Aug
20
2015
Converge
August 20th, 2015 by Elma Jane

Posted in Best Practices for Merchants Tagged with: , , , ,

Sep
04
2014
September 4th, 2014 by Elma Jane

EMV, which stands for Europay, MasterCard and Visa, and is slated to be mandated across the United States starting in October 2015 and automated fuel dispensers have until October 2017 to comply. Unlike magnetic swipe cards, EMV chip cards encrypt data and authenticate communication between the card and card reader. Additionally, chip card user is prompted for a PIN for authentication.

Why are those dates important? Companies lose $5.33 billion to fraud today, with card issuers and merchants incurring 63 and 37 percent of these losses, respectively. Under the EMV mandate, merchants who do not process chip cards will bear the burden of the issuer loss. By accepting chip card transactions, merchants and issuers should see a reduction in fraud.

Overcoming Barriers to EMV Adoption

Given the significant barriers to EMV adoption, it may be tempting for merchants to meet minimum requirements for accepting EMV payments. However, medium to large retailers should also consider the bigger picture of customer security and peace of mind.

Some key critical success factors for a payment initiative of this size include:

Business Continuity Architecture: As with all payment systems, it is imperative to have the EMV system running at all times. The solution should preferably have Active-Active architecture across multiple data centers and have a low Recovery Point Objective (the point in time to which the systems and data must be recovered after an outage).

Cost Benefit Analysis: Take a top down approach and decide accordingly on the scope of the analysis. This will ensure that decisions on scope are made on basis of quantitative data and not just qualitative arguments.

Phased Approach: To overcome time or cost overage in a project of this scope and complexity, retailers should try using an iterative approach for development. The rollout can be divided into multiple releases of six to seven months, which will provide the opportunity to review, capture lessons learnt, and improve subsequent releases.

Proactive Monitoring Alerts: Considering the criticality of business function carried out by EMV, tokenization and payment gateway, a vigorous supervising environment must be defined to perform proactive and reactive monitoring. It should take into consideration the monitoring targets, tools, scope and methods. This will provide advance visibility to the failure points and better ensuring maximum system availability.

Resilience Testing: Typically in a software project, the testing is limited to the unit, integration, performance and user acceptance. However, due to the critical nature of the applications and systems involved, robust resiliency testing is vital. This will ensure that there are no single points of failure and the system remains available when running in error conditions.

Stakeholder Identification: This is a key step to ensure that you have varied perspectives from all departments and their support. It will keep your organization from being blindsided and reduce the risk of disagreements in later stages of the program. Key stakeholders should include Store Operations, Card Accounting, Loss Prevention, Contact Center and IT & Data Security.

Organizations should adopt a five step approach to implement a secure, robust and industry-leading payment solution:

Encryption – Point to point encryption will ensure card data is secure and encrypted from the point of capture to the processor. Usually, merchants use data encryption that is not point to point, rendering their organization vulnerable to data breaches. Software encryption is the most common form of encryption, as it is easily installed and quires little or no hardware upgrades; however, it is less secure, may expose encryption keys, and is prone to memory scanning attacks. Hardware encryption is considered more secure but requires more costly terminal upgrades. Hardware encryption is designed to self-destruct the keys if tampered, but is not well-defined as very limited headway has been made in this space. 

Tokenization – Build a Card Data Environment (CDE) that will host a centralized card data storage solution. Only limited applications with firewall access and capability to mutually authenticate via certificates can access CDE and receive card data. The rest of the applications will have tokens which are random numbers. This architecture will ease the merchant’s burden with existing and emerging PCI Data Security Standards.

Payment Gateway – Perform a risk assessment on the current payment gateway and identify gaps in functionality, manageability, compliance, scalability, speed to market and best practices. Determine the alternatives to mitigate the risks. Some of the important aspects of a leading payment gateway solution are support for all forms of credit, debit, gift cards and check transactions. Its ability to work with any acquirer, in-built encryption abilities, support for settlement and reconciliation must also be kept into consideration.

Settlement, Funding and Reconciliation – A workflow-based system to handle chargebacks and the automation of chargeback processing will greatly reduce labor-intensive work and enhance the quality of data used for settlement and reconciliation. Upgrades to the existing receipt retrieval system may be needed.

Card fraud is on the rise in the U.S., and merchants are the primary target for stealing information. With the EMV deadline just over a year away, the responsible retailer must take steps to prepare now. Although EMV implementation might seem overwhelming to merchants, they should start their journey to secure payments rather than wait for a looming deadline. Solutions such as data encryption and tokenization should be used in combination with EMV to implement a robust payment solution to better protect merchants against fraud. By proactively adopting EMV payment solutions, merchants can stay ahead of the regulatory curve and better protect their customers from fraud.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Payment Card Industry PCI Security, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Jun
04
2014
June 4th, 2014 by Elma Jane

Zavers, the online coupon program that was launched through Google 17 months ago, is just going to be one of those things that didn’t work out. Google announced yesterday that it is pulling the program, due to lack of interest. Zavers allowed users to clip coupons online and use them in-store. It was intended to help merchants’ build more targeted and effective loyalty and reward programs.

Zavers was basically a coupon program tied with the merchant point-of-sale system. The integration process with the POS systems were proving to be challenging and retailers were not too keen on sharing their data with Google.

Google has said it will continue to work closely with users through the transition away from Zavers and that it continues to move forward with greater focused on more successful areas of their initial entrance into payments such as product listing ads, Google Shopping Express and Google Wallet.

Posted in Uncategorized Tagged with: , , , , , , , , , , , , , ,

Apr
07
2014
April 7th, 2014 by Elma Jane

Integrate Cloud-Based Platforms

E-commerce businesses increasingly rely on cloud-based applications, such as hosted shopping carts, analytics platforms, cloud-based accounting, customer service tools, and more.

To operating smoothly, a merchant’s cloud-based apps should integrate with each other, to save time and to otherwise prevent data loss and ensure accurate reporting.

It’s important, therefore, to have an integration mindset when choosing and using software-as-a-service solutions.

Some tips:

Ask Around

As with evaluating any vendor for your company, go beyond the company’s website. Ask the vendor about other customers. Get references. Contact those companies and ask how the platform is working. Is it easy to set-up? Does it integrate seamlessly with other apps? How long does it take to transfer data from one app to the other? These are just some of the questions you need to ask when evaluating an app. Also check social media sites for any discussions pertaining to the program. Read what people are tweeting. Check relevant LinkedIn groups.

Check the Company’s Integrations Page or API

When evaluating a software-as-a-service (SaaS) solution, first determine if it integrates with the platforms that you’re already using. Pre-built integrations will save much time. Alternatively, if a company has an application programming interface (API), use it to integrate the app with your existing systems.

If you can’t find the integration you need or if you want to avoid the API option, contact the vendor directly and ask if it can make its platform sync with your existing solutions. Don’t underestimate the power of reaching out to your vendors.

Use Cloud App Integration Services

Another option is to use SaaS integration services. You have plenty of choices, depending on what you need to connect. If you just need to integrate two apps, like Dropbox to Gmail, for instance, you can use (IFTTT) If This Then That –  a service that lets you assign triggers and actions to each app through a drag-and-drop interface. When one program does something, it will automatically trigger another app to perform an action. For example, you can create a recipe wherein all your Gmail attachments are automatically saved to your Dropbox folder. IFTTT is free to use, to integrate up to 80 apps.

A similar service, Zapier, lets you do the same thing, but on a larger scale. It supports more than 250 applications, including Salesforce, Zoho CRM, Xero accounting, Campaign Monitor email, and more. Zapier is free for five integrations. It also offers Basic, Business, and Business Plus plans that cost $15, $49, and $99 per month, respectively.

IFTTT and Zapier work well to integrate two cloud applications. However, if you’re running a combination of cloud and on-premise applications, or if you have an ecosystem of apps and data sources that have to connect and exchange data, you need more sophisticated options.

That’s where services such as Dell Boomi and SnapLogic come in. Like IFTTT and Zapier, these solutions use a drag-and-drop interface, but at a larger scale. They connect multiple combinations of cloud and on-premise applications.

Use Free Trials

Always test-drive your apps or integration services. Most SaaS platforms offer free trials. Take note of user-friendliness, functionality, and observe how they function with programs you already have.

Posted in Best Practices for Merchants, Credit card Processing, e-commerce & m-commerce, Financial Services, Internet Payment Gateway, Payment Card Industry PCI Security, Small Business Improvement, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , ,

Oct
22
2013
October 22nd, 2013 by Elma Jane

American Express cardmembers can now use their accumulated loyalty points to pay for taxi fares in New York City through a partnership with VeriFone.

The programme will roll out on VeriFone’s in-taxi devices that process more than 200,000 payments a day in more than 7000 cabs throughout NYC.

Leslie Berland, senior vice president, digital partnerships and development at American Express, says: “With this announcement, we’re leveraging our unique technology to bring it to life at the most critical commerce touchpoint – the physical point of sale.”

The integration is currently limited to New York taxis, but it doesn’t take a great stretch of the imagination to see it expanded to include other VeriFone point-of-sale systems.

At the end of the ride, AmEx members who have chosen to pay by card will be given the option to use points for their ride fare, including tip and tolls.

Posted in Credit card Processing, Electronic Payments, Gift & Loyalty Card Processing, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,