s team will be on hand to discuss the new solutions, as well as our many other value adds.
If you are attending, be sure to stop by our booth and enter the drawing for a GPS navigation system. Have fun in Chicago, everyone!

The following questions were asked by Business Solutions Magazine for their article “Q&A: Cash In On PCI Compliance Opportunities.” The responses here are made by Lucas Zaichkowsky, Mercury’s Senior Compliance Technologist.

1. What trends do you see with ISVs concerning the July 1, 2010 deadline?
Software vendors will continue to see the pressure increase from merchants and VARs to be PA-DSS validated and listed on the PCI Security Standards Council website. Most of today’s pressure comes from the marketplace as salespeople with a compliant solution try to win new customers by educating merchants on the mandates. Once Visa begins enforcing the mandates by levying merchant fines, merchants will become more responsive. There is also pressure for lower cost solutions that meet Visa’s PA-DSS mandates. Not all merchants can afford to replace their entire system. If developers add support for end-to-end encryption (E2EE) peripheral devices to their legacy software, merchants will be eager to replace card readers to meet the mandates.

2. What is the most important trend in card processing that VARs should be aware of?
PCI continues to be a sore point. PCI concerns will drive the development and adoption of scope reduction and removal technologies. Using PA-DSS validated software is not
enough to stop card data theft. Merchants still get compromised if their network and system configuration is insecure and criminals get credit card data out of computer memory as cards pass through the system. End to end encryption supported by payment processors and gateways will eventually become a standard feature for card readers, key pads, and PIN pads. Online ordering solutions will increasingly adopt hosted payments solutions so they are not handling sensitive credit card data in their own servers.

3. What can VARs be doing to take advantage of the short time remaining until the deadline?
VARs are already leveraging Visa’s PA-DSS and PIN pad TDES mandates to convince merchants to upgrade their system. While they are on-site, I suggest they ensure the system is up to their current more secure configuration. There are many older installations out there still running insecure remote access and remote desktop software. When merchants are compromised due to an insecure setup done by the VAR, it can result in lawsuits against both the VAR and the ISV.

4. Once the deadline passes, will there still be PCI compliance opportunities for VARs? Will ISVs still have to spend time and resources on PCI?
Trying to secure every merchant system and network to all PCI requirements may always be an uphill battle. Merchant systems will always deal with malware and hacking incidents. As long as there is card data passing through the system in plain text, they will be heavily targeted by criminal hackers all over the world stealing card data from business systems. Historically, small businesses that have lost card data have paid an average of $36,000, and this may continue to hold true for the future.

It’s much easier and safer to deploy encrypting card readers, keypads, and PIN pads supported by the payment processor. The advantages to this strategy are that (1) ISV and VAR involvement and liability is significantly lowered and (2) merchants can focus on addressing other security points, such as employee skimming and making sure any third party companies handling card data for them are compliant (e.g. online ordering), for example.

5. What is one of the most misunderstood/underestimated requirements of PCI DSS?
There is a list of PCI misunderstandings a mile long. The PCI Data Security Standard requirements apply to merchants and service providers. Service providers are companies handling card data in their systems on behalf of merchants. One of the most misunderstood and underestimated PCI DSS requirements is requirement 12, “Maintain an Information Security Policy.” A policy is designed to specify “what” is being accomplished. Procedures spell out “how” policies are implemented. All businesses need policies, procedures, and the will to follow them consistently. PCI DSS compliance can only be maintained as a business operates by following procedures designed to maintain compliance as set forth by a policy. Even companies that are validated can fall out of compliance easily by not adhering to their policies and procedures. This is how PCI validated companies can end up being compromised.

6. Are there steps/technologies someone (card issuers, acquirers, gateways, VARs, ISVs, merchants, etc.) can take/implement that would solve PCI compliance once and for all? E2EE from peripheral devices to the payment processor is as good as it gets. Peripheral manufacturers will need to make sure their devices are temper proof. Payment processors and the payment processing industry behind them will probably always need to handle plain text card data and deal with full PCI DSS compliance. It is inherent to the system since there are so many card-issuing banks. Even if the system was changed to something like EMV,which replaces the magnetic stripe on a card with an electronic chip that cannot be duplicated, card data can still be stolen and used for card not present fraud or in merchant stores and countries still accepting magstripe-swiped, “card present” payments.

7. Are there any benefits to VARs/ISVs attending a show like ETA?
Attending a show which is dedicated to serving the ISV and VAR community, like RSPA RetailNOW or NRF, is an excellent opportunity for resellers and POS developers to gather knowledge on new business trends, emerging technologies, and best business practices, including PCI Data Security Standards.

8. What other information concerning PCI is important for ISVs and VARs to be aware of?Always seek scope reduction and elimination technologies as your first step. Scope reduction is the path of least resistance. It is much easier to get rid of the data or to make it useless to thieves than it is to keep systems and networks compliant to all PCI DSS requirements 24/7/365.

Spring is the season of renewal, regrowth…and conferences!

Mercury Payment Systems will be on hand at a number of upcoming tradeshows to discuss new products and services and connect with POS dealers and developers. Take a look at our calendar and let us know if we will see you there, too.

APRIL
Microsoft Convergence 2010
April 24 – 27
Atlanta, GA
Booth #1243

Microsoft Dynamics RMS & POS Partner Conference
April 27 – 28
Atlanta, GA

Maitre’D 2010 Conference
April 26 – 27
Chicago, IL

Simple Simon’s Pizza conference
April 27
Tulsa, OK

Keystroke Point of Sale 2010 Dealer Summit
April 29 – May 1
Frisco, Colorado

MAY
NRA Show 2010
May 22 – 25
Chicago, IL
Booth #5567

Rocky Mountain Chocolate Factory National Convention
May 19 – 21
Scottsdale, AZ

JULY
RSPA RetailNOW
July 25 – 28
Las Vegas, NV
Booth #501

What other conferences or tradeshows are you attending this year? Contact us to see how Mercury can help improve your presence at these events.

Mercury has a lot of great partners, including dealers who work hard to provide exceptional service  to our shared  merchants, and developers who share our commitment to delivering superior integrated payment processing. 

In an effort to publicly recognize exceptional partners, Mercury has created the Top Partner Awards program.  The following resellers and developers earned the honorable distinction of Mercury Payment Systems’ 2009 Top Partner:

Hospitality Reseller
Platinum:  CRS Texas, Houston, TX
Gold: Sunrise Technology Systems, Inc., Louisville, KY
Silver: RJZ, Ltd. Crescent Business Machines, Kenner, LA

Hospitality Developer: Future POS, Butler, PA

Retail Reseller
Platinum: POSitive Technology, Germantown, MD
Gold: J.D. Associates, Leominster, MA
Silver: Diviasoft, Inc., New Brunswick, NJ

Retail Developer: ECR Software Corporation, Boone, NC

We chose three POS resellers and one developer partner in two categories:  retail and hospitality. The hospitality and retail resellers with the most new processing merchants and total new merchant processing volume for 2009 were awarded in three categories: platinum (11 or more employees), gold (4 to 10), and silver (3 or less). The hospitality and retail developers with the most new processing merchants in 2009 were also awarded.

We congratulate our 2009 recipients for their commitment to providing the best POS solution to their merchants.