September 17th, 2014 by Elma Jane

Host Card Emulation (HCE) offers virtual payment card issuers the promise of removing dependencies on secure element issuers such as mobile network operators (MNOs). HCE allows issuers to run the payment application in the operating system (OS) environment of the smart phone, so the issuing bank does not depend on a secure element issuer. This means lower barriers to entry and potentially a boost to the NFC ecosystem in general. The issuer will have to deal with the absence of a hardware secure element, since the OS environment itself cannot offer equivalent security. The issuer must mitigate risk using software based techniques, to reduce the risk of an attack. Considering that the risk is based on probability of an attack times the impact of an attack, mitigation measures will generally be geared towards minimizing either one of those.

To reduce the probability of an attack, various software based methods are available. The most obvious one in this category is to move part of the hardware secure element’s functionality from the device to the cloud (thus creating a cloud based secure element). This effectively means that valuable assets are not stored in the easily accessible device, but in the cloud. Secondly, user and hardware verification methods can be implemented. The mobile application itself can be secured with software based technologies.

Should an attack occur, several approaches exist for mitigating the Impact of such an attack. On an application level, it is straightforward to impose transaction constraints (allowing low value and/or a limited number of transactions per timeframe, geographical limitations). But the most characteristic risk mitigation method associated with HCE is to devaluate the assets that are contained by the mobile app, that is to tokenize such assets. Tokenization is based on replacing valuable assets with something that has no value to an attacker, and for which the relation to the valuable asset is established only in the cloud. Since the token itself has no value to the attacker it may be stored in the mobile app. The principle of tokenization is leveraged in the cloud based payments specifications which are (or will soon be) issued by the different card schemes such as Visa and MasterCard.

HCE gives the issuer complete autonomy in defining and implementing the payment application and required risk mitigations (of course within the boundaries set by the schemes). However, the hardware based security approach allowed for a strict separation between the issuance of the mobile payment application on one hand and the transactions performed with that application on the other hand. For the technology and operations related to the issuance, a bank had the option of outsourcing it to a third party (a Trusted Service Manager). From the payment transaction processing perspective, there would be negligible impact and it would practically be business as usual for the bank.

This is quite different for HCE-based approaches. As a consequence of tokenization, the issuance and transaction domains become entangled. The platform involved in generating the tokens, which constitute payment credentials and are therefore related to the issuance domain, is also involved in the transaction authorization.

HCE is offering autonomy to the banks because it brings independence of secure element issuers. But this comes at a cost, namely the full insourcing of all related technologies and systems. Outsourcing becomes less of an option, largely due to the entanglement of the issuance and transaction validation processes, as a result of tokenization.

 

Posted in Best Practices for Merchants, Credit Card Security, EMV EuroPay MasterCard Visa, Near Field Communication, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 29th, 2014 by Elma Jane

A point-of-sale facial recognition system that uses NFC to help combat card fraud has been created during a recent company hack-a-thon, together with a group of engineers and designers from Logic PD. Hackathon was an opportunity for experts to explore the possibilities of useful solutions to today’s challenges, with the recent significant breaches in security at leading retailers, the need for this type of solution is particularly meaningful.

The solution, is a multi-modal security platform for card purchases, uses NFC authentication combined with camera imaging to protect users. When users make a mobile payment at the point of sale, the kiosk snaps a picture of the purchaser. This image can be incorporated via the cloud into the user’s digital transactional record, which was stored and distributed via SeeControl in this example, allowing users to identify who made each purchase, and easily identify those that are fraudulent even before banks and financial institutions.

Posted in Credit Card Security, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , ,

May 19th, 2014 by Elma Jane

Keeping your business’s finances in order doesn’t have to take all day. Bookkeeping is a necessary for small business owners, but it’s a time-consuming chore.

If you use QuickBooks for payroll, inventory or keeping track of sales, there are several timesaving shortcuts you can utilize to make bookkeeping easier.

Time-saving tips for getting the most out of QuickBooks in the least amount of time. Help  you spend more time building your business and less time using QuickBooks.

Download data whenever possible. Even after factoring in initial setup time, downloading banking and credit card activity directly into QuickBooks is a huge time saver. Doing this will minimize the chance of human error and enable you to record activity faster than if you did it manually.

Make the Find feature your friend. Using the Find feature is the most efficient way to locate a particular invoice in QuickBooks. Those who usually open the form and click Previous until the form appears on the screen know how tedious this process can be. The Find tool will search for almost any transaction-level data, depending on your filters.

Memorize transactions. QuickBooks has the capability to memorize recurring transactions (invoices, bills, checks, etc.) and set them for automatic posts daily, weekly, monthly, quarterly and annually, eliminating the need to enter the same transaction into the software every month.

Use accounts payable aging. Use this feature for a snapshot on who you owe money to and manage your cash flow more efficiently.

Use accounts-receivable aging. Use this feature for a snapshot of information on who owes you money, how much you are owed and how long the individual has owed you.

Use classes. Classes can be very helpful to track income and expenses by department, location, separate properties or other meaningful breakdowns of your business.

Use QuickBooks on the go with remote access. Remote-access methods include QuickBooks Online, desktop sharing and QuickBooks hosting on the cloud, which allows you to take the program on the go and make changes no matter where you are.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , ,

May 9th, 2014 by Elma Jane

Email is an indispensable part of running any business, it is so important. It’s often the best  and least intrusive way to communicate with employees, colleagues and collaborators. Not all email platforms are equal, it’s important to choose one with the right email service and  features your business need, also to avoid overpaying for features that you don’t need.

Factors to consider before settling on an email platform for your business.

Bonus Features

Once you’ve found an email service that covers all the basics, check for additional features that can boost your productivity. Some platforms such as Gmail and Outlook includes integrated video chat. That means you can use a single service for both exchanging messages and meeting remotely, making your day-to-day operations simpler and more efficient. Some email platforms also include instant messaging functionality. Instant messaging is better than email for real-time discussions, since you can exchange numerous short messages in rapid succession. Sending an instant message may be preferable to sending an email if the content of your message is not that important

Collaboration Tools

Good business email platform makes it easier for you to work together with your employees or colleagues. The best platforms include tools to help you collaborate. Services such as Gmail and Outlook include a built-in-calendar as part of your email inbox, in a few simple steps you can share your calendar with others so they can view and edit it on the fly. That can really help with planning and collaboration. Email threading is another feature that can help you work together with colleagues. Threaded emails make it easier to follow long exchanges because replies appear one after another in a single thread, instead of being spread throughout your inbox in the order they were received.

 Free or Paid??

One thing you can’t get with a free Web mail service is the ability to use your brand’s name as part of your email address. Registering for a free Gmail account gives you an email address like [username]@gmail.com; but by subscribing to Google Apps for Business, you can secure an email address that reads [username]@[yourbusiness].com. In most cases, you’ll need to already own your own Web domain in order to use it as part of your email address, but registering a domain can cost as little as $10 per year. Services such as Microsoft Office 365, give you your own domain name without the need to pay additional hosting fees.

Security

Whether you pay for email or use a free service, you’ll want tight security for your business inbox especially if running your business involves the exchange of private client data and other sensitive data can be attached to your email account, such as bank account numbers and tax returns. Even more than with your personal email, it’s important to keep cyber criminals out of your business account. Before settling on an email service, check for common-sense security measures such as spam and phishing filters. Support for two-factor authentication is also important. The feature helps keep outsiders out of your inbox by requiring users to have two pieces of information to sign in. The first is your regular password and the second is a freshly generated code sent to either your mobile phone or a second email address. Other security features to check for include built-in antivirus measures to keep malware off your computer, which is especially important if you download a lot of attachments. Whether or not it’s important for you (and any employees) to have a branded email address is ultimately up to you. An email address that includes your own domain name can potentially boost the perceived credibility of your business. On the other hand, a generic email address might be fine for the smallest businesses, especially if you are a sole proprietor.

Storage Space

A branded email address isn’t the only advantage of a paid email service. Paid platforms offer plenty of other perks, such as expanded cloud storage for email and other files. Many free email services offer limited storagespace, forcing you to delete messages when your inbox gets full. If you run a small business that relies heavily on email and you prefer to archive messages rather than delete them, your inbox can fill up in a hurry. By subscribing to a paid service, you can gain access to a much bigger inbox. There are a few other related concerns to consider. The maximum size of an email attachment varies widely between different services, with some services capping attachments at 10GB and others letting you send huge files up to 300GB or more, as long as the file is already uploaded to the cloud.

Posted in Best Practices for Merchants Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

May 6th, 2014 by Elma Jane

Mobile commerce platform provider ROAM, an Ingenico company has expanded its mPOS solutions to include chip-and-PIN acceptance with the RP750x mobile card reader. The reader allows mPOS players to get to market quickly with their own custom-branded solution, providing merchants with a powerful set of features that include device and fraud management, remote application configuration, and an mPOS application that can be localized for any language and currency in any country. Features include: Backlit display, EMV PIN pad, magnetic stripe reader, NFC reader and smart card reader. Configurable through the cloud, enabling direct shipment from factory to any country. Connects with smartphones, tablets and feature phones via Bluetooth or audio jack. Customizable for branding and form factor. Just Slightly larger than a credit card, a compact form factor. PCI PTS 3.1 with SRED, EMV Level 1 and 2, Visa-ready (Compliant with the latest industry standards).

Posted in Best Practices for Merchants, Credit Card Reader Terminal, e-commerce & m-commerce, EMV EuroPay MasterCard Visa, Financial Services, Mobile Payments, Mobile Point of Sale, Near Field Communication, Payment Card Industry PCI Security, Point of Sale, Smartphone, smartSD Cards, Visa MasterCard American Express Tagged with: , , , , , , , , , , , , , , , , , ,

April 11th, 2014 by Elma Jane

A new standard that uses Host Card Emulation (HCE) was introduced by VISA to enable financial institutions to securely host Visa accounts in the cloud. Visa’s move to support HCE includes tools and services as well as the standard. It is available now and will include support for QR codes and in-app payments in the future.

With this new service and platform that Visa is developing, it will enable clients and partners to issue Visa accounts digitally in the cloud, on secure elements in smartphones, or linked to a digital wallet. The solution will also enable the issuance of payment tokens that will replace the 16-digit payment account number and can be limited for use with a specific device, merchant or payment channel.

Layers of security will deploy by Visa to protect payment accounts in the cloud, including at the Visa network, application and hardware levels. Device fingerprinting technology, one-time use data, payment tokens and real-time transaction analysis will make up a multi-layered defense against unauthorized account access for their services.

Visa has intensified its Visa PayWave contactless payment application and is introducing a new implementation guidelines, program approval process standard and requirements for their standards.

Visa is also developing a tool, its software development kit (SDK) to support clients who wish to develop their own cloud-based payment applications or want to enhance their existing mobile banking applications with Visa PayWave functionality.

HCE is introduced to make it easier for developers to create NFC applications like mobile payments, loyalty programs, transit passes, and other custom services. Visa’s move to enable NFC payments with Android devices is welcome news and will guide the way for the payments industry.

Clients and partners around the globe are continuously looking for cost efficient, flexible and secure ways to enable mobile payments. The Android HCE feature provides with a platform to evolve the Visa PayWave standard, support the development of secure, cloud-based mobile applications, while at the same time offer greater choice.

Posted in Best Practices for Merchants, Credit card Processing, Credit Card Security, Electronic Payments, Financial Services, Merchant Services Account, Mobile Payments, Mobile Point of Sale, Near Field Communication, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 30th, 2013 by Elma Jane

Future of Marketing Lies in Mobile Payments…Why?

Marketing and payments might seem like strange bedfellows to the average retailer, but in fact, they are converging rapidly to bring more value to consumers and merchants alike. Here are 10 reasons why the future of marketing is inextricably linked to payments innovation:

1. Cross-Platform Acceptance

Better yet, these targeted offers can be acquired and redeemed through different mediums…online, offline and mobile…and utilized interchangeably. This makes life easier on the consumer and thus makes them more likely to engage with new loyalty and rewards programs. Moreover, as the Internet and mobile solutions continue to merge, the digital “wallets” that many of us use online today (think PayPal) are, logically, moving to our phones. When these payment and marketing applications are accessible from the same device, customers can seamlessly receive pertinent offers and pay for goods at the same time in the same place. Other apps will give consumers the ability to shop in one medium and buy in another, simplifying omni-channel marketing to affect commerce across all channels. This kind of convenience and value is a win for both customer and merchant.

2. Loyalty and Rewards get Simpler

The reality is that it’s much easier to issue and redeem loyalty rewards, gift cards and discounts when they are integrated into the POS experience and don’t require customers or merchants to alter the existing in-store purchase or checkout stream. You can see these simplified applications already in practice at chains like Starbucks, as well as independent merchants that use systems like LevelUp.

3. Merchant adoption

The payment technologies that succeed will be the ones that are ultimately adopted by merchants, which in turn will lead to consumer usage. Key technologies that will likely facilitate widespread adoption of mobile payments…either proactively because merchants want to see what they can offer them, or passively as they upgrade devices…include:

EMV (chip and pin), which will force merchants to update their POS systems, likely catalyzing them to update all points of interaction.

NFC – Cloud Computing – Geofencing – QR Codes and even Basic Bar Codes

4. More Value for Consumers

And for consumers, the convergence of payments and marketing should deliver highly valuable deals, offers, comparisons information and more, ultimately providing drastic improvement of the buying and shopping experience.

5. More Value for Merchants

So what does this value look like? For merchants, the convergence of payments and marketing should bring in new customers, increase sales from existing customers, and provide more customer data. It should also create a more streamlined multi-channel experience so consumers have little barrier to adoption.

6. No Single Technology will Win

These new technologies introduce an interesting question: What should merchants do to prepare for this brave new world where payments and marketing collide? For one, merchants should avoid betting on any one technology. In fact, the POS needs to morph into something a little more complex, becoming instead a POI, where a broad variety of payment types, loyalty programs, coupons and more can be redeemed. Merchants should be in a position to choose what types of payment they want to accept and in what medium, and not be limited to fixed payment tenders.

When the convergence of marketing and payments will happen

The increasing adoption of mobile payments by merchants and consumers, when combined with new POS environments, will jump-start the convergence of marketing and payments. However, we’re still in the early stages.

Mobile commerce technologies are widespread but still working to gain traction from consumers en masse. Additionally, merchants haven’t yet felt the need to upgrade their POS systems to accept mobile payments

However, the October 2015 EMV Liability Shift, a date set by Visa and MasterCard for certain charge-back liabilities to fall to the merchant unless they have upgraded to EMV-capable POS systems, is likely to push merchants to upgrade their systems.

Once merchants begin to upgrade these POS systems, the smart ones will take the opportunity to add more features and functionality to the systems, including the ability to accept payment…and marketing-driven solutions from mobile handsets. That’s when we’ll see the value of two-way communication between merchants and consumers dramatically change the shopping experience and bring payments into the marketing mix.

7. Smartphone Adoption is Speeding Up

Consumers’ mobile phones are already equipped to deliver highly valuable offers, and adoption is increasing at a rapid pace. Smartphones bring with them new app technologies that include not only mobile payments but also loyalty and rewards programs that are designed to drive preference for stores, good and services.

8. Targeted Offers and Single-Use Applications

Of course, these solutions are still in their infancy. Elegant single-use applications, such as mobile wallets and gift cards, will soon grow to provide highly targeted offers that take into account everything from shopping preferences to location, providing incentives as a customer walks the aisle of a store. Just about every player in the payments ecosystem is thinking about these new commerce technologies. The winners will be those that demonstrate clear value for both the merchants and customers.

9. The “POS” is now a “POI”

A point-of-sale (POS) solution used to be a place where goods were purchased and money traded hands. Usually, this took the form of a cash register or credit card machine. Though these still exist, a wave of new value-added marketing services, such as targeted offers, discounts and highly valuable loyalty applications, have led to the transformation of the POS into a point-of-interaction (POI), a place where consumers and merchants meet to exchange value for value.

10. Two-way communication

When embedded in smartphones, new technologies…like near-field communication (NFC), QR codes, geofencing and cloud authentication solutions…allow for two-way communication between the consumer and the POS solution, enabling merchants to deliver coupons and offers directly to customers’ mobile phones through targeted integrated programs.

Posted in Digital Wallet Privacy, e-commerce & m-commerce, Mobile Payments, Mobile Point of Sale, Smartphone Tagged with: , , , , , , , , , , , , , , , , , , , , ,