more-arw search

Q&A Forum

Leveraging electronic payments to reduce costs while mitigating the associated risk

Scott Gunn's Profile

Just like most treasury professionals.  I have been challenged by senior management to better leverage electronic payments in terms of the efficiencies (reducing costs and improving DSO) in terms of sending and receiving electronic payments.

A main issue that I have is balancing these efficiency gains with the risk associated with sending and receiving various types of electronic payments (ACH, International Electronic Payments, credit cards, purchase cards, PayPal,  GoogleCheckOut, Amazon Payments, etc) . I am hoping that others are willing to share successes in leveraging electronic payments while effectively mitigating the associated risk and in terms of payments risks (PCI compliance, etc.)

Answers

Fred Dempster
Title: Principal
Company: DemTat dba RMA
(Principal, DemTat dba RMA) |

Scott,
Most if not all of these (add Bill Me Later) are all mainstreamed as to overall risk exposure, but you do need to understand them and the T's & C' of the contracts. Not sure where you are or what you are selling (e,g, B2B, B2C) but there are plenty of resources. I have worked with PSP firms (Payment Service Providers) who look to wrap up many of the options into one face to deal with.

I am interested to see what experience others bring forth...

Research & Downloads: Globalcollect.com (if International)and Cybersource.com

Jeff Taylor
Title: CFO
Company: Communications Co.
(CFO, Communications Co.) |

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml. The Payment Card Industry Data Security Standard (PCI DSS) is THE standard for securing payment information and transactions. It has both online and offline elements and these elements touch everything from your processor to your back office policies and procedures. That sounds scary, but it's really not.

Read the document! It's actually not very long and it's a pretty quick read. I was expecting a nightmare when I first read it (given a directive from my CEO while building out electronic payments for our company) but it was shorter than I expected and more straightforward. And like anything, once you ahve done that initial homework you can quickly understand what you need to do as a company and get people behind it.

I have had Accounting Managers and Corporate Controllers (at different companies) ride herd over this process. You do want someone with credibility in the organization who is methodical and detail-oriented because PCI crosses the organization and will require a lot of "box checking".

Finally, if you need outside help, I do know that there are a lot of consultants (and firms) that do this sort of thing for companies, although I have not used them so sorry I can't help with a reference here.

Bruce Heron
Title: Regional Finance Director
Company: LeasePlan Corporation N.V.
(Regional Finance Director , LeasePlan Corporation N.V.) |

I agree with Jeff's comments above. On the payment outflow process if you really want greatest efficiencies (with control) then depending on which country you operate in, self-billing linked with your expenditure approval process is the most beneficial, linked then to secure electronic payment and confirmation back to the supplier that payment has been made. Self billing entitles you to raise incoming invoices on behalf of your suppliers, preferably to inked to a well-controlled and automated cost-approval process. So on top of the benefits from removing reliance on inefficient cheque payments, you also remove the need for very time-consuming supplier statement reconciliations etc.

Whether you can implement this total efficiency opportunity will depend on local fiscal legislation. In Europe and some countries in the APAC region it's possible.

Andre Solomon
Title: Interim/Contract Chief Financial Officer
Company: Your BottomLine CFO
(Interim/Contract Chief Financial Officer, Your BottomLine CFO) |

Scott,
You may want to consider the material at
http://usa.visa.com/merchants/risk_management/cisp_merchants.html#anchor_2
and at
http://usa.visa.com/merchants/risk_management/cisp_service_providers.html
to determine if you are a merchant or a service provider and what compliance level is required for your situation. The minimum standards apply if the cardholder information for payments you receive, are accepted, processed and stored on third party platforms (e.g. web-based solutions, or web-hosting companies), using third party payment solutions (e.g. online payment gateways). If none of that data is collected by your systems, then you may find that your role is primarily to ensure that those vendors are PCI compliant and/or they meet SAS 70 standards, and completion of an annual self assessment. On the other hand, if cardholder information is collected or stored on any of your private networks, or is stored on servers you own or manage, you must meet the highest compliance requirements, and you will need assistance from a qualified security assessor. I recently completed the CISP compliance process with a consultant and I would be happy to share my experience if you call me privately.

Topic Expert
Anand Goel
Title: CEO
Company: Optimized Payments Consulting
(CEO, Optimized Payments Consulting) |

Scott,

Here are industry best practices you can leverage to significantly minimize PCI risk and while reducing the cost of processing electronic payments. For instance, you can route all of your incoming payments (paypal, credit card, purchasing card, google checkout, etc.) through a single gateway. This significantly reduces the number of PCI compliance points you have to monitor and secure. Secondly, depending on how your payment infrastructure, you can use number of encryption and tokenization services that completely remove the communication and storage of credit card data from within your organization to an outside partner.

Feel free to call or e-mail me and I would be happy to provide additional information.

regards,
Anand Goel

Michele King
Title: CFO/PEO Operations Director
Company:
(CFO/PEO Operations Director, ) |

In my most recent position as CFO of HRnovations, we managed $150 million in ach payments from our clients. The biggest risk is that ach payments can bounce as easily as a check. Before you release your product or service, let a minimum of three days pass to verify confirmation of funds.

2763 views
Products and Companies

Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email content@proformative.com to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.