Business Information Systems Implementing a

Business Information Systems Implementing a Payment Card System in a Small Business Reliance on all forms of electronic payment is increasing at an exponential rate. Given the pervasiveness of the Internet and its role as a clearinghouse for transactions (Chen, Lee, Mayer, 2001) online payments continued to serve as the catalyst for supporting the following three dominant payment card systems which are credit cards, debit cards, and stored value card-based systems.

The information systems planning, requirements, and execution considerations for a small business who seeks to accept credit, debit and value-based cards are analyzed and presented in this paper. Also included are the legislative and regulatory issues of payment cards and a discussion of privacy and security concerns as well. One of the most urgent issues facing this industry today is the adherence to the Payment Card Industry (PCI) Data Security Standard (Sussman, 2008).

Payment card business models have progressed significantly as the security technologies encompass authentication and verification of identities with greater accuracy than ever before. The five parties involved in any transaction including the card holder, merchant, issuing bank, acquiring bank, and payment card network, have all become more attuned to the needs of small businesses, re-orienting process workflows to support a wider variation in transactions.

The intent of this paper is to illustrate how these parties involved in any payment card transaction are together creating more integrated solution platforms and programs for small business. Further, the considerations for small businesses accepting payment cards are also explored in detail from a security and privacy perspective as well. Payment Card History Paradoxically the growth of payment cards' popularity is comparable in design to the growing of social networking today.

Payment card networks began in 1949, in New York City where Frank McNamara, Ralph Snyder and Alfred Bloomingdale together founded Diner's Club (Sun, Tse, 2007). The original concept of providing cardholders the benefit of charge accounts with several restaurants throughout Manhattan. The convenience of having a single charge account for several restaurants provided a very high level of convenience and quickly became popular with traveling business professionals who frequently stayed in New York.

Based on the popularity of the concept, Alfred Bloomingdale opened a Diners Club affiliate network in Los Angeles and then Boston, and by the end of the first year, the payment card network had 285 merchants and 35,000 subscribers (Sun, Tse, 2007). Within two years of its founding, annual charge volume was up to $6.2 million (Mandell, 1990). Initially Diners Club did not charge for membership as the 7% merchant discount was sufficient to cover initial costs. As the popularity of Diners Club grew the founders began charging $3 for membership (Sun, Tse, 2007).

Initial pricing for convenience eventually lead to a pricing model focused more on value delivered as the payment card network included hotels, airlines, and car rentals. Encouraged by the initial success of Diners Club, between the years of 1953 and 1954, over 100 banks began creating their own payment card networks, often defining themselves as clearinghouses for transactions. Aside from the potential for conflict-of-interest, this development led to a regional balkanization of the rapidly evolving payment card industry.

The next major introduction of a payment card system was American Express in 1958, when the company acquired the Universal Travel Card from the American Hotel Association. This acquisition brought 4,500 merchants and 160,000 cardholders to American Express' Card Division. One of the most aggressive growth strategies in payment card services, American Express was able to gain a total of 32,000 merchants and 837,000 cardholders. By 1977, American Express had achieved $8.3 billion in revenue, over ten times greater than Diners Club (Sun, Tse, 2007). This dramatically illustrates how significant the network effects are in payment card systems.

The evangelism efforts of American Express to ramp up the number of merchants in selected service areas and at specific price points attracted a specific type of member who was more focused on convenience and variety. The implication for small businesses was that initially American Express looked to larger, more established businesses to accept their card, and eventually started focusing on the more eclectic, unique smaller businesses their members were buying from.

American Express is an example of a payment card which grew very quickly due to the network effect that the expansion of merchants led to. Fee strategies favored the higher-end travel and entertainment businesses where the gross margins generated on transactions could sustain them. As a result, many small businesses found that the fees associated with American Express to accept their card were not feasible and that another payment card system was needed to better fulfill the unmet needs of small businesses.

Bank of America (BOA) was the next major financial institution to attempt to create their own payment card, and succeeded in large part due to their concentration on creating a large and diverse base of merchants and partners initially throughout California and later throughout the U.S. (Sun, Tse, 2007). In addition to the breadth of merchant coverage, Bank of America successfully created the first true credit card that included a revolving balance that was used as the basis of interest charges.

The VISA Network served as the catalyst for the growth of merchant acceptance initially of the BOA card and later, the VISA card itself, exponentially growing from 2 million businesses to 4 million by 2001 (Sun, Tse, 2007). In conjunction with the development of the VISA Network was the MasterCharge Network, also created to capitalize on the unique aspects of the BOA payment card and its base of merchants. In 1969, the Interbank Card Association (ICA) bought MasterCharge from the Western States Bank Card Association and eventually re-branded it as MasterCard.

Discover was the last of the major payment cards to successfully enter the payment card industry led by Greenwood Trust Company, a Delaware-owned bank owned by Sears, launched the card in 1986 (Sun, Tse, 2007). While many industry experts and analysts predicted that Discover would fail, the concentration on signing up 75,000 merchants before the card was introduced, the development of a low fee schedule to actively recruit new merchants, and an innovative cash-back program for its customers.

The Discover card proved that even a late entrant into the payment card industry could become viable. In summary, the historical aspects of payment card industry illustrate how critical it is to create a network of merchants quickly and sustain their profitability through the use of an acceptable fee structure. Second, the lessons learned from the history of the development of the payment card industry also illustrate how effective fee structures are in defining marketing and segmentation strategies.

This is evident in the variation in positioning between American Express and Discover. Third, the development of services extensions and the use of entirely new services also act as the catalyst of entirely new member development programs. All of these factors contribute to the development of payment card companies increasingly looking to small businesses as the foundation for future growth given the relative maturity of the market (Sun, Tse, 2007).

Information Systems Considerations There are many factors that need to be considered from an information systems standpoint prior to a small business implementing support for a payment card system. The business case first needs to be considered as the fees per transaction vary significantly (Rysman, 2007), and while American Express has recently begun working more with small business merchants, this specific payment card is by far the most expensive for any merchant to accept.

VISA and MasterCard have created Return on Investment (ROI) calculators and business case analysis tools to assist small businesses in determining if it makes sense for them to accept either card or none. Once the business case is completed the following are the major information systems impacts of implementing a payment card in a small business. Creating a single, integrated financial accounting system is critical for any small business to get into place before accepting any form of payment card.

Primarily to track each transaction and assign it to the correct account, the development of an accounting system is critical for tracking the performance of any payment card processing efforts in a small business. This is also essential to track the payments due the card issuer in fees. From an information systems standpoint, this translates into the need for an accounting system that is integrated into the Point of Sales (POS) systems, even if it's the cash registers and credit card processing terminals.

Second, any small business looking to accept payment cards needs to consider the merchant account provider's ability to integrate into websites and provide fulfillment of products either from third-party warehouse locations, or the company's own warehouse. This goes beyond electronic commerce and supports an entire fulfillment strategy that links the customer to the logistics of how their products are shipped and the actual processes involved in delivering products.

Payment card providers have continued to make gains in this area to give small business owners the opportunity to sell over their websites in addition to in their stores or through indirect channels. Third, the information systems implications also need to concentrate on how to manage pricing and discounting across product groups and also across payment methods. This is an area where small businesses can gain significant competitive advantage and one that is consistently ignored or not undertaken at all.

For the payment card strategies in small businesses to be profitable, information systems, specifically applications, need to be created and managed to ensure optimal pricing is defined for each product, and that gross margins are maximized regardless of the payment card used. Fourth, information systems in small businesses need to take into account the synchronizing of all available distribution channels, creating a multi-channel management strategy that is integrated to the payment card processing system as well (Goldstucker, Moschis, Stanley, Thomas, 1986).

Tracking transactions and margins by channel is one of the main metrics that small businesses use to evaluate their overall selling and marketing performance. Multi-channel management was once a strategy that was available onto to the largest enterprises, yet in the small and medium businesses combining Web-based sales, direct, and indirect selling strategies need to have an accompanying payment card processing platform available for accepting, processing and transferring payments (Stone, Hobbs, Khaleeli, 2002).

In one respect payment card processing systems are leveling the playing field of multichannel management, due partially to the development of payment card systems oriented to the small and medium business. Fifth and most significant, the need for a consistent approach to the security of customer information is critical. This is the area of information systems that intersects the development of the payment card industry standards (Sussman, 2008).

The development of database systems that can encode, protect yet create taxonomies of customer data that can be used as the basis of marketing campaigns is a critical component of how information systems can be designed to ensure a payment card system is successfully implemented in a small business. Not only is the security of transaction crit8ifcal, even more critical are the customer records and accumulated purchase activity of small businesses' customers.

This type of data is the critical link the small business has with its most loyal and potentially profitable customers.

Considerations with regard to the use of information systems for security aren't just relegated to the back office of a small business however; it also has to do with the approaches used for capturing customer data, completing and recording transactions, and the development of plans for ensure a high degree of security compliance across the entire order capture and transaction recording process (Swartz, 2007), There are significant implications in Business-to-Consumer (B2C) commerce for example when payment cards are used over the Internet and the need exists for authenticating the card user's identity and credit worthiness (Chen, Lee, Mayer, 2001).

The process workflow that begins with payment and ends with the transaction being verified through the acquiring bank over a credit card network requires that the systems in the small business have secure integration points to the network first, and second, have a sufficiently high level of security at the business itself. On this latter point, the adoption and the Payment Card Industry Standard (Sussman, 2008) has specifically targeted the lack of information systems security in small businesses.

In summary, the information systems impact of implementing a payment card system in a small business is equally balanced between integration of accounting, transaction-based systems on the one hand and the security of the databases that are used for accumulating customer purchasing history and specifics of their purchases. The emergence of standards in these areas specific to security show that to date the value chain of when a transaction first occurs to when it is catalogued or recorded in a database is full of potential security breaches.

Sassman (2008) points to these data and identity breaches as the catalyst for security standards becoming progressively more stringent and specific in their requirements. Legislative and Regulatory Issues As the card process industry has steadily matured and faced single-digit growth rates (Sun, Tse, 2007), there has been a corresponding consolidation of the overall market. There were mounting concerns of financial institutions not being able to overcome economic fluctuations in addition to a maturing financial services industry forcing a high level of mergers and acquisitions (M&a).

Regulating these was the main focus of the Gramm-Leach Bliley Act, which sought to first make mergers and acquisitions in the financial services industry more efficient on the one hand, and more importantly, a transparency and compliance of M&a activity across financial services firms. Compliance is a major requirement of the Sarbanes-Oxley Act (SOX) for example, and within the Gramm-Leach Bliley Act, the requirements of the Financial Privacy Rule, the Safeguards Rule,.