Trends & Tactics

AmEx Opts for Small Merchants

No longer a card brand accepted mainly in hotels, restaurants, upscale stores, and on airlines, American Express Co. is stepping up its efforts to add small merchants to its acceptance base. AmEx late last year began testing a program called OptBlue that gives partner merchant acquirers greater freedom than they had in an older program called OnePoint.

“We’ve been thinking how to evolve the program to get these acquirers to dramatically accelerate closing merchants to accept American Express, selling American Express,” AmEx vice chairman and president Ed Gilligan said at a Feb. 10 investor conference sponsored by New York City-based Keefe, Bruyette & Woods Inc.

Under OnePoint, which began in 2007, partner acquirers signed merchants, provided servicing, and consolidated statements, but AmEx owned the merchant relationships and set the pricing. With OptBlue, the acquirer owns the relationship, services the account, takes the credit and chargeback risk, and sets pricing based on wholesale rates provided by AmEx. As with OnePoint, an OptBlue merchant receives a consolidated statement showing activity on all the card brands it accepts.

OptBlue is for merchants that do up to $1 million in annual AmEx volume. Above that threshold, AmEx has the right to take over the relationship.

AmEx has six announced OptBlue partners: Heartland Payment Systems Inc., Global Payments Inc., Vantiv Inc., WorldPay, TransFirst LLC, and JetPay Corp. JetPay and TransFirst are live.

For acquirers, OptBlue is a new service to offer as competition for merchants increases, Gilligan said.

“We’ve evolved our thinking and, two, the market has changed,” he said. “A company like Square has changed the market so that these bigger acquirers now want to aggressively protect their turf, maybe, but [also] have more value they can offer their merchants.” He later added: “Market readiness for this deal was very high.”

Gilligan said that starting next year, AmEx expects the number of merchants signed under OptBlue will grow by about 50% annually for several years. “We’re very optimistic about that,” he said.

AmEx does not disclose the size of its merchant base, and Gilligan said the company is not trying to achieve parity with the Visa-MasterCard merchant base, which numbers about 8 million in the U.S.

With OptBlue acquirers free to set merchant pricing, AmEx’s average discount rate, typically the highest of the four major brands, could face downward pressure, but Gilligan expressed no worries.

 

“We would expect a small decrease in our global discount rate, which would be more than offset by more volume coming on from spending from customers at these new merchants,” he said. The company doesn’t disclose U.S. rates.

Berwyn, Pa.-based JetPay’s JetPay Payment Services subsidiary in November became the first processor to perform an OptBlue transaction, says unit chief executive Trent Voigt. That sale occurred at a Miami restaurant.

AmEx is now a standard part of JetPay’s new merchant contracts, which also include Visa, MasterCard, and Discover acceptance. While they have the option to refuse AmEx, most of JetPay’s new merchants are taking the brand because of favorable pricing, one-stop service, faster funds availability, and consolidated statements, according to Voigt.

“Merchants absolutely love it,” he says, adding that JetPay is now working to add AmEx acceptance to existing merchants.

AmEx’s rates for acquirers are based on merchant category code and the size of an individual transaction, according to Voigt.

In 2006, Discover Financial Services launched a program to enlist bank card acquirers as sales channels for Discover acceptance. The program now has about 100 partner acquirers, and Discover credits it with bringing its merchant base to near parity with the Visa-MasterCard base.

—Jim Daly

Merchant Customer Exchange: No ‘Head Fake’

Merchant Customer Exchange, the retailer-controlled mobile-payments network, took another step toward launch last month when it announced a deal with Paydiant Inc. to use the startup wallet provider’s technology at member merchant locations.

Dallas-based MCX also said Wendy’s International LLC, the hamburger chain, and regional grocery chain Acme Fresh Market have joined the network, which, though not yet operational, includes merchants accounting for about $1 trillion in payments annually, according to MCX.

The deal with Paydiant represents a major step forward for both companies, sources say, lending further credibility not just to the trend toward mobile payments but also to the concept of a merchant-controlled network. “It’s a big deal for us,” says Chris Gardner, a cofounder of the Wellesley, Mass.-based company. “MCX represents roughly one-third of U.S. payments volume, so they certainly represent critical mass.”

While MCX officials were not available to comment beyond the company’s press release, one expert observer says the deal should help the 2-year-old organization realize its ambitions to cut transaction costs from the major card networks. As of mid-February, MCX had not yet announced when it will begin processing transactions.

“This [deal] is really significant,” says the expert, who asked not to be identified. “It’s a brilliant way for [MCX] to enter the market.”

Paydiant, whose biggest client up to now has been the Subway sandwich chain, provides technology that allows smart-phone users to pay for goods at the point of sale, typically by generating a bar code linked to payment credentials stored on cloud servers. The company is not wedded to bar codes, however, and says it can support alternative linking mechanisms such as near-field communication and Bluetooth Low Energy.

Paydiant offers the technology on a white-label basis, meaning merchants can brand the wallets however they like. It also offers application programming interfaces (APIs) to ease integration for retail operations.

Using these APIs, merchants can offer mobile wallets and run Paydiant-derived transactions without changing out existing point-of-sale equipment, establishing a so-called front end for MCX.

On the critical back end, where transactions get routed and settled, MCX could use its relationship with Jacksonville, Fla.-based processor Fidelity National Information Services Inc. (FIS) and its new PayNet system to run settlement with financial institutions holding users’ accounts, the expert speculates. He expects MCX to exclude the major card brands from its wallet and rely on proprietary payment “cards” linked to the automated clearing house network.

Another mobile-payments expert, James Wester, says by email that Paydiant’s own relationship to FIS could also come into play. “It’s one of those announcements where everything makes sense for all parties,” says Wester, research director for global payments at IDC Financial Insights. “Paydiant has quietly built a very smart white-label solution. It fits well with what MCX is trying to accomplish and pushes that effort forward as they try to go to market.”

The deal with Paydiant, however, is not exclusive on either side, says Gardner. “This space is moving too quickly” for exclusive tie-ups, he says.

Founded partly in reaction to large merchants’ dissatisfaction with major-brand card-network costs, MCX has had a long gestation, but now appears to be gearing up for a launch. Some more cynical observers, indeed, had thought until recently the joint venture might have been chiefly meant to serve as leverage to wring pricing concessions out of the card networks.

“I thought this [MCX venture] was all a head fake, but it appears they’re actually building it,” says the mobile expert.

In July, MCX hired former Barclaycard US executive Dekkers Davidson as chief executive and since then has added a number of major retail brands. So far, some 59 companies from a variety of retail categories are listed on its Web site, including the latest additions of Wendy’s and Acme, with the implication that the consortium includes other merchants not listed.

And the more merchants MCX recruits, the less volume could be available for Isis, Google Wallet, and other competing wallets. That’s because MCX reportedly requires member merchants to commit exclusively to its wallet, effectively walling off some major retail companies.

—John Stewart

Good News: Higher Small-Merchant PCI Compliance

While the payments industry grapples with yet another rash of card-data breaches, independent sales organizations and other acquirers are reporting greater compliance among their small merchants with a key data-security standard.

Close to 60% of ISOs and other processors are reporting compliance rates of 40% or better among their portfolios of so-called Level 4 merchants, up about five percentage points from a similar survey a year ago, according to a survey released by Atlanta-based security-solutions vendor ControlScan Inc. and the Merchant Acquirers’ Committee, a risk-management organization for ISOs and financial institutions.

The survey, conducted last fall, surveyed acquirers about compliance with the Payment Card Industry data-security standard (PCI) and other risk-management topics related to small merchants. Level 4 refers to merchants that process annually up to 1 million in-store card transactions or fewer than 20,000 online card transactions. Some 139 acquiring officials responded.

PCI compliance by small retailers is considered critical because, despite the headlines generated by breaches at Target Corp. and other big merchants lately, most hacks occur at small merchants, which are seen as more vulnerable to attack and less focused on security.

Indeed, among acquirers responding to the ControlScan-MAC survey, some 37% reported at least one merchant breach in 2013, representing a 23% increase over the number that reported one or more breaches in the 2012 survey. Of those reporting a breach in the latest survey, nearly two-thirds said more than one portfolio merchant was attacked.

Perhaps reflecting this increased risk, ISOs and other respondents said risk reduction is now their biggest goal with PCI programs, displacing revenue generation, which was the number-one rationale for such programs last year.

The great majority of respondents (95%) offer some sort of program for their merchants to help them comply with PCI. But while compliance may be up, how acquirers administer these programs varies widely. Only 10% manage their programs in-house with proprietary technology. Fifty-six percent manage the program themselves but rely on outside technology, while 30% outsource their programs entirely.

More than half (54%) roll out their compliance programs to their entire portfolio at the same time, while only 11% segment their portfolio, focusing their programs on their riskiest merchants first before rolling it out to others. The latter approach allows acquirers to “significantly reduce business risk early in the rollout process,” according to the survey.

While acquirers may have lowered the priority for revenue generation, more of them now levy fees for both compliance programs and for noncompliance, according to the survey. One-quarter now assess more than $100 per year for their compliance program, up from 16% in 2012. Meanwhile, nearly two-thirds now charge noncompliance fees, up from 60% in 2012 and 52% in the first ControlScan-MAC survey in 2011.

—John Stewart