Category: Mobile Point of Sale
September 20th, 2013 by Elma Jane
“Hardware”: Key to Mobile Commerce’s future
If you thought mobile commerce was about the cloud or software, proof to the contrary is mounting. In fact, four key moves by three big companies over the past week have provided more evidence that software and the cloud are taking a back seat to a significant force in mobile.
OTA VS. Device Access
Without security mobile commerce is dead in its tracks after the first major breach. Two basic elements: Access to mobile apps and over-the -air security. Both necessary but they play entirely different roles. Mobile apps have direct access to our lives. With them we can share our professional story, personal lives and of course move money around with mobile banking and mobile commerce apps. Therefore, ensuring that no one but YOU can access your apps is important. That is why you probably have myriad user names, passwords and PINs. This brings us to our first big hardware move.
Apple’s Touch ID
Apple introduces hardwarebased biometrics with its new Touch ID. Essentially the first commercially product available biometric button, combines the user request (pushing button) and the identity check (scanning the fingerprint) into one action.
Apple correctly presented this feature as an excellent for a personal identification number to activate the phone or complete an iTunes purchase.
Apple’s Secure Enclave
The “secure element” is essentially hardware and software that, when combined, function like a smartcard running on a part of the mobile phone that no other app can access. Apple announced that the highly sensitive fingerprint data from its Touch ID product would not be stored on a remote server, in the cloud or even in the iPhone memory. It will be stored in the “secure enclave” of its new A7 processor chip.
Difference between a secure enclave and a secure element? Probably little or nothing. We don’t know if Apple’s secure enclave uses smartcard technology, we know it is essentially hardware and software running on the part of it’s a& chip that no other app can access.
Posted in Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: Apple, commerce, mobile, secure, Security
August 30th, 2013 by Admin
According to a poll by OnePoll on behalf of I Love Velvet titled “Consumer Mobile Point-of-Sale (MPOS) Attitudes Report” over half of retail customers think cash registers are outdated. The poll found that 51% of Americans think the cash register could soon be gone altogether as retailers opt for mobile point of sale systems. Consumers seem to favor MPOS systems allowing the shoppers to check out from anywhere in the store and that they return more often to stores with modern electronic payment technologies. Thirty five percent cited they would shop more often at stores with mobile point of sale payment systems. An additional 17% said they would share their shopping experience via social networking sites and 35% report they likely would tell a friend or recommend stores with these technologies. Forty six percent say that stores that have mobile payment systems seem to be more tech savvy and even more (56%) praise the store for making the experience more convenient and secure. Retailers are struggling to modernize their payment platforms to cut down long lines at registers, and place staff on the floor for better customer access. “It’s a great opportunity for retail store owners to dip into the mobile point of sale arena” said Richard Delos Santos of National Transaction Corporation.
Mobile point-of-sale equipment and software manufacturers are stepping up to the security plate as they seek to pass PCI DSS and other security related issues. As new mobile kiosks and point of sale hardware and software evolve so do the security challenges used to thwart credit card fraud and identity theft. The challenge for point of sale system providers is to create an increasingly secure and convenient way for customers to make electronic payments in-store or on their mobile devices. iPads, iPhones and Android tablets are often used by curious shoppers to compare and contrast features, prices and availability, why not let digital wallets be used to close the transaction? The use and connectivity of these new devices mean more complex security measures are needed to thwart attackers, crackers, and hackers.
In the coming years everything from NFC, to fingerprint readers in smartphones and tablets and even QR codes will change the landscape of mobile payment transaction processing and things are beginning to heat up. An estimated $17 Trillion of mobile transactions are predicted by 2020 and security and adoption will reign king on the streets. It might be time to look into the security and features that a mobile point-of-sale system can add over any existing point of sale systems and cash registers. Mobility is a great tool for a sales force, but security and convenience for the customer is a necessity that will only grow in the future.
Posted in Credit Card Reader Terminal, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale Tagged with: Android, ipad, Iphone, mobile, MPOS, payments, point of sale, Processing, smartphone, tablet, transaction
August 16th, 2013 by Admin
Square credit card processing service was fined $507,000 by Florida’s Office of Finance Regulation for operating an electronic payment processing service without a money transmission license. Some may remember the same treatment in Illinois in March of this year. The order covers two years of operation and processing including Square Register, stored value and prepaid access credit card services.
Square was granted a money transmission license after it paid the fine via wire transfer and is now in compliance. Square neither admits or denies any wrongdoing. Although it’s an emerging field the Florida based fines show that adhering to state laws is a tricky situation that needs extra scrutiny on the processors end. Due to the state by state nature of the laws, credit card processing companies find themselves complying with each state’s independent regulation laws.
In a statement from Square.. “We worked with Florida to resolve our application and receive our license to operate as a money transmitter in the state, We look forward to continuing to help merchants across Florida grow their business with Square.”
Posted in Credit card Processing, Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: account, credit card, Florida, merchant, merchants, Processing, Square
August 16th, 2013 by Admin
Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of electronic transaction security standards published PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) 3.0 Change Highlights as a preview of the new version of the standards coming in November 2013. The changes will help companies make PCI DSS part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and transaction security as a shared responsibility with merchant account holders.
The seven-page document is part of the Council’s commitment to provide as much information as possible during the development process and eliminate any perceived surprises for organizations in their PCI credit card security planning. Specifically, the summary will help PCI Participating Organizations and the assessment community as they prepare to review and discuss draft versions of the standards at the 2013 Community Meetings in September and October.
Changes to the standards are made based on feedback from the Council’s global constituents per the PCI DSS and PA-DSS development lifecycle and in response to market needs. Key drivers for version 3.0 updates include: lack of education and awareness; weak passwords, authorization, verification and authentication challenges; third party payment security challenges; slow self-detection in response to malware and other threats; inconsistency in assessments.
“Today, most organizations have a good understanding of PCI DSS and its importance in securing credit card data during transactions, but implementation and maintenance remains a struggle – especially in light of increasingly complex business and payment technology environments,” said Bob Russo, PCI SSC general manager. “The challenge for us now is providing the right balance of flexibility, rigor and consistency within the standards to help organizations make payment security business-as-usual. And that’s the focus of the changes we’re making with version 3.0.”
Based on feedback from the industry, in 2010 the Council moved from a two-year to a three-year standards development lifecycle. The additional year provides a longer period to gather feedback and more time for organizations to implement changes before a new version is released. Version 3.0 will introduce more changes than version 2.0, with several new sub-requirements. Proposed updates include:
- Recommendations on making PCI DSS business-as-usual and best practices for maintaining ongoing PCI DSS credit card compliance
- Security policy and operational procedures built into each requirement
- Guidance for all requirements with content from Navigating PCI DSS Guide
- Increased flexibility and education around password strength and complexity
- New requirements for point-of-sale terminal security
- More robust requirements for penetration testing and validating segmentation
- Considerations for credit card data in memory
- Enhanced testing procedures to clarify the level of validation expected for each requirement
- Expanded software development lifecycle security requirements for PA-DSS application vendors, including threat modeling
Note that these updates are still under review by the PCI community. Final changes will be determined after the PCI Community Meetings and incorporated into the final versions of the PCI DSS and PA-DSS published in November.
The change highlights document with tables outlining anticipated updates is available on the PCI SSC website:https://www.pcisecuritystandards.org/security_standards/documents.php
The Council will host a webinar series for the PCI community and the general public to outline the proposed changes. To register, visit: https://www.pcisecuritystandards.org/training/webinars.php
“PCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, m-commerce, mobile acceptance or cloud computing,” added Troy Leach, PCI SSC chief technology officer.
PCI DSS and PA-DSS 3.0 will be published on 7 November 2013. The standards become effective 1 January 2014, but to ensure adequate time for the transition, version 2.0 will remain active until 31 December 2014.
For more information and to register for the 2013 Community Meetings, please visit:https://www.pcisecuritystandards.org/communitymeeting/2013/
About the PCI Security Standards Council
The PCI Security Standards Council is an open global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 650 Participating Organizations representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit: pcisecuritystandards.org.
Connect with the PCI Council on LinkedIn: http://www.linkedin.com/company/pci-security-standards-council
Join the conversation on Twitter: http://twitter.com/#!/PCISSC
Posted in Credit Card Security, Digital Wallet Privacy, Mobile Payments, Mobile Point of Sale, Point of Sale Tagged with: credit card, DSS, e-commerce, m-commerce, mobile, PA-DSS, PCI Compliance, Security, transaction
August 16th, 2013 by Admin
Facebook is doing early testing of a payment system to store credit card data and processes transactions through PayPal or other merchant service providers including Stripe or Braintree. Facebook would store credit card data for use in purchases in Facebook Gifts and games played on Facebook. The thought behind the move being that it makes it easier for people to make mobile transactions on third party apps giving strength to their advertising platform.
In a statement, Facebook said…
“We are working on a very small test that gives people the option to use their payment information already stored on Facebook to populate the payment form when they make a purchase in a mobile app. The app then processes and completes the payment. The test is designed to make it easier and faster for people to make a purchase in a mobile app by simply pre-populating your payment information. It will be a very small test with 1-2 partners. Additionally, this test does not involve moving the payment processing away from an app’s current payments provider, such as Paypal. We continue to have a great relationship with our payment processing partners, and this product is simply to test how we can help apps provide a simpler commerce experience.”
This marks a bold move whether or not Facebook is actually conducting the transaction itself. Higher conversion rates on their advertising for app developers and advertisers. Mobile Wallets have a proven success for the likes of Amazon, Apple and Google where repeat transactions are the norm. The move could signal that Facebook is looking to move further into e-commerce and digital transaction payments and to buy or build their own payment processing division. It’s also a signal that digital identity and verification could be on the horizon.
Combined with the data Facebook already knows about its users, the company could store things like clothing sizes, shoe sizes, travel itineraries, music or event preferences and much more. This could be a catalyst to send that data automatically to vendors at the point of sale. Things like email addresses are already shared to third party apps if you allow them to. Loyalty rewards might be offered to users to allow the data to be shared with vendors for deeper demographic information.
In addition to mobile payments, Facebook has experimented with virtual currency transactions with its Facebook Credits initiative. They exited the strategy because mostly because developers moved to other virtual currencies like BitCoin and LiteCoin. Recently Facebook Gifts lets users send one another physical gifts and presents a gift suggestion when it notifies users of a birthday. Pulling down the barrier and simplifying a complicated transaction could make it a boon to retailers looking toward mobile payment processing.
Posted in Digital Wallet Privacy, Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: digital, electronic, Faceboo, mobile payment, mobile wallet, PayPal, Stripe
August 13th, 2013 by Admin
MasterCard who has endorsed Google Wallet on the Sprint network will now endorse the ISIS network for mobile wallet solutions. Both Google and Sprint have not joined ISIS and it is interesting to see card issuers invest in both platforms. With Verizon, AT&T and T-Mobile in alliance with ISIS, could Sprint be next? Google? Well count Visa and MasterCard as Isis partners. After securing American Express both Visa and MasterCard will now have their credit cards available in Isis’ Wallet. What will be in your mobile wallet?
Many mobile wallet providers are looking at the various options for electronic transaction processing. Will NFC beat out all the others? It’s hard to say but with Apple having yet to release an iPhone model with the chip on board, it could be a yet unseen technology that wins out. QR Codes and Carrier billing are gaining traction for devices without NFC installed and SmartSD cards are coming equipped with NFC to extend devices that have a card slot available.
With device limitations, mobile wallets are still in flux. There are approximately 5 different types of mobile wallets today. There are digital bank accounts similar to prepaid credit cards offered by banks and mostly used for person to person or P2P payments. Mobile payment apps that link payment accounts like those offered by Starbucks or PayPal. Card containers like Apple Passbook store credit cards and loyalty rewards card information and can even fill in forms requesting that information. Similarly, Credential and Card containers store credit card and loyalty rewards but also store identity credentials.
True mobile wallets directly mimic a physical wallet and allow the customer to chose between various credit cards, debit cards even electronic benefits transfer or EBT cards at the point of sale. These wallets are typically app based for both iPhone and Android smartphones and tablets. These wallets can link account information to a point of sale terminal via NFC or other methods for a secure electronic transaction.
Branding and Banks
In recent times Visa, MasterCard and American Express signs at the point-of-sale was a branding element designed to instill confidence for the consumer. With digital wallets becoming the interface for payments, this branding may fade into the background. Yet payment card issuers find themselves in a precarious position. The big three are participating in multiple digital wallet programs in order to not be excluded. This early in the game there are multiple movers and shakers like Square, PayPal, Lemon, Google and now banks and cellular carriers getting into the game, no one knows who consumers and merchants will eventually prefer over the others. It’s like a wait and see game that forces them to play. As banks enter the arena they are favored to win because of the solid loyalty they enjoy from their customers. Though they may not be fair in other categories, they win the security of their customers.
Posted in Credit card Processing, Digital Wallet Privacy, Electronic Payments, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone, smartSD Cards, Visa MasterCard American Express Tagged with: American Express, Android, Apple, AT&T, google, Iphone, ISIS, MasterCard, PayPal, Square, Starbucks, T-Mobile, Verizon, Visa MasterCard American Express
