December 5th, 2013 by Elma Jane
Three key benefits mPOS can provide PSPs. mPOS:
1. Maintains A Continuity Of Operations
mPOS solutions also ease the process of accepting and approving payments, according to the white paper. By enabling face-to-face card present transactions, mPOS allows transactions to be conducted in a highly secure manner. Further, once the encrypted transaction data is decrypted securely by the PSP at the payment gateway (with no access granted to the merchant), the onward presentation of the data into the acquiring network is consistent with that used historically for traditional POS terminals.
2. Simplifies Merchant Support
Thales suggests the biggest benefit to PSPs is that mPOS reduces the variety of costs PSPs need to cover to support merchants, cutting expenses related to equipment, security and PCI DSS compliance. This, the white paper says, allows PSPs that utilize mPOS to better allocate resources toward handling higher transaction volumes and acquiring business.
3. Supports Both Magnetic Stripe and EMV Cards
Another benefit to PSPs is that mPOS, despite its recent entrance to the market, is already widely available. The white paper explains that since the mPOS revolution quickly migrated from the U.S. abroad, mPOS solutions now exist to serve the unique needs of both markets. While this means challenges for merchants operating globally, PSPs benefit from being able to address the needs of merchants who want to opt for any and all available market solutions.
Much has been said about the recent explosion of the mobile point-of-sale (mPOS) market and how micromerchants are driving this payments revolution. But, what this story doesn’t communicate effectively is that small merchants aren’t the only stakeholders benefiting from the ongoing mPOS migration.
Payment service providers (PSPs) are another member of the mPOS value chain that can gain flexibility and security through these solutions, new research from data protection solution provider Thales suggests.
“Both merchants and PSPs have operational and logistical issues with traditional POS terminals associated mainly with the highly controlled and certified environment in which they must be used,” Thales writes in its latest white paper on the topic, “mPOS: Secure Mobile Card Acceptance.”
The 27-page white paper provides an extensive overview of the ongoing POS revolution, explaining how mPOS can reduce friction and costs for merchants, illustrating how the technology works step-by-step and highlighting the roles that each stakeholder plays along the value chain.
Posted in Electronic Payments, Mobile Payments, Mobile Point of Sale, Payment Card Industry PCI Security, Point of Sale, Smartphone Tagged with: acceptance, acquiring network, card present, compliance, decrypted, DSS, emv cards, encrypted, face-to-face, magnetic stripe, merchant, micromerchants, migration, mobile card, mobile point of sale, MPOS, payment gateway, payment service providers, payments, PCI, POS, psps, secure, securely, Security, terminals, transactions
November 15th, 2013 by Elma Jane
November 7, 2013 – Payment Card Industry (PCI) Council’s recent acceptance of the world’s first Point-To-Point Encryption-validated solution is great news for both acquirers and merchants, and will aid in reducing merchant scope and increasing business security worldwide. If your P2PE know-how is a little spotty, here are the basics.
What is P2PE?
Point-To-Point Encryption (P2PE) is the combination of hardware and processes that encrypts customer credit/debit card data from the point of interaction until it reaches a merchant solution provider’s environment for processing. Because card data is immediately encrypted as the card is swiped (or dipped), it prevents clear-text information from residing on the payment environment. Encrypted card data is then transferred to, decrypted by, and processed through the solution provider processor who is the sole holder of the decryption key.
In a POS environment, merchants often store decryption keys on their backend servers. Bad idea. If a cybercriminal hacks into that environment, they not only have access to the encrypted card numbers, but the decryption key as well. Hacker jackpot. Many question the difference between P2PE and typical point of sale (POS) encryption.
The reason P2PE is arguably the most secure way to process is because merchants don’t have access to decryption keys. If a hacker breaches a merchant using a validated P2PE solution, he/she will only recover a long string of useless encrypted card numbers with no way to decode them.
Why use P2PE?
Basically, P2PE increases data security and has the ability to make a merchant’s job of reaching PCI compliance easier. The main point of using a P2PE-valiated solution is to significantly lessen the scope of security efforts through PCI Data Security Standard (DSS) requirement and P2PE Self-Assessment Questionnaire (SAQ) reduction. Compared to the 80+ questions required of mainstream merchant SAQs, the P2PE-HW SAQ only requires merchants to answer 18 questions.
Are all P2PE solutions created equal?
Answer is no. Many P2PE solution vendors claim their solution reduces scope, but in order for a merchant to qualify, they must select only P2PE-validated solutions listed on the PCI Council’s website.
To get P2PE solutions and applications listed on the approved website, solution provider processors must go through a rigorous testing process performed by a qualified P2PE Qualified Security Assessor (QSA). P2PE QSAs help entities thorough the 210-page document of P2PE requirements, testing procedures, and controls required to keep cardholder data secure – a task which only a few companies in the world can do.
As of this post, the only P2PE hardware solution approved by the PCI Council is European Payment Services’ (EPS) Total Care P2PE solution, validated by P2PE QSA SecurityMetrics. A number of other P2PE solutions are currently undergoing the review process and will be added to the list once approved.
Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Merchant Services Account, Payment Card Industry PCI Security, Point of Sale, Visa MasterCard American Express Tagged with: acceptance, acquirers, backend, cardholder, credit/debit, cybercriminal, data, decode, decrypted, decryption, DSS, encrypted, encryption, encrypts, hacker, hardware, key, Merchant's, p2pe, p2pe-hw, Payment Card Industry, PCI Council, point of sale, point-to-point, POS, process, processed, processes, Processing, processor, provider's, saqs, secure, solution, transferred, validated
October 18th, 2013 by Elma Jane
Verifone Ruby 2 POS
VeriFone Systems, announced today the availability of Commander Site Controller, the company’s next generation site management solution, and Ruby2 a touch-screen point of sale (POS) solution, both designed to provide greater efficiency, faster payment acceptance and new management capabilities that maximize profit potential for convenience store retailers.
Commander Site Controller is purpose-built for rugged c-store environments and combines site, payment and forecourt control in one device, creating additional flexibility in store configuration. Its future-proof system architecture includes expansion slots and ports for additional capacity and functionality. Additionally, Commander Site Controller features 100 percent IP communication for increased speed of EMV transactions.
Ruby2 is the next evolution of VeriFone’s Ruby POS platform, a 20-year leader in the petroleum industry. It features a fully-touchscreen console that increases checkout speed by providing fast and efficient order and payment processing, and a smaller footprint for increased counter space. Ruby2 is compatible with the latest VeriFone product offerings, including customer engagement media solutions, site management software to efficiently manage multiple locations seamlessly, and the latest in fuel control management.
VeriFone is taking petroleum retail and c-store operations to new heights of efficiency and manageability. These next-generation systems build on the success of Sapphire site controller and original Ruby POS systems with the ability to expand in order to meet customers’ future needs.
Commander Site Controller’s cloud based management software platform – Commander Console—enables owners to remotely and simultaneously complete PLU price changes, tax rate adjustments, fuel price changes and promotional updates in real time for multiple site locations from any web enabled device or mobile app for iOS and Android tablets and smartphones.
Ruby2 will be available this fall on certain networks while Commander Site Controller is available today on certain networks.
Posted in Credit card Processing, Electronic Payments, Mobile Point of Sale, Point of Sale Tagged with: acceptance, app, architecture, capabilities, capacity, command site controller, convenience, EMV, engagement, expansion, forecourt, iOS, management, mobile, networks, payment, plu, point of sale, POS, retailers, ruby 2, rugged, seemlessly, site, Smartphones, store, systems, touch-screen, touchscreen, transactions, verifone
October 17th, 2013 by Elma Jane
VeriFone and National Payment Card Association (NPCA) debuted a mobile payment and rewards solution that enables convenience store and petroleum retailers to provide customers with smartphone-based payment options at the pump.
Utilizing VeriFone’s Smart Fuel Controller and NPCA’s mobile payment solution, c-store and gas station operators with VeriFone payment acceptance systems can quickly implement a fixed low-cost mobile payment and rewards program built on existing infrastructure used for merchant branded debit cards.
Consumers are increasingly drawn to rewards-based fuel purchase programs and they expect to be able to use their mobile phone to complete transactions at the pump. NPCA and VeriFone are showing how easy it is for CSPs to offer mobile payment and reward options to customers that increase loyalty and sales.
VeriFone Smart Fuel solutions make it easy for CSPs to offer forecourt pump POS payment without incurring the cost of installing new dispensers. The Smart Fuel Controller combines pump and pay-point support into a single unit, simplifying installation and maintenance, and eliminating the need for third-party interface devices to integrate pay-point management with in-store POS systems.
Merchants can develop their own mobile app, or apply their brand to a mobile app supplied by NPCA, to enable customers to pay for purchases and receive loyalty incentives using their smartphones.
Consumers today would rather utilize the capabilities of their smartphones versus pulling out their wallets. Using this solution, retailers can easily and cost-effectively create mobile loyalty programs that attract and reward high-value customers – without having to replace their existing payment infrastructure.
NPCA’s debit-based payment programs provide retailers with the ability to drive customer loyalty and reduce the cost of payments. Fuel discounts are funded from interchange savings that retailers would otherwise pay to banks. Payment processing is done by NPCA using the automated clearing house (ACH) system to clear debits to cardholder checking accounts and net settle with retailers each day. The company holds five patents related to the processing and methods for ACH-based decoupled debit and mobile payments.
Come November VeriFone and NPCA mobile payments solution will be available for beta testing.
Posted in Electronic Payments, Mobile Payments, Point of Sale, Smartphone, Visa MasterCard American Express Tagged with: acceptance, ach, app, apply, cardholder, consumers, cost, debit cards, devices, infrastructure, interchange, interface, loyalty, merchant, mobile, pay-point, payment, payments, phone, POS, Processing, rewards, sales, smart, Smartphones, solution, transactions, verifone, wallets