|
CyberSource Corp.
1295
Charleston Road
Mountain View, California 94043
(650) 965-6000
www.cybersource.com
Sales
$29
million
Business Description
CyberSource Corporation (“CyberSource” or the “Company”) provides secure
electronic payment and risk management solutions to organizations that
process orders for goods and services over the Internet. CyberSource’s
payment solutions allow eCommerce merchants to accept a wide range of online
payment options, from credit cards and electronic checks, to global payment
options and emerging payment types. Our risk and compliance management tools
address issues such as credit card fraud, online tax requirements and export
controls. Our reporting and management tools help automate the flow of
complex eCommerce processes, such as recurring billing and payment
reconciliation. We partner with and connect to a large network of payment
processors and other payment service providers to offer merchants a single
source solution. Traditionally, our target customer base has been medium and
large enterprises, but during the last two years we have also focused
development and marketing efforts on the small business segment.
CyberSource Products and Services
Enterprise Merchants
CyberSource defines Enterprise Merchants as those businesses that generate
more than $250,000 in annual online sales. For Enterprise Merchants,
CyberSource offers a comprehensive set of products and services to address
the varying needs of such companies. Requirements of such merchants include
acceptance of all major credit cards, the ability to bill customers at
regular monthly intervals, support for international payment options, fraud
prevention, and tools to automate internal processes to reduce the
administrative costs and burdens of accepting online orders.
CyberSource’s payment services enable merchants to accept payments made by
all major credit or charge cards including American Express, Discover,
Diners Clubs, JCB, MasterCard, and Visa cards. CyberSource customers can
also accept payment by corporate procurement cards, electronic checks, and
the Bill Me Later service. Merchants that have business models based on
subscriptions can take advantage of the CyberSource recurring billing
service. For merchants selling internationally, CyberSource supports direct
debit, bank transfer, and dynamic currency conversion.
Losses due to fraud are significant concerns for online merchants. To help
enterprise merchants reduce fraud losses, CyberSource offers the CyberSource
Advanced Fraud Screen Enhanced by Visa, a real time fraud detection service
that estimates the level of risk associated with each transaction and
provides merchants with a risk score and codes explaining the nature of the
risk. CyberSource Advanced Fraud Screen Enhanced by Visa benefits from
Visa’s access to comprehensive databases of known fraudulent transactions,
enabling CyberSource to more accurately evaluate risk. In establishing the
risk score, CyberSource Advanced Fraud Screen Enhanced by Visa conducts over
150 tests including data integrity, cardholder identity, verification of
geographic location, the number of times a card is used at certain time
intervals, time of purchase, and correlations among order information.
Through the same connection, CyberSource can use the Visa Payer
Authentication Service and MasterCard SecureCode program to verify a
cardholder’s identity. The CyberSource Delivery Address Verification service
helps merchants avoid losses due to misdelivery.
Because online commerce can occur across state and international boundaries,
medium to large merchants often require tools to facilitate tax and export
regulatory compliance. The CyberSource Tax Service calculates sales and use
taxes for over 60,000 taxing jurisdictions in the United States and Canada
and supports value added tax calculation in 28 countries. The CyberSource
Export Compliance service helps online merchants comply with U.S. Government
export regulations by comparing orders against a changing list of denied
countries or persons.
In addition to the products and services designed to facilitate transaction
processing, CyberSource provides enterprise merchants with tools to manage
the order process internally. CyberSource Risk Manager is enterprise
software that merchants install locally, through which merchants can
automate many of the decisions that would otherwise have to be handled
manually, such as whether to accept, review, or reject incoming orders. To
help merchants reconcile payment discrepancies and chargebacks, CyberSource
offers the CyberSource Reconciliation Tool, which generates reports of
discrepancies to quickly identify transactions requiring follow up.
Small Business Merchants
In our experience, businesses that generate less than $250,000 in annual
online revenue have needs that differ from enterprise merchants. To address
the requirements of small merchants, CyberSource offers services that are
easier to implement and that support many leading shopping cart software
programs used by small businesses. Through our offerings, small business
merchants can accept payments made by American Express, Diners Card,
Discover, JCB, MasterCard, Visa, and PayPal. Small business merchants can
also reduce the risk of fraud by using the CyberSource Smart Authorization
service.
Professional Services
Building upon our experience in eCommerce, we employ a team of experts that
can help merchants operate effective online businesses. The CyberSource
Professional Services group provides business and technical consulting
services including technology selection, analysis of impacts of the online
business on internal processes, devising merchant-specific risk management
strategies, systems installation, integration of CyberSource products and
services with the merchants’ existing internal systems, building custom
reporting tools, disaster recovery planning, and security consulting.
Technology
Transaction Services
Our transaction processing system employs a modular architecture designed
for scalability, reliability, extensibility and performance. This system is
composed of multiple groups of servers and routers that appear as a single
point of contact to our customers’ systems. This system also utilizes the
latest industry standards to maximize compatibility with our customers’
commerce systems. In addition, we have implemented a global network of
telecommunications access points that are designed to optimize transaction
processing response times and to mitigate the effects of system failures.
The primary software components of our system are the transaction databases,
the commerce processing engine, the commerce services applications, the
Cybersource Order Processing API, the Simple Commerce Messaging Protocol (SCMP)
and respective client software.
Transaction Database Architecture
Two primary databases form the core of our transaction processing system:
the transaction processing database, which maintains information necessary
to process each individual transaction, and the post-transaction database,
which generates and provides detailed information about customers’
transactions, with advanced reporting capabilities available in XML and
other formats.
Commerce Engine
Our commerce engine manages workflow functions and the required
communications between our servers, our database, and our processors,
including Barclays Bank, First Data Corporation, Paymentech, Streamline
(provided by the Royal Bank of Scotland Group), and Vital Processing
Services. Our commerce engine is designed to meet the transaction processing
demands of our customers in a secure, fast, efficient, reliable, scalable
and interoperable manner and was designed to scale rapidly to balance and
handle peak transaction processing loads. Additional Commerce Engine servers
can be readily added to accommodate increased customer demand.
Commerce Services Applications
We have developed and licensed a set of software applications that perform
the hosted services. These services include credit card processing,
electronic check processing, gift and promotional certificates, Bill Me
Later payment service, payer authentication, smart authorization,
CyberSource Advanced Fraud Screen enhanced by Visa, tax services, delivery
address verification, and export compliance. These applications contain the
rules and logic necessary to provide our hosted services to customers. In
many cases, execution of the applications are distributed among the commerce
engine and database systems, enabling us to minimize interruptions during
scheduled maintenance when enhancing or adding additional services to meet
our customers’ needs.
Order Processing API using Web Services
In 2003, we introduced the CyberSource Order Processing API to allow the
secure and reliable communication of order data from our customers’ systems
to CyberSource systems. The Order Processing API provides our customers with
a way to send invoice data to CyberSource for processing by any of the
CyberSource commerce services applications. Using industry standard web
services technologies, including SOAP, XML, and WS Security, the Order
Processing API provides customers with an industry recognized implementation
path allowing the Order Processing API to be built into customer order
management applications. Like SCMP, the Order Processing API uses the Data
Encryption Standard, RSA/public key cryptography and digital certificates to
ensure secure signed communication of transaction data.
Simple Commerce Messaging Protocol
We developed SCMP to enable efficient and secure connections between our
commerce engine systems and our customers’ systems. In order to ensure
secure messaging, SCMP utilizes industry standards for secure communications
including the Data Encryption Standard, RSA/public key cryptography and
digital certificates. SCMP has been designed so that it can be integrated
into virtually any commerce server platform.
Client Software
Our commerce services are invoked by a common programming interface residing
on our customers’ commerce servers. Client software is provided for SCMP and
Order Processing API interfaces and can be easily installed by customers
using pre-built developers kits and application plug-ins. These developer
kits are available for most popular Internet programming environments,
including ASP/COM, .NET and Java, and for most operating systems, including
Windows NT/2000, Linux, and UNIX (Solaris, HP/UX, IBM/AIX and others).
Developer kits also come with samples that customers can use to quickly
deploy CyberSource services within their enterprises.
Data Centers and Network Access
Our data centers are located at facilities in Santa Clara, California, Mesa,
Arizona, London, England and Tokyo, Japan. These secure data center
facilities contain our servers, network firewalls, routers and other
technology necessary to provide high availability transaction services and
connectivity to the Internet, our customers and processing partners. They
provide high-speed and redundant network connectivity, uninterruptible power
systems (UPS), fire detection and suppression systems, physical security and
surveillance on a 24 hours a day, 7 days a week, 365 days a year basis. In
addition, we have access to numerous network points of presence located on
five continents from third party providers enhancing our ability to serve
customers globally. These points of presence, through controlled route
announcements to providers such as AT&T, UU-NET, Sprint, GLBX, Cable &
Wireless, Verio, AboveNet, Telia and Level 3 Communications, enable us to
provide direct, rapid and reliable access to our suite of services.
Industry Standards
The implementation of our architecture for hosted services is based on and
complies with widely accepted industry standards. For example, the commerce
engine utilizes components from industry leaders such as Cisco, IBM,
Microsoft, RSA Data Security, Sun Microsystems and Sybase. Adherence to
industry standards provides compatibility with existing applications, ease
of modification, and reduces the need for software modules to be rewritten
over time, thus protecting our customers’ investments.
Enterprise Software
CyberSource Payment Manager
The CyberSource Payment Manager product is based on modular systems
architecture that allows this server to be installed into large customer
infrastructures where a dedicated payment gateway interface will be used.
CyberSource Payment Manager is designed as a three-layer software
architecture well suited for enterprise deployment. These layers include the
multiple sales channel interface, core server, and database.
The CyberSource Payment Manager core server supports a common programming
interface that can be adapted to multiple sales channel enterprise systems.
These sales systems could be used in conjunction with a call center in order
to accept orders through an interactive voice response unit, from a Web
server using hypertext transfer protocol, from a point-of-sale terminal, or
from a wireless application protocol device. This architecture supports our
belief that enterprises will demand a payment server capable of supporting
multiple, independent sales channels, and that the enterprise sees
significant benefit in being able to manage and control a single transaction
payment platform.
The database layer is based on a standard structured query language (SQL)
interface, offering a choice of implementations with any of the standard
relational database management systems (RDBMS) on the market. Database
platforms currently used by our customers include Microsoft SQL Server,
Oracle, and Sybase.
CyberSource Risk Manager
CyberSource Risk Manager is powerful and flexible order decision/fraud
management software that enables customers to customize fraud rules based on
their specific product, industry, and environment variables. It
intelligently and efficiently routes transactions for processing or customer
service action and provides customers with the ability to adapt quickly to
emerging fraud trends.
The decision engine itself is built on standard Java 2 Enterprise Edition
(J2EE) technology and is currently deployable on the BEA WebLogic Platform
or IBM WebSphere Application Server. Back-end database connectivity is
provided through the Java Database Connectivity (JDBC) application
programming interface, an integral part of the J2EE standard. Currently
supported databases are Microsoft SQL Server and Oracle RDBMS.
The architecture is extensible through a standards-based XML developer API,
allowing our professional services organization or the customer to build
custom plug-ins that can communicate with other external data sources. These
data sources can provide additional information about the customer’s order,
allowing more flexibility in determining associated risk. Standard plug-ins
available from CyberSource connect Risk Manager to all of our hosted
services, to the CyberSource Payment Manager, as well as third-party
services.
Platform Options
CyberSource solutions are made available to customers through hosted
services, enterprise software, or a combination of the two. Merchants that
wish to outsource processing to CyberSource use our hosted services.
Merchants that desire to maintain processing internally and establish
connections directly to processors use our enterprise software. Both
platforms are augmented by CyberSource Professional Services, which provides
consulting, design, integration, and optimization services.
Over 3,000 customers use our hosted transaction processing services. Key
attributes of our hosted services include redundancy of networks and data
centers, strict security, and high capacity. During 2003, Visa renewed
CyberSource’s certification in the Visa Cardholder Information Security
Program and we received Visa International’s Account Information Security
compliance certification.
CyberSource packaged software offerings consist of CyberSource Payment
Manager and Risk Manager. CyberSource Payment Manager connects the
merchant’s business systems with a variety of payment processors. Users of
CyberSource Payment Manager 5.0 and higher can access CyberSource Connect,
an option that enables merchants to leverage our direct connections with
payment processors’ networks. Risk Manager is our enterprise software
product for risk management. Risk Manager provides a central software
platform for order process management, enabling merchants to automatically
determine whether to accept, review, or reject incoming orders.
CyberSource Customers
CyberSource’s customers range from small sole proprietorships to some of the
world’s largest corporations. Merchants that have high sales volume
generally demand the greatest range of payment options and the most
sophisticated risk and management tools. These merchants often sell in
multiple countries and require support for local currencies and local
payment options. High volume merchants also need to integrate payment
processing with one or more internal business systems. Due to the complexity
of payment solutions required by larger merchants, these merchants are the
most likely candidates for CyberSource Professional Services. CyberSource
aims to provide these high volume merchants with the most complete set of
payment and risk management services to help maximize online sales
opportunities, minimize exposure to risk, and control operating costs.
Smaller merchants generally seek simplicity and ease of use. CyberSource
addresses that need with bundled services and integrations into popular
online shopping cart software, while bringing to the small business market
some of the advantages of CyberSource’s enterprise-level services, including
important new payment options such as electronic checks and PayPal, built-in
fraud protection, reliability, and high-quality customer support.
Market Characteristics
In 1997, Forrester Research estimated the total U.S. online consumer market
to be $2.4 billion. Their total estimate of U.S. business-to-consumer online
sales for 2003 is $96 billion, a six year compounded annual growth rate of
84%. Forrester estimates U.S. eCommerce revenues for 2004 and 2005 will be
$123 billion and $149 billion, respectively. Online sales in Europe are
growing at an even faster pace. Forrester estimates for eCommerce revenues
in Europe are $58.8 billion in 2003, $90.3 billion in 2004, and $127.4
billion in 2005, all in U.S. dollars. These growth figures contrast markedly
with an economic downturn that has dominated other segments of the business
environment for the last three years. Though eCommerce sales represent only
1.5% of sales by U.S. retailers, that number is growing by 27% per year, far
faster than the 11% growth rate of traditional in-store credit card
purchases.
As the online commerce market has grown, business requirements and attitudes
about electronic commerce have evolved. What began as an online sales
experiment for many organizations has become a strategic component of their
business plan. Although credit cards have long been the dominant payment
method available to online purchasers, alternative consumer preferences and
cultural preferences have impacted the global payment environment. A wide
spectrum of payment options, such as debit cards, electronic checks, stored
value certificates, and online payment innovations such as PayPal are
emerging worldwide. During 2002 and 2003, we experienced a noticeable trend
among some of our large U.S. customers seeking greater and more ready access
to international markets, especially Europe. Conducting online commerce
internationally involves supporting more payment types, currency
conversions, new payment processors and mitigating higher fraud risk.
The growth of eCommerce has also resulted in more complexity to internal
business processes. Online fraud has evolved into an organized and systemic
threat to online merchants. The latest “CyberSource Fraud Survey,” sponsored
by CyberSource and conducted by Mindwave Research in October 2003, concluded
that online sellers expected fraudulent transactions to diminish revenues,
on average, by 1.7% in 2003. Though that represents an improvement in the
direct cost of fraud from 3% in 2002, our data shows that the overall cost
of fraud, including higher costs of fraud management and the rejection of
good orders, has risen. Online merchants are giving increased focus to
meeting regulatory requirements in areas such as collection of sales taxes.
U.S. merchants are gradually moving toward adding sales tax to their online
orders as state and local governments focus on this revenue source. New
European Union regulations adopted in July of 2003 require that all online
sellers of digital goods collect the applicable value-added tax for sales in
the European Union. As the volume of
|
|
