merican author and journalist Bill Vaughan once said, "An optimist stays up until midnight to see the new year in. A pessimist stays up to make sure the old year leaves." As 2005 wraps up, both optimists and pessimists in the payment processing industry will cite events (in some cases, the same events) that prove their outlook is correct. Small and large changes alike have swept the industry in much the same way that Hurricane Katrina swept through the Gulf Coast: leaving a very different landscape in this year's wake.

Massive Data Breaches

Fraud and data breaches rocked the industry in 2005, both because of the sheer size of the breaches (criminals stole 145,000 records from ChoicePoint; up to 40 million cards at CardSystems Solutions Inc. were potentially compromised by hackers, the largest payment data security breach ever) and the troubling issues that they exposed.

In the case of CardSystems the data were stored in violation of card Association rules. ChoicePoint's security breach occurred in October of 2004, but it didn't notify potential victims until spring of 2005, when attorneys general in 38 states pressured the company to alert consumers.

The wave of negative publicity these breaches set off eroded public confidence in the security of their personal information and focused much attention on personal data storage.

[The CardSystems breach] "is a clear sign that the industry's efforts to self-regulate when it comes to protecting consumers' sensitive personal data are failing," wrote Sen. Dianne Feinstein (D-Calif.).

"The fact that hackers could have accessed data on up to 40 million accounts because of a processor's failure to follow your own established rules makes me question the effectiveness and ability of self-regulation by your industry."

Feinstein introduced legislation that would require companies to notify customers whenever a hacking incident may have compromised personal data, set a national standard for protecting personal information, and prohibit the sale or display of Social Security numbers to the general public.

In July, a subcommittee of the House Committee on Financial Services held hearings to address these types of consumer data security issues.

PCI Security Standards Pushed

In December of 2004, Visa and MasterCard established the Payment Card Industry (PCI) Data Security Standard to unify industry security requirements for storing, processing and transmitting cardholder data. PCI applies to all members, merchants and service providers that store, process and/or transmit cardholder data.

PCI aligns Visa's Cardholder Information Security Program and MasterCard's Site Data Protection Program. Other card companies operating in the United States, including American Express Co. (AmEx), Discover Financial Services, JCB and Diners Club, also have endorsed PCI.

Merchants processing more than 6 million card transactions annually or who have suffered a hack or had account data compromised should have validated their compliance in 2004.

E-commerce merchants processing 20,000 to 6 million card transactions annually should have validated their compliance by June 30, 2005. For all other merchants, compliance is mandatory, but proof of validation is optional.

During 2005, hopefully most acquirers submitted the necessary paperwork to their respective processors to ensure that they operate within these guidelines and that all of the certified products they use meet PCI standards.

IPOs Aplenty, IPOs Galore

In August, MasterCard Inc. announced plans for an initial public offering (IPO) of common stock and a restructuring of corporate governance.

Experts say this offering was a result of increasing concern over cardholder data security, lawsuits filed by merchants over interchange and competition among card brands.

The IPO should not only raise capital, but it also should increase transparency in MasterCard's operations to help protect it if any of the 20 or so lawsuits pending result in financial liabilities.

Facing the same pressures as MasterCard, Visa U.S.A. announced in November a restructuring of its board of directors.

Visa is considered a bankcard Association, and only bankers whose institutions issue Visa-branded cards have been given seats on the board.

Under the restructuring, however, Visa now will allow nonbankers to serve on it. Once the restructuring is completed (in late 2006), financial institutions will hold only seven seats on Visa's board and independent directors will hold eight. For years, merchants complained that a group of banks sitting around a board table deciding interchange rates is tantamount to price fixing.

Analysts suggest that Visa, like MasterCard, facing a storm of lawsuits, hopes to avoid the appearance of impropriety by bringing more nonbanks into the board room.

In April, VeriFone, a POS terminal manufacturer, held an IPO of 15.4 million shares, quietly dropping its share price to $10 from a planned $12 - $14 just prior to the IPO. With somewhat more success, Heartland Payment Systems Inc. raised $46.2 million in its August IPO. Stock analysts following Heartland have consistently rated the company a "strong buy" or "hold."

And bucking the IPO trend, iPayment Chief Executive Officer Gregory Daily spent much of 2005 trying to take his company, which had its IPO in May 2003, private again. In May, he offered $38 a share, which was rejected. In November, he raised his offer to $43 a share, and then 10 days later upped that to $43.50 a share (his highest and final price, according to a company news release announcing the offer).

M&A Mania

A surge of mergers and acquisitions in the payments industry that began in late 2004 continued in 2005.

The consolidation of the top acquirers and card issuers points to a maturing market, but it also has raised concerns that pricing power lies in the hands of only a few powerful companies (the top five processors account for more than 80% of the market, see "The Changing Face of Card Acquiring," GSQ Vol. 8, No. 4, December 2005).

Bank of America Corp. (BofA) was one of the most acquisitive companies in the payments industry in 2005. It acquired National Processing Co. late in 2004, and then in the second quarter of 2005, announced plans to acquire MBNA Corp.

"The result will be the country's top retailer of financial services with the size and scale to drive distribution and marketing efficiencies," BofA Chairman Kenneth D. Lewis said, announcing the acquisition.

With the acquisition, BofA "joins an elite group of three mega issuers (BofA, JPMorgan Chase & Co. and Citigroup) at the top of the market," said Aaron McPherson, Payments Research Director at research firm Financial Insights.

In October, First Data Corp. and JPMorgan Chase announced a merger of the two acquiring organizations that they jointly operate, Paymentech LP and Chase Merchant Services.

The merged operation, called Chase Paymentech Solutions LLC, will process approximately 13.1 billion transactions annually with more than $500 billion in annual bankcard volume in both the United States and Canada.

And in November, eBay Inc., the parent company of PayPal, which specializes in online payments, completed its $370 million acquisition of VeriSign's payment gateway. The VeriSign deal allows PayPal to beef up its security and extend and strengthen its market reach beyond the eBay community.

The Interchange Wars Continue

Both Visa U.S.A. and MasterCard International announced higher interchange fees, effective April 1, 2005. Visa hiked interchange rates on certain transactions initiated with cards tied to rewards programs.

The Visa interchange hikes hit restaurants and independent supermarkets especially hard, according to experts who have studied the changes.

MasterCard announced across-the-board increases, upward of 12% in interchange for consumer credit and corporate cards.

The two card Associations took very different approaches to debit card pricing. MasterCard left signature debit rates untouched; Visa reduced rates on several categories of signature debit transactions.

These price hikes exacerbated the merchants' unhappiness with interchange fees and led to a barrage of merchant lawsuits against Visa and MasterCard and their member banks, as well as pressure from consumer groups for legislative or regulatory action.

The most recent lawsuits were class action suits filed on Nov. 14, 2005 by the American Booksellers Association and the National Grocers Association.

Free Terminals Spark Controversy

The free terminal initiative, largely pioneered by United Bank Card Inc. (UBC) at the end of 2004, spread quickly during 2005. It is reshaping the way ISOs and merchant level salespeople (MLSs) conduct business.

For nearly 20 years, many MLSs have made a living selling and leasing terminals, only to see a fundamental change in their way of doing business in 2005.

Many predict that MLSs who have had most of their income from terminal leases will be forced to move toward a residual-based compensation.

This initiative sparked industry-wide controversy and ignited the most viewed discussion in the history of GS Online's MLS Forum.

New Leadership at NAOPP

Founded in 2003, the National Association of Payment Professionals (NAOPP) is a nonprofit organization working to bridge the gap between MLSs and other segments of the payment processing industry. It made great strides in 2005.

The board of directors had two main goals at the beginning of the year, and hired Vicki M. Daughdrill to act as Executive Director to help implement them.

"Our two major goals were to shore up the financial and legal requirements began by our founding members, and to increase our membership," Daughdrill said. "And we accomplished both of those."

During the course of the year, NAOPP filed for 501(c)3 status with the IRS, created and had reviewed an official set of books, and filed tax returns for 2003 and 2004. "We also had our Association bylaws reviewed by a professional parliamentarian, and then [we] reviewed, revised and updated them," Daughdrill said.

"We exhibited at all the regional acquirers meetings, created a Web site that we hope will be up and running by the end of the year, put out our first member newsletter, started a capital campaign and raised 30% of our goal in just a few weeks, and increased our membership by over 30%. We've been extraordinarily busy.

"We had an excellent board this year," Daughdrill added. "We're positioned for an absolutely dynamic 2006."

AmEx and Discover Expand Card-issuing Partnerships

A 2004 U.S. Supreme Court decision affirmed lower court rulings against the Visa and MasterCard bylaws precluding member banks from also issuing nonbankcards.

As a result, American Express Co. (AmEx) and Discover Financial Services have aggressively pursued card-issuing partnerships this year. Discover is now working with retailers such as Wal-Mart to gain new card members, and AmEx is working with Citibank and MBNA (two of the largest U.S. bankcard issuers) to woo affluent customers.

Electronic Payments Reach New Highs

During 2005, electronic card payments continued to skyrocket. According to the "2005/2006 Survey of Consumer Payment Preferences," by Dove Consulting and the American Bankers Association, one in three in-store purchases are now made using a debit card, compared with less than one in four in 1999. In other words, debit cards now tie with cash for having the biggest share of consumer in-store purchases.

IBM Consulting Services estimates that online debit is now used in 24% of all electronic payment transactions at the POS.

Much of the growth has come at the expense of checks, which now account for only 11% of in-store purchases. Clearly, U.S. consumers are increasingly dependent on electronic payment options. This dramatic growth in debit card transactions in the United States, and the accompanying drop in check services, had a tremendous impact on the industry in 2005. That impact is expected to continue in 2006.

(For more information on the growth of electronic transactions, see "Future Looks Bright for Card Payments," By Patti Murphy, in this issue.)

MSP Rules Manual Made Available

In July, MasterCard started offering its new Merchant Rules manual, which provides rules applicable to the acceptance of MasterCard cards and Maestro cards, to everyone, not only to member banks.

The Association wants acquirers, MSPs, ISOs and MLSs to provide their merchant customers with a copy and to explain the importance of the rules so that merchants will comply with them (download a free copy at: (www.mastercardmerchant.com/docs/accept_ mastercard/merchant_rules.pdf).

The Green Sheet Stretches, Grows and Is Recognized

For the fourth year in a row, Communications Concepts Inc. recognized The Green Sheet's print and online publications in its annual competition: this year with six APEX Awards of Excellence.

"We are very proud to receive these awards," said Kate Gillespie, General Manager and Chief Operating Officer of The Green Sheet. "Everyone on The Green Sheet team takes great pride in their work and gives their best to bring news, information and advice to the MLS."

As the number of pages in The Green Sheet continues to climb (to 128 in 2005), so do the pages of content on our Web site.

New GS Online features include newswire headlines for keeping up on news that affects our industry as it happens; the ability to e-mail key pages to colleagues; and a growing network for hyperlinks within each article to retrieve more information quickly.

Of course, the MLS Forum, where you can exchange views, tips, tricks and industry gossip with peers, remains the most popular destination.

GS Online received an average of 2.5 million hits per month during 2005, proving that these new features and increased coverage were warmly received.

At The Green Sheet, we're proud of the reputation we've earned tracking not only the industry-sweeping news and trends, but also the smaller, subtler events that shaped the payments business in 2005.

Thanks for being with us this past year, and all our best for a happy and prosperous 2006.