Outsourced Switch Model Comes of Age

For years, large retail merchants have found it convenient to use what has been called the in-house switch method of processing credit card transactions. Today, there is strong evidence that an outsourced switch makes more financial sense and can, in many cases, provide a cost savings to the merchant.

The in-house system usually involves buying hardware, such as network servers and battery backup systems, and installing it at a central location that provides connectivity to the bank's chosen credit card processor. This is accompanied with the need to also purchase software to handle the transactions. Low 'per transaction' fees and the ability to maintain control of customer data for various marketing purposes were seen as primary advantages of the in-house switch.

Over time, required upgrades to software licenses and increased hardware needs to provide redundant connections to processors resulted in ever-increasing costs. These real costs of operation and ownership may not have been calculated or even considered when the in-house switch was installed. 

After Sept. 11, the government 'encouraged' the card associations to make credit card systems more secure. The end result was the PCI DSS (payment card industry data security standard) established in 2004. Since the establishment of PCI DSS, all merchants have been required to undergo either self-assessments or security audits to make sure that they meet the standard.

Don't Underestimate The Expense Of A Security Audit
Security audit costs can range from $500 to $1,000 per location, and much more than that for a centralized data center where a switch is physically located. Merchants with an in-house switch can pay audit costs in excess of $150,000 each year. This does not take into account the labor disruption and cost resulting from the time required to perform required self-assessments and internal audits.

Is an in-house switch worth the expense? Consider the alternative — an outsourced switch. As the name implies, an outsourced switch transfers responsibility from company-owned hardware and software to an external entity with its own switch system. The real difference between the two approaches is the large initial investment and escalating incremental costs associated with an in-house switch versus the 'pay-as-you-go' model of an outsourced switch.

Large retailers can benefit from the pay-as-you-go outsourced transaction model by bundling all the costs of a traditional switch into a single, per-transaction fee that amounts to just pennies per transaction. An outsourced switch also provides retailers with additional features such as transaction auditing, editing, archiving, retrieval, and reporting to better manage those transactions.

Merchants should be diligent in their selection of an outsourced switch. In the post-Sept. 11 world, security is paramount, and blame for the loss or theft of customer credit card data will be placed squarely on the merchant — not the vendor. Consequently, merchants should choose an outsourcing vendor that can adequately protect data against thieves and hackers.

An outsourced switch model should include tokenization technology that removes all the credit card data from the system. This technology enables a token to replace a credit card number in an electronic transaction. Tokenization essentially removes credit card data from the swipe, database, and Web environments, giving merchants the freedom to not process, store, or transmit the actual credit card data. When properly implemented, this system ensures that no useable credit card data will ever reside at the point of sale. In simple terms, thieves cannot steal what you don't have!