secure payment integration for sap

Secure Payment Integration for SAP®

September 17, 2014 ©2014. Paymetric. All Rights Reserved. 1

Agenda

September 17, 2014 ©2014. Paymetric. All Rights Reserved.

2

§  About Paymetric

§  Challenge of Payment Acceptance within SAP

§  Standard SAP Func:onality and Gaps §  Benefits of Payment Acceptance within SAP

§  PCI Requirements, Impact and Tokeniza:on

§  Secure Payment Integra:on with SAP/Paymetric

§  Ques:ons/Wrap Up

About Paymetric


3

§  More than 15 years of secure payment acceptance

§  Privately Held – Francisco Partners

§  600+ Enterprise Customers – three times the number of SAP customers than all of our competitors combined.

§  $30+ Billion in Volume Annually

§  Three time SAP Pinnacle Award winner

§  Only SAP® certified, PCI compliant SaaS solution

§  Only provider that offers processor-agnostic tokenization

§  Level 1 PCI DSS Compliant service provider

Only SAP certified, PCI compliant, SaaS solution offering Processor- agnostic tokenization.

4

Award-Winning Company

Paymetric is Recognized for Electronic Payments Innova7on

Paymetric is an award-‐winning company built on shared purpose, an unremiKng pursuit of excellence, las:ng collabora:on, accountability and integrity. For more than 15 years, we have been recognized for our work and honored with awards for technical innova:on and thought leadership.


5

The Challenge SAP’s products provide basic payment card processing capabili:es.

Challenges include:

•  Ensuring func:onal con:nuity and transac:onal efficiency between

•  Mul:ple SAP components

•  Payment processors

•  Integra:ng payment processing securely

•  Accep:ng various payment methods including credit, debit, eCheck, ACH other alterna:ve payment types

•  Accep:ng Level II/Level III data

•  Limited repor:ng

Payment Acceptance within SAP


6

Challenges with electronic payment acceptance

•  Payment Management

•  Mul:ple payment types, geographies, currencies, systems and par:es

•  Business Risk

•  Data security, PCI compliance, customer sa:sfac:on, reconcilia:on

•  Costs

•  Interchange costs, processing expense, PCI costs, maintenance costs

•  Technology

•  System integra:on, upgrades, system releases



7


The Challenge


8

Standard SAP Delivers What Exactly?

•  Order-‐to-‐cash credit card workflow ONLY

•  Communica:on stubs: placeholders for external communica:ons

•  A few reports

•  Basic encryp:on

•  IMG configura:on

Standard SAP Delivers Some Basics


9

SAP Configuration


10

SAP Order Entry for Credit Cards


11

Standard SAP Does NOT Deliver

•  AR payments for credit cards

•  External communica:ons (authoriza:on & se_lement)

•  Opera:onal repor:ng

•  Analy:cs

•  “PCI-‐friendly” credit card security

•  LIII credit card data processing

•  Se_lement reconcilia:on

•  For SAP-‐connected systems (e.g. ecommerce)

•  Non-‐SAP security solu:on

•  Non-‐SAP payment solu:on

BUT… Standard SAP is NOT Enough


12

PCI Compliance

Category

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Controls Measures

Regularly Monitor and Test Networks

Maintain an Informa:on Security Policy

Requirement

1. Install and maintain a firewall configura:on

2. Do not use vendor-‐supplied defaults for system passwords

3. Protect stored cardholder data 4. Encrypt transmission of cardholder data

5. Use and regularly update an:-‐virus sofware

6. Develop and maintain secure systems and applica:ons

7. Restrict access to data by business need-‐to-‐know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to network resources and card data

10. Track and monitor all access to network resources and card data

11. Regularly test security systems and processes

12. Maintain a policy that address informa:on security


13

PCI Impact on a Typical SAP Merchant

Basic Card Process

Phone (MOTO)

Ecommerce

Mobile

Retail

Capture Card

Transmit Card

Store Card

Card Channels (typical SAP merchant)


14

PCI: Practical Impact To SAP Merchants

In practice, what needs protecting? (typical SAP merchant)

Capture Card

• Web: shopping cart, Biller Direct, Bill Payment Portal • SAP: Order-to-Cash / Bill Payment

•  SAP GUI, CRM WebUI

Transmit Card

• Communication to Payment Service Provider • Communication between internal systems

Store Card

• SAP Database •  Transaction data (SD, FI, CRM), Master Data (Customer Master)

• Web database/temporary storage •  IDocs and flat files


15

Data Protection: What is Tokenization?

•  A token is a subs:tute value: sensi:ve data is replaced with data that is of no value to hackers or thieves

•  Protected systems no longer store the RAW sensi:ve or encrypted data

•  Unlike encryp:on – tokens can’t be reverse engineered to the original data

•  If system is compromised the real data can’t be taken, only tokens


16

The Benefits

•  Fully integrated and automated SAP credit card processes

•  Leverage SAP as common backend for ecommerce and order processing

•  Leverage one plamorm for all electronic payment methods

•  Support B2B and B2C transac:ons

•  Lower payment processing costs

•  Lower opera:onal costs

Why Process Electronic Payments within SAP?

Accep7ng electronic payments improves cash flow by drama7cally speeding the seMlement process:

•  from 30 -‐ 90 days or more for paper-‐based transac7ons •  to a maMer of 24 to 72 hours


17


The Workflow


18

The Standard in Secure Payment Acceptance


19

Payment Solutions Overview

Our Payment Solu7ons Address the Unique Challenges Merchants Face When Accep7ng Electronic Payments Across the Global Enterprise


20

Credit Card and eCheck Acceptance Across the Enterprise

Fully integrate and secure electronic payment transac:ons from your enterprise systems directly to payment processors, acquirers, PSPs and other payment solu:ons.

•  Reduce TCO by accep:ng credit cards and eChecks

•  Support for B2B and B2C transac:ons

•  Eliminate manual processes and reconcilia:on challenges

•  Lessen scope and financial burden of achieving PCI PSS compliance

Payment Acceptance


21

Reduce Risk & Sensi7ve Data Footprint with Tokeniza7on

Eliminate the storage and/or transmission of PII in enterprise systems and applica:ons with our proprietary tokeniza:on solu:on.

•  Achieve safe harbor from data breach no:fica:on laws

•  Affordably protect PII with format-‐preserving tokens

•  Increase security and protect your brand

•  Impose minimal impact to your exis:ng IT infrastructure

Sensitive Data Security


22

Tokenization At The Edges

A Tokeniza7on Layer Around Your Enterprise


23

Accept Credit Cards Against Open Invoices

Our XiReceivables solu:on enables you to accept electronic payments against accoun:ng documents and automa:cally clear open items.

•  Accelerate :me to cash

•  Reduce DSO

•  Decrease collec:on costs

•  Improve customer sa:sfac:on Only Paymetric Offers: •  Open AR – Accept electronic payments against open invoices

•  Auto AR – Support for recurring payments

•  Direct AR – Accommodate deposits and down payments

AR Payments


24

Enhanced Repor7ng Solu7ons for SAP

Our XiAnaly:cs solu:on provides the insight needed to analyze trends, enhance efficiencies and maximize performance of SAP’s payment card processing solu:ons.

•  Easily search by token, authoriza:on detail, transac:on number, etc.

•  Understand customer buying behavior

•  Find transac:onal data to resolve issues more quickly

•  Lower transac:on costs

Operational Reporting


25

Seamlessly consolidate your credit card se_lement repor:ng within SAP and streamline the reconcilia:on process across your enterprise.

•  View combined batch and transac:on details across SAP, Paymetric and your processor.

•  Promotes opera:onal efficiency

•  Gain visibility into fundamental workflow and data issues

Automated Reconcilia7on Repor7ng within SAP

Settlement Reconciliation


26

Solu7ons U7lized:

Customer Success Story: Vera Bradley

Implementa:on Results:

•  More than 2,000 customers use new B2B system

•  Exceeded goal of 40% adop:on rate in the first year

•  Empower individual retailers

•  50% pay their bill regularly using a credit card

•  Web AR solu:on enables customers to view and choose which invoices they want to pay

•  Stores tokens for each credit card in SAP – customers do not have to enter CC informa:on each :me

•  Simplified reconcilia:on

•  Decreased costs and reduced risk

XiPay, XiSecure, XiIntercept for SAP and eCommerce


27

Global Support

§  Mul:-‐Currency §  Visa §  Mastercard §  AMEX §  Diners §  Etc.

Security §  Replaces stored data with tokens §  Store actual data in off-‐site secure data vault §  XiFlex maintains original length and format of data §  Provides key management and rota:on outside of

enterprise applica:ons elimina:ng down:me

Performance §  Web-‐based User Interface §  Mul:-‐Client Architecture §  Mul:ple Cardholder Authen:ca:on Types §  Mul:ple Integra:on Technologies §  High Availability – 24 x 7 Opera:ons §  Access Logging §  Monitoring of Decryp:on Requests §  Integrated Back-‐up §  Load Balancing §  Disaster Recovery §  Database Clustering

Alterna7ve Payments §  PayPal §  BillMe Later §  Google Checkout §  Amazon §  Telecheck §  Etc.

Processing Levels §  Level 1 §  Level 2 §  Level 3

Solution Features

Mul7ple Payment Types §  Credit §  PINless Debit §  Gif §  Loyalty §  ACH §  Etc.

Cer7fica7ons §  SAP Enterprise Services Interface §  SAP Cross-‐Applica:on Payment Card Interface §  Level 1 PCI DSS Cer:fied Service Provider

©2014. Paymetric. All Rights Reserved.

28

Why Paymetric?

Performance

Expertise Tokenization PCI Compliance

Credibility

Innovation

Value

Service

On-Demand 24x7 Support

World-Class

Global Brands SAP Partner

Experienced

PCI DSS

National Reward Recognition

Payment Security

Cutting-Edge

Data Security

Integrated Secure

World Class Client Experience


29

Self-‐Service Tools Available Any Time §  Client Merchant Portal

§  XiAssist -‐ All-‐Inclusive Help Site

Real People and Real Answers When You Need Them

§  Rela:onship Management Team

§  Client Services Team

§  24/7 Produc:on Support

Only Payment Integra7on Provider

Offering A Dedicated Support Team

secure payment integration for sap

Technology

standard sap

paymetriconly sap

sap configurationseptember

bill payment portal

sap order entry

typical sap merchantseptember

numberof sap customersthan

sap merchantsin practice