Download - Secure Payment Integration for SAP
Secure Payment Integration for SAP®
September 17, 2014 ©2014. Paymetric. All Rights Reserved. 1
Agenda
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
2
§ About Paymetric
§ Challenge of Payment Acceptance within SAP
§ Standard SAP Func:onality and Gaps § Benefits of Payment Acceptance within SAP
§ PCI Requirements, Impact and Tokeniza:on
§ Secure Payment Integra:on with SAP/Paymetric
§ Ques:ons/Wrap Up
About Paymetric
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
3
§ More than 15 years of secure payment acceptance
§ Privately Held – Francisco Partners
§ 600+ Enterprise Customers – three times the number of SAP customers than all of our competitors combined.
§ $30+ Billion in Volume Annually
§ Three time SAP Pinnacle Award winner
§ Only SAP® certified, PCI compliant SaaS solution
§ Only provider that offers processor-agnostic tokenization
§ Level 1 PCI DSS Compliant service provider
Only SAP certified, PCI compliant, SaaS solution offering Processor- agnostic tokenization.
4
Award-Winning Company
Paymetric is Recognized for Electronic Payments Innova7on
Paymetric is an award-‐winning company built on shared purpose, an unremiKng pursuit of excellence, las:ng collabora:on, accountability and integrity. For more than 15 years, we have been recognized for our work and honored with awards for technical innova:on and thought leadership.
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
5
The Challenge SAP’s products provide basic payment card processing capabili:es.
Challenges include:
• Ensuring func:onal con:nuity and transac:onal efficiency between
• Mul:ple SAP components
• Payment processors
• Integra:ng payment processing securely
• Accep:ng various payment methods including credit, debit, eCheck, ACH other alterna:ve payment types
• Accep:ng Level II/Level III data
• Limited repor:ng
Payment Acceptance within SAP
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
6
Challenges with electronic payment acceptance
• Payment Management
• Mul:ple payment types, geographies, currencies, systems and par:es
• Business Risk
• Data security, PCI compliance, customer sa:sfac:on, reconcilia:on
• Costs
• Interchange costs, processing expense, PCI costs, maintenance costs
• Technology
• System integra:on, upgrades, system releases
Payment Acceptance within SAP
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
7
Payment Acceptance within SAP
The Challenge
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
8
Standard SAP Delivers What Exactly?
• Order-‐to-‐cash credit card workflow ONLY
• Communica:on stubs: placeholders for external communica:ons
• A few reports
• Basic encryp:on
• IMG configura:on
Standard SAP Delivers Some Basics
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
9
SAP Configuration
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
10
SAP Order Entry for Credit Cards
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
11
Standard SAP Does NOT Deliver
• AR payments for credit cards
• External communica:ons (authoriza:on & se_lement)
• Opera:onal repor:ng
• Analy:cs
• “PCI-‐friendly” credit card security
• LIII credit card data processing
• Se_lement reconcilia:on
• For SAP-‐connected systems (e.g. ecommerce)
• Non-‐SAP security solu:on
• Non-‐SAP payment solu:on
BUT… Standard SAP is NOT Enough
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
12
PCI Compliance
Category
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Controls Measures
Regularly Monitor and Test Networks
Maintain an Informa:on Security Policy
Requirement
1. Install and maintain a firewall configura:on
2. Do not use vendor-‐supplied defaults for system passwords
3. Protect stored cardholder data 4. Encrypt transmission of cardholder data
5. Use and regularly update an:-‐virus sofware
6. Develop and maintain secure systems and applica:ons
7. Restrict access to data by business need-‐to-‐know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to network resources and card data
10. Track and monitor all access to network resources and card data
11. Regularly test security systems and processes
12. Maintain a policy that address informa:on security
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
13
PCI Impact on a Typical SAP Merchant
Basic Card Process
Phone (MOTO)
Ecommerce
Mobile
Retail
Capture Card
Transmit Card
Store Card
Card Channels (typical SAP merchant)
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
14
PCI: Practical Impact To SAP Merchants
In practice, what needs protecting? (typical SAP merchant)
Capture Card
• Web: shopping cart, Biller Direct, Bill Payment Portal • SAP: Order-to-Cash / Bill Payment
• SAP GUI, CRM WebUI
Transmit Card
• Communication to Payment Service Provider • Communication between internal systems
Store Card
• SAP Database • Transaction data (SD, FI, CRM), Master Data (Customer Master)
• Web database/temporary storage • IDocs and flat files
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
15
Data Protection: What is Tokenization?
• A token is a subs:tute value: sensi:ve data is replaced with data that is of no value to hackers or thieves
• Protected systems no longer store the RAW sensi:ve or encrypted data
• Unlike encryp:on – tokens can’t be reverse engineered to the original data
• If system is compromised the real data can’t be taken, only tokens
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
16
The Benefits
• Fully integrated and automated SAP credit card processes
• Leverage SAP as common backend for ecommerce and order processing
• Leverage one plamorm for all electronic payment methods
• Support B2B and B2C transac:ons
• Lower payment processing costs
• Lower opera:onal costs
Why Process Electronic Payments within SAP?
Accep7ng electronic payments improves cash flow by drama7cally speeding the seMlement process:
• from 30 -‐ 90 days or more for paper-‐based transac7ons • to a maMer of 24 to 72 hours
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
17
Payment Acceptance within SAP
The Workflow
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
18
The Standard in Secure Payment Acceptance
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
19
Payment Solutions Overview
Our Payment Solu7ons Address the Unique Challenges Merchants Face When Accep7ng Electronic Payments Across the Global Enterprise
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
20
Credit Card and eCheck Acceptance Across the Enterprise
Fully integrate and secure electronic payment transac:ons from your enterprise systems directly to payment processors, acquirers, PSPs and other payment solu:ons.
• Reduce TCO by accep:ng credit cards and eChecks
• Support for B2B and B2C transac:ons
• Eliminate manual processes and reconcilia:on challenges
• Lessen scope and financial burden of achieving PCI PSS compliance
Payment Acceptance
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
21
Reduce Risk & Sensi7ve Data Footprint with Tokeniza7on
Eliminate the storage and/or transmission of PII in enterprise systems and applica:ons with our proprietary tokeniza:on solu:on.
• Achieve safe harbor from data breach no:fica:on laws
• Affordably protect PII with format-‐preserving tokens
• Increase security and protect your brand
• Impose minimal impact to your exis:ng IT infrastructure
Sensitive Data Security
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
22
Tokenization At The Edges
A Tokeniza7on Layer Around Your Enterprise
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
23
Accept Credit Cards Against Open Invoices
Our XiReceivables solu:on enables you to accept electronic payments against accoun:ng documents and automa:cally clear open items.
• Accelerate :me to cash
• Reduce DSO
• Decrease collec:on costs
• Improve customer sa:sfac:on Only Paymetric Offers: • Open AR – Accept electronic payments against open invoices
• Auto AR – Support for recurring payments
• Direct AR – Accommodate deposits and down payments
AR Payments
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
24
Enhanced Repor7ng Solu7ons for SAP
Our XiAnaly:cs solu:on provides the insight needed to analyze trends, enhance efficiencies and maximize performance of SAP’s payment card processing solu:ons.
• Easily search by token, authoriza:on detail, transac:on number, etc.
• Understand customer buying behavior
• Find transac:onal data to resolve issues more quickly
• Lower transac:on costs
Operational Reporting
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
25
Seamlessly consolidate your credit card se_lement repor:ng within SAP and streamline the reconcilia:on process across your enterprise.
• View combined batch and transac:on details across SAP, Paymetric and your processor.
• Promotes opera:onal efficiency
• Gain visibility into fundamental workflow and data issues
Automated Reconcilia7on Repor7ng within SAP
Settlement Reconciliation
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
26
Solu7ons U7lized:
Customer Success Story: Vera Bradley
Implementa:on Results:
• More than 2,000 customers use new B2B system
• Exceeded goal of 40% adop:on rate in the first year
• Empower individual retailers
• 50% pay their bill regularly using a credit card
• Web AR solu:on enables customers to view and choose which invoices they want to pay
• Stores tokens for each credit card in SAP – customers do not have to enter CC informa:on each :me
• Simplified reconcilia:on
• Decreased costs and reduced risk
XiPay, XiSecure, XiIntercept for SAP and eCommerce
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
27
Global Support
§ Mul:-‐Currency § Visa § Mastercard § AMEX § Diners § Etc.
Security § Replaces stored data with tokens § Store actual data in off-‐site secure data vault § XiFlex maintains original length and format of data § Provides key management and rota:on outside of
enterprise applica:ons elimina:ng down:me
Performance § Web-‐based User Interface § Mul:-‐Client Architecture § Mul:ple Cardholder Authen:ca:on Types § Mul:ple Integra:on Technologies § High Availability – 24 x 7 Opera:ons § Access Logging § Monitoring of Decryp:on Requests § Integrated Back-‐up § Load Balancing § Disaster Recovery § Database Clustering
Alterna7ve Payments § PayPal § BillMe Later § Google Checkout § Amazon § Telecheck § Etc.
Processing Levels § Level 1 § Level 2 § Level 3
Solution Features
Mul7ple Payment Types § Credit § PINless Debit § Gif § Loyalty § ACH § Etc.
Cer7fica7ons § SAP Enterprise Services Interface § SAP Cross-‐Applica:on Payment Card Interface § Level 1 PCI DSS Cer:fied Service Provider
©2014. Paymetric. All Rights Reserved.
28
Why Paymetric?
Performance
Expertise Tokenization PCI Compliance
Credibility
Innovation
Value
Service
On-Demand 24x7 Support
World-Class
Global Brands SAP Partner
Experienced
PCI DSS
National Reward Recognition
Payment Security
Cutting-Edge
Data Security
Integrated Secure
World Class Client Experience
September 17, 2014 ©2014. Paymetric. All Rights Reserved.
29
Self-‐Service Tools Available Any Time § Client Merchant Portal
§ XiAssist -‐ All-‐Inclusive Help Site
Real People and Real Answers When You Need Them
§ Rela:onship Management Team
§ Client Services Team
§ 24/7 Produc:on Support
Only Payment Integra7on Provider
Offering A Dedicated Support Team