September 4th, 2014 by Elma Jane
The move to mobile point of sale (mobile POS) is radically changing the face of customer interactions and payments, as both customers and merchants grow increasingly comfortable with the concept of mobile payments. In the current, crowded marketplace most mobile payment solutions are not compatible with each other. Instead of unifying the payment experience they create islands separated by technology or usage that are tailored to individual providers in the market. Multiple devices are currently needed in-store to process different payment types and the challenge is how they can make payments unified in such a way that only one device is needed in store.
The use of cash by customers also adds a level of complication to the mobile POS story. The removal of IDM terminals, removal of customer queues and ability for customers to simply walk up and pay an assistant or to leave a store and have their bank card automatically debited certainly suits the expectations of customers today, however a large number of customers still use traditional cash methods to pay for goods and services. A number of stores that have gone down the route of implementing mobile POS now have a problem dealing with cash because the wandering shop assistants and personal shoppers can only accept card or web-based payment options. The future for mobile POS has potential to be bright, a dominant player will have to emerge in the market. This will break down the technology barriers and usage barriers between different players. The success to mobile POS lies in the payment process being truly unified with one device in one place and very seamless workflow. This will be very complicated thing to achieve, there have been a lot of attempts and a lot of false starts in the history of mobile POS. MPOS will be the future. Five years from now people will be amazed that they did transactions with landlines. NO child will ever see a telephone with a cord attached. Never a popcorn on top of the stove since we developed microwave ovens. Technology changes, and we are slow to adopt new stuff. Once we change we don’t know how we did without it.
Posted in Best Practices for Merchants, Mobile Payments, Mobile Point of Sale, Point of Sale, Smartphone Tagged with: bank, card, cash, customer, devices, IDM terminals, Merchant's, mobile, mobile point of sale, MPOS, payment solutions, payment types, payments, point of sale, POS, provider's, services, technology, terminals, web-based payment
August 28th, 2014 by Elma Jane
Merchants are still using pedestrian passwords that crooks can easily break, security company Trustwave has found. Of the nearly 630,000 stored passwords that Trustwave obtained during penetration tests in the past two years, its technicians were able to crack more than half in just a few minutes and 92% within 31 days. Even though adding new information about weak passwords or ongoing malware investigations gets frustrating because the same problems facing the financial and payments industries persist, it does not surprise Trustwave researchers. For a lot of software or hardware developers, their main concern is availability of the service. They want to make sure their POS is available and running to accept credit cards, often at the cost of a lot of security controls. It is difficult to implement security and to do it correctly.
Trustwave recommends longer passwords with more characters, rather than shorter ones with letters and numbers. A longer password that is a phrase not easily figured out is better than a shorter, complex password. These findings have been added to an online version of the 2014 Trustwave Global Security Report. To accommodate the fast changing nature of security threats, Trustwave is regularly updating its research and making the information available to consumers and payments industry stakeholders on the company’s site. The criminals stealing data are a constantly moving target. It no longer made sense for those interested in our research to have to wait a year to see new statistics. Having access to updated security reporting should be helpful to merchants. They can see how trends are tracking over time, instead of constantly having to go online to see what is relevant to them or rely on the trade groups to keep them informed. This provides one switch to keep them in the know, so there is some value there and it’s a smart move on Trustwave’s part. Since the new Payment Card Industry security requirements call for security measures to be embedded in software development lifecycles, there is some utility in Trustwave’s new approach to sharing research information.
Trustwave said the trend of businesses detecting breaches continues to rise, with 29% of businesses doing so in 2013 compared to only 9% in 2009. Trustwave compiled that data from 691 post-breach forensics investigations conducted in 2013. The report also indicated e-commerce breaches are increasing, with 54% of all breaches targeting e-commerce sites in 2013, compared to only 9% in 2010. More regions, including the U.S., being in various stages of converting to EMV chip-based cards for card-present transactions fuels the criminals’ shift to e-commerce fraud. Additionally, the company is working with law enforcement officials after discovering a control center of eight servers behind what is being called Magnitude, an exploit kit of Russian origin that has led to thousands of attacks and millions of attempted malware attacks globally.
Posted in Best Practices for Merchants, Payment Card Industry PCI Security, Point of Sale Tagged with: breaches, card, card-present transactions, company, credit cards, data, e-commerce, EMV chip-based cards, financial, fraud, Global Security, hardware, industry, Malware, Merchant's, online, passwords, payment, Payment Card Industry security, payments, payments industries, POS, Security, servers, software
August 27th, 2014 by Elma Jane
Backoff malware that has attacked point of sale systems at hundreds of businesses may accelerate adoption of EMV chip and PIN cards and two-factor authentication as merchants look for ways to soften the next attack. Chip and PIN are a big thing, because it greatly diminishes the value of the information that can be trapped by this malware, said Trustwave, a security company that estimates about 600 businesses have been victims of the new malware. The malware uses infected websites to infiltrate the computing devices that host point of sale systems or are used to make payments, such as PCs, tablets and smartphones. Merchants can install software that monitors their payments systems for intrusions, but the thing is you can’t just have anti-virus programs and think you are safe. Credit card data is particularly vulnerable because the malware can steal data directly from the magnetic stripe or keystrokes used to make card payments.
The point of sale system is low-hanging fruit because a lot of businesses don’t own their own POS system. They rent them, or a small business may hire a third party to implement their own point of sale system. The Payment Card Industry Security Standards Council issued new guidance this month to address security for outsourced digital payments. EMV-chip cards, which are designed to deter counterfeiting, would gut the value of any stolen data. With this magnetic stripe data, the crooks can clone the card and sell it on the black market. With chip and PIN, the data changes for each transaction, so each transaction is unique. Even if the malware grabs the data, there not a lot the crooks can do with it. The EMV transition in the U.S. has recently accelerated, driven in part by recent highprofile data breaches. Even with that momentum, the U.S. may still take longer than the card networks’ October 2015 deadline to fully shift to chip-card acceptance.
EMV does not by itself mitigate the threat of breaches. Two-factor authentication, or the use of a second channel or computing device to authorize a transaction, will likely share in the boost in investment stemming from data security concerns. The continued compromise of point of sale merchants through a variety of vectors, including malware such as Backoff, will motivate the implementation among merchants of stronger authentication to prevent unauthorized access to card data.
Backoff has garnered a lot of attention, including a warning from the U.S. government, but it’s not the only malware targeting payment card data. It is not the types of threats which are new, but rather the frequency with which they are occurring which has put merchants on their heels. There is also an acute need to educate small merchants on both the threats and respective mitigation techniques.. The heightened alert over data vulnerability should boost the card networks’ plans to replace account numbers with substitute tokens to protect digital payments. Tokens would not necessarily stop crooks from infiltrating point of sale systems, but like EMV technology, they would limit the value of the stolen data. There are two sides to the equation, the issuers and the merchants. To the extent we see both sides adopt tokenization, you will see fewer breaches and they will be less severe because the crooks will be getting a token instead of card data.
Posted in Best Practices for Merchants, Credit Card Security, Payment Card Industry PCI Security, Point of Sale Tagged with: access, account, account numbers, anti-virus programs, authentication, Backoff, card, card networks, chip, credit, Credit card data, credit-card, data, data breaches, devices, digital payments, EMV, magnetic stripe, Malware, Merchant's, Payment Card Industry, payments, PCs, PIN, PIN cards, point of sale, POS, POS system, programs, Security, security standards, Smartphones, software, system, tablets, tokenization, tokens, transaction, Trustwave, websites
August 8th, 2014 by Elma Jane
Visa Inc., the global leader in payments, is helping U.S. fuel retailers prevent credit and debit card fraud at the pump with intelligent analytics that identify higher-risk transactions that may be fraudulent. Visa Transaction Advisor uses sophisticated analytics based on the breadth and scale of VisaNet data to flag the riskiest transactions by working with fuel companies to understand their needs, creating a new service that builds on Visa’s predictive analytics capabilities, providing fuel merchants with more intelligence to prevent fraud and improve their bottom line. While global fraud rates across the Visa payment system remain near historic lows, less than 6 cents for every $100 transacted – fuel pumps can be targets for criminals because they are often self-service terminals. The new solution, Visa Transaction Advisor (VTA), enables merchants to use real-time authorization risk scores to identify transactions that could involve lost, stolen or counterfeit cards. A pilot test of the new service showed a 23 percent reduction in the rate of fraudulent transactions – all without costly infrastructure upgrades or disruption of the customer experience.
How It Works
After a cardholder inserts the card at the pump, Visa analyzes multiple data sets such as past transactions, whether the account has been involved in a data compromise and nearly 500 other pieces of data to create a risk score. This allows merchants to identify those transactions with a higher risk of fraud and perform further cardholder authentication before gas is pumped. The time and costs associated with resolving fraudulent transactions can be substantial for both merchants and financial institutions and inconvenient for cardholders, which is one of the reasons why fraud prevention is critical. Visa’s solution is easy to implement, using existing message fields and formats as well as pump software or hardware to ensure minimal impact to merchants and acquirers. Several fuel merchants who piloted the technology over the last several months noticed a decrease in fraud, without negatively impacting their consumers’ experience. VTA as a tool help mitigate fraudulent transactions. A 23 percent reduction in the rate of fraudulent chargebacks during a pilot program in Los Angeles. This was done with minimal impact to the customer experience, making secure payment at the pump as convenient as possible. Providing fuel to millions of customers each month through approximately 15,000 service stations in the United States, said US Credit Card Operations Manager, from Shell, considering new solutions and technology it has to have a clear business benefit, be customer-centric and easy to implement. With no infrastructure investment, testing VTA as part of proactive fraud prevention tool-set to better identify fraudulent card activity earlier in the transaction cycle, without inconveniencing customers.
Visa Transaction Advisor is available to merchants through participating U.S. acquirers. Visa has partnered with Vantiv and is also working with other acquirers to offer the service to its fuel clients. Ease of implementation is a critical requirement whenever talking about a new merchant service. Visa Transaction Advisor builds on existing payment infrastructure, is easy to implement and flexible enough to allow customization by merchants.
Posted in Credit Card Security, EMV EuroPay MasterCard Visa, Visa MasterCard American Express Tagged with: account, acquirers, analytics, authorization, card, cardholder, counterfeit cards, credit, Credit Card Operations, customer, data, debit, financial institutions, fraud, higher-risk transactions, Merchant's, payments, Rates, retailers, terminals, transactions, visa, Visa payment, Visa Transaction, Visa Transaction Advisor, VisaNet, VTA
July 22nd, 2014 by Elma Jane
Facebook has begun testing a buy button which lets users purchase products advertised on the social network. Meanwhile, Twitter is also stepping up its commerce game, acquiring payments outfit CardSpring.
Facebook users on desktop or mobile can now click a buy call-to-action button on ads and page posts to purchase a product directly from a business, without leaving the social network. Users can pay with a card that Facebook already has on file or enter new details and save them for future use or have them forgotten. No payment details are shared with advertisers. So far, the system is only being tested with a few small and medium-sized businesses in the US.
Separately, Twitter is also looking to strengthen its commerce credentials, buying CardSpring for an undisclosed fee. CardSpring provides an API designed to make it easy for developers to link digital applications to payment cards. It is expected that CardSpring’s technology will help merchants offer discounts in tweets, with customers entering their card details so that when they make a purchase at a later date, the saving is automatically applied.
Posted in Uncategorized Tagged with: api, card, card details, CardSpring, customers, desktop, digital applications, discounts, link, Merchant's, mobile, network, payment cards, payments, product, purchase, technology, twitter
June 23rd, 2014 by Elma Jane
How online payments can help improve health care efficacy? 76 percent of providers said that it took more than one month to collect from a patient. However, patients have made it clear that they prefer to have the option of making payments online. Consumer responsibility is also increasing, but many providers still rely on paper-based, manual payment collection and posting processes. As a result of waiting for those payments, providers are spending more money and more time to collect, yet still accumulating a large amount of bad debt.
The majority of providers 76 percent did say that they offered the option of online payments to their patients. As providers and their clients increasingly rely on consumer payments for revenue, many have started to use more consumer-centered strategies, like payment plans, to collect payments. However, they will have to implement best practices and policies, including automating payments and communications and ensuring payment data is secure, to improve collection processes.
Posted in Uncategorized Tagged with: consumer, health care, online payments, payment data, payments, provider's
June 4th, 2014 by Elma Jane
Zavers, the online coupon program that was launched through Google 17 months ago, is just going to be one of those things that didn’t work out. Google announced yesterday that it is pulling the program, due to lack of interest. Zavers allowed users to clip coupons online and use them in-store. It was intended to help merchants’ build more targeted and effective loyalty and reward programs.
Zavers was basically a coupon program tied with the merchant point-of-sale system. The integration process with the POS systems were proving to be challenging and retailers were not too keen on sharing their data with Google.
Google has said it will continue to work closely with users through the transition away from Zavers and that it continues to move forward with greater focused on more successful areas of their initial entrance into payments such as product listing ads, Google Shopping Express and Google Wallet.
Posted in Uncategorized Tagged with: (POS) systems, coupon program, data, google, Google Shopping Express, Google Wallet, integration, loyalty and reward programs, merchant point-of-sale system, Merchant's, online coupon program, payments, point of sale, POS, retailers
June 3rd, 2014 by Elma Jane
Apple announced new Touch ID API better known among the masses as fingerprint ID, which will allow app developers to use fingerprint authentication for mobile payments and other applications.
This means that in addition to protecting the mobile device itself, the technology can now be used also to secure individual applications on the device against unauthorized use. Customers could potentially use prints from different fingers to control different apps. For instance, right thumbprint for access to the device, left index finger for access to the mobile bank app within the device.
The new feature for third party software developers provides a logical progression for the removal of password protection across a range of applications, including payments.
Financial services providers who offer the convenience of a mobile application for their customers can now also offer said customers an additional layer of security for the information that application holds.
Posted in Credit Card Security, Mobile Payments, Smartphone Tagged with: app, Apple, bank, device, financial services, Financial services providers, fingerprint authentication, fingerprint ID, mobile, mobile application, mobile bank app, Mobile Payments, payments, Security, software, software developers, Touch ID API
May 9th, 2014 by Elma Jane
Facebook is apparently ready to become a person-to-person (P2P) money transfer network. The clear decision to launch a money transfer service in the region can be seen as a test bed for Facebook’s larger ambitions of becoming a payments hub for its 1 billion user base. Facebook was only weeks away from gaining regulatory approval in Ireland for its remittance platform FT quoted unnamed sources. Facebook’s P2P platform will be geared to facilitating migrant remittances, with the goal of expanding its payment presence in emerging markets such as India. Facebook makes the bulk of its revenue from advertising, but 10 percent of its profits reportedly come from in-game payments for online and mobile games, such as Zynga’s popular FarmVille.
From WhatsApp to what’s next
Facebook’s February 2014 acquisition of mobile messaging service WhatsApp for $19 billion clarified the social network’s strategy. The WhatsApp acquisition and the expected P2P network launch as part of the first phase of Facebook’s deeper immersion into payments.
Tech giants face up to payments
When comparing the payment strategies of tech giants Google Inc., Apple Inc. and Facebook, the latter two competitors as having bigger potential upsides than Google. Facebook and Apple (via iTunes) already have established financial relationships with millions of users who have attached funding mechanisms – debit and credit cards – to their social media accounts. As primarily a search engine, Google is playing catch up to persuade its users to set up Google Wallet accounts.
In May 2013, Google launched its own P2P network by integrating Google Wallet with Gmail accounts, so that wallet users can facilitate money transfers via email. More recently, reports have surfaced indicating Google plans to extend Google Wallet to its wearable technology solution Google Glass. But the success of such ventures rests on users’ confidence with Google as a financial service provider.
Facebook as having a brighter financial services future than Apple. Apple’s reach is limited to consumers who have iPhones and iPads, whereas Facebook is not tied to any branded mobile devices, it is a very ubiquitous offering. It could apply to anybody with any type of phone or tablet.
Eventually, tech companies like Facebook will need to partner with payment businesses in order to expand into the merchant-centric brick-and-mortar world. The mobile POS solution provider, a business unit of global POS terminal manufacturer Ingenico SA, would be an ideal partner for Facebook. If they extend what they do from P2P payments to more of a wallet purchasing capability for their users, then the next step could very easily be an extension of that into servicing the merchant side.
Posted in Financial Services, Mobile Payments, Smartphone Tagged with: Apple Inc.Facebook, consumers, credit cards, debit, device, financial service, financial service provider, Gmail accounts, Google Glass, Google Inc., Google Wallet accounts, ingenico, iPads, iPhones, iTunes, merchant-centric brick-and-mortar, migrant remittances, mobile, Mobile Devices, mobile games, mobile messaging service, mobile pos, mobile POS solution, mobile POS solution provider, money transfer, money transfer network, money transfer service, network, online, p2p, P2P network, P2P payments, P2P platform, payment businesses, payments, payments hub, phone, POS terminal, remittance, remittance platform, search engine, service provider, social media, social media accounts, social networks, tablet, wearable technology
May 6th, 2014 by Elma Jane
MasterPass in-app payments is this latest offering from MasterCard to address the specific needs of the digital ecosystem. With MasterPass in-app payments, MasterCard is creating great experiences for consumers across all channels and all devices, and enabling merchants to reach new consumers in ways not possible in the pre-digital world.
MasterPass an in-app payments enabling consumers to make secure purchases within a mobile app has been announced by Mastercard. MasterPass in-app payments eliminate the need to store payment card credentials across numerous mobile apps, providing consumers with a fast and simple payment experience.
MasterCard is also developing a framework to make all payments using MasterPass as or more secure than anything, ensuring that consumers can benefit from the highest possible levels of security.
MasterPass in-app payments extend the capabilities of the current browser-based MasterPass digital service into the mobile app environment, and provide consumers with one secure direct relationship with their bank. Apps with MasterPass embedded in them enable consumers to complete a purchase with as few as one click or touch on their favorite connected device without leaving the app environment. MasterPass in-app payments will be made available to developers and merchants beginning in Q2 of this year.
Posted in Best Practices for Merchants, Digital Wallet Privacy, EMV EuroPay MasterCard Visa, Financial Services, Mobile Payments, Payment Card Industry PCI Security, Smartphone, Visa MasterCard American Express Tagged with: card credentials, consumers, digital service, in-app payments, MasterCard, MasterPass in-app payments, Merchant's, mobile app, payments, pre-digital, Security
