Signing Off On Signatures

Is the End of Credit Card Signatures Here?

ig-webfeat-mobym70-launch-643x483Credit card signatures are going away. You may have seen many articles delivering this news, and might wonder if it matters to you as a merchant. Ultimately, the decision on whether or not to accept signatures is up to you, so it’s important to understand the benefits of each option. In this article, I provide some insight into how and why credit card signatures are being phased out. Let’s start with the basics.

What’s happening?

Effective in mid-April, it will be optional for merchants to capture a signature on receipts in card-present retail transactions. This means that merchants won’t need their customers to sign any paper or digital receipts to complete a transaction. The rules vary by card brand, but they generally apply to transactions on the Visa, Mastercard, American Express and Discover networks.

This may raise several questions for merchants:

Why are card brands doing this?

The payments industry has been re-examining the value of signatures for several reasons.

Over half of card-present transactions are already being processed without signatures under small-ticket card brand programs. For higher ticket items, the original idea was that merchants could compare the signature on the card with the signature on the receipt to validate that the cardholder is the actual owner of the credit card. This put an unfair onus on merchants, as they are not handwriting experts, and customers often sign in a hurry on credit card receipts, making comparisons unreliable.

As technology advanced with options such as electronic signature capture and NFC/contactless on customer-facing devices, managing both paper receipts and digital signature images became cumbersome and problematic for merchants. Over time, it became clear that this unreliable and inefficient process was not meeting the needs for which it was intended.

How are the card brands implementing this?

Before we get into the “how” question, let’s look at what purpose these signed receipts have for both the customer and the merchant. The customer’s signature on receipts serves two functions:

1. For the consumer, it is an acknowledgement that the merchant’s receipt is accurate.

2. For merchants, the signed receipt provides “insurance” against a potential chargeback from the card issuer in cases where the consumer disputes the transaction.

All the card brands are implementing this in slightly different ways. American Express is removing signature requirement all over the world, whereas Visa is making it optional only in the U.S. on chip-enabled devices. Mastercard on the other, is only removing signature requirement from U.S. and Canada and Discover is eliminating signature requirements in U.S., Canada, Mexico and the Caribbean.

The card brands are also removing the ability for issuers to chargeback based solely on signature validation. Other chargeback reasons remain unchanged.

Can merchants still collect signatures if they want to or if needed for other business reasons?

Yes, merchants can still collect signatures if they need to for any other business reasons. Some merchants, such as lodging, car rental and dining businesses, as well as merchants that integrate sales contracts into their receipts, may choose to continue collecting signatures. However, they no longer have to accept them specifically for chargeback protection.

Do merchants have to change their payment applications?

In the long term, merchants should update their payment application to allow the option of not printing or displaying a signature line on receipts. In the short term, they can just tell customers they don’t need to sign.

4 Things to Do Before Starting a Business

4 Things to Do Before Starting a Business

eCommerce Solutions | AllcardUSA.net

Credit: Arseniy Krasnevsky/Shutterstock

Starting a business requires many steps, and it certainly doesn’t happen overnight. As an entrepreneur, you must be willing to dedicate most of your time to the process.

“The first thing to do when contemplating starting a business is to understand the commitment required,” said Todd Rhoad, managing director of BT Consulting and partner with Peachtree Recovery Services Inc.

To make sure you’ve covered all your bases before opening your doors, Business News Daily asked experts for their best advice on starting a business.

You want to make sure you understand the industry you’ll be involved in so you can dominate. No matter how unique you might think your business idea is, you should be aware of competitors, said Ian Wright, founder of British Business Energy.

“Just because you have a brilliant idea does not mean other people haven’t also had the same idea,” said Wright. “If you can’t offer something better and/or cheaper than your competitors, you might want to rethink starting a business in that area.”

You should also consider your target demographic, which will be the driving force in each decision you make. You can’t earn a profit without your consumers, so make them your priority.

“It is crucial to make sure you are delivering what your customer wants, not what you want,” said Sonia F. Lakhany, attorney at Lakhany Law. “This will give you insight into your customer’s buying decision and save you lots of experimenting down the road.”

One of the first steps you should take in starting your business is choosing its legal structure, said business attorney Mason Cole of Cole Sadkin LLC. According to Cole, the most common structure is a limited liability company (LLC) because of its flexibility and the protection it provides owners from personal liability.

“It will dictate the taxes, paperwork, liability of the owner(s) [and] other legal aspects, as well as whether or not the company can have employees,” he said.

Additionally, you should acquire proper registration from the government to open your business.

“This means the entrepreneur will need to create the articles of incorporation, obtain an employer identification number and apply for necessary licenses, which will vary by state and industry,” Cole added.

Starting a business requires money that you likely won’t have right away, which is why it’s encouraged to seek capital.

“Most entrepreneurs start a business with a very limited amount of capital, which is a large hurdle to many,” said Cole. “However, there are plenty of options available to a budding business owner. The first and most common place to seek capital is with friends and family. If that is not enough, expand the search to angel investors and venture capitalists. Should these options not provide the amount needed, then apply for business loans through banks and small business associations.”

You don’t want to start your business with poor credit. Make sure your score is as high as possible, considering it won’t be once you open your company.

“You will probably get into a lot of debt starting out,” said Marc Prosser, small business expert and co-founder of Fit Small Business. “So, you’ll have to be able to finance [your personal life] through your own savings. If your credit score isn’t so great, you’ll [only] be able to borrow less money at higher interest rates. If you want to start a business, increase your credit score so you have a [greater] ability to borrow as much as you need.”

Travis Sickle, certified financial planner of Sickle Hunter Financial Advisors, advised entrepreneurs to be organized with taxes and fees. There are multiple payments you’ll need to make, and you don’t want to file late for any.

“You have to figure out how much your payroll is going to be in order to make your tax payments timely,” said Sickle. “The timing can vary depending on your payroll. You also have to figure out other business taxes, such as city, county and state.”

Starting a business should not be an independent journey, no matter how tempting. Hiring help along your journey will set you up for success. Ben Walker, founder and CEO of Transcription Outsourcing, said that the No. 1 piece of advice he’d give business owners is to have a coach or mentor.

Another smart hire is an accountant. It’s nearly impossible for one person to handle every aspect of a company, and above all, your finances should not be put at risk.

“I had a full-time job as I considered starting my own business in 2009, but I did a lot of groundwork before I started, and bringing on an accountant was an important step,” said Sarah Burningham, president and founder of Little Bird Publicity. “It helped me understand what I needed to do to make this work from a profit standpoint, [as well as] the ins and outs of state, federal and local taxes.”

It’s important to have assistance on the legal side of the business especially, ensuring you are protected and going about the process the right way.

“We often make the assumption that legal counsel is for when we get ourselves into trouble, but preventative and proactive legal preparation can be the very best way to set your business on the path to long-term success,” said Katy Blevins, co-founder and CEO of Modern Femme. “When you call on legal counsel after you’ve run into a problem, it’s often too late or could critically impact your business in both the short and long term. Investing in their insight at the start of your business can pay a huge return later on by keeping you out of trouble before you even get into it.”

For a step-by-step guide to starting your business, visit this Business News Daily article.

Additional reporting by Business News Daily staff.

What Merchants Should Know About the UX Journey

Rik van ‘t Hof •  •

ingenico-rik-mobile-online.jpgIn the past, my family used to have a single computer that we all shared. My wife, kids and I used it for everything: doing homework, watching videos, catching up on work, etc. Now we all have our own devices, and it’s rare that my family members use my laptop or phone, and vice versa. Our devices aren’t communal anymore – they are personal, and have greatly impacted our individual user experiences.

eCommerce is getting personal

Roughly 60% of the global population now uses smartphones, a figure which rises to roughly 80% in some of the tech-savvy countries around the world. Technology is getting more personal, and by extension, so is eCommerce. Consumers are interacting with money in ways that never existed before. When combined with personalization and advances in financial technology, powerful opportunities arise for both businesses and consumers who want to connect in new ways.

It’s already possible to create accounts with certain supermarkets, order groceries online, and confirm your order with a thumbprint. The entire process can happen within minutes on your mobile phone, and the more often you use it, the more customized it becomes with relevant suggestions and personalized information. Now imagine a world where grocery stores can identify your shopping habits with such precision that they anticipate when you will run out of items in your home. Already today, Amazon’s Dash Replenishment Service enables your connected devices to monitor usage of basic staples and automatically orders them as needed.

These offerings may seem futuristic, but we are already getting close, thanks to some technological advancements:

  • Personalization – new technologies have led to a world where mobile devices can be used as an extension of the individual. Biometrics, such as thumbprints, iris scanning and even Apple’s enhanced facial recognition, all offer authentication possibilities that make purchasing quicker and easier.
  • Digital marketing and tracking technologies – companies can now gain a deeper understanding of their customers’ preferences and online behaviors. By analyzing data, companies can pinpoint what people actually want and develop more personalized offers and incentives. This in turn increases brand engagement, drives more mobile transactions and leads to higher conversion rates.
  • Social apps and social commerce – social apps have led to increased usage of mobile devices, especially among millennials. These platforms open up new channels for brands to engage with their customers and offer tailored product recommendations.

Consumer expectations keep evolving

Today’s consumers are using a combination of devices to make purchases, both in-store and online. In fact, a 2016 study showed that nearly 100% of millennial shoppers checked prices or compared merchandise on their smartphones before making in-store purchases during the holiday season.

Imagine that you buy something online from your favorite brand, but it doesn’t fit and you have to return it. In today’s world, you could either mail it, or go to a store and deal with the hassle of the checkout line. In the future, you might be automatically identified upon entering the store, and your phone could send you a notification with the location of the same item in a different size. Or perhaps you will place your thumb to the fitting room mirror and the item will be automatically purchased and sent to your home.

The bottom line is that brands need to be anywhere and everywhere their customers are and facilitate easy journeys across all touchpoints. On and offline borders are blending, and are rapidly changing consumers’ expectations of a good shopping experience. As we move closer to an omnichannel world, a smooth and consistent journey will be a big differentiator.

Nothing happens without trust

Retailers can now truly get to know their customers and create individualized purchasing journeys, but none of this is possible without a strong sense of trust between the customer and the company. Establishing trust, especially when it comes to online payments, is critical. People need to feel secure and confident that their personal boundaries won’t be crossed or their information misused.

Companies that create safe and trustworthy environments when asking for an online payment are much more likely to convert the sale than companies that don’t. This includes small but meaningful details, such as offering recognizable payment products, using branded URLs and activating familiar security measures, to reduce friction and build trust in the process. In fact, mobile money is actually quite safe compared to other payment methods.

Connect to future UX expectations

With so much opportunity to personalize the UX it’s surprising that so many online shopping carts are still regularly abandoned. In fact, only 37% of all transactions occur when customers browse across multiple devices, and only 31% of these transactions are actually completed on a mobile device.

The more customers use mobile devices to make purchases, the more likely they are to become repeat shoppers. Orders made with one or more mobile devices have shorter time-to-next-orders than PC-only orders. This means that as consumers continue to adopt mCommerce, their purchasing behaviors will grow stronger.

Although abandoned carts are still fairly common, potentially 60% of lost mobile sales globally could be recovered by merchants who make it easier for customers at the checkout stage. This includes offering local payment methods and currencies, being transparent about shipping costs and delivery times, and even including personalized messages and offers to recognized customers. Opportunities to expand mobile commerce abounds, especially as consumers become more assured of safety and buying experiences become more seamless.

The user experience matters more than many brands realize. As consumers, we are naturally inclined to interact more with companies we recognize and trust. Offering a smooth and engaging UX journey across all touchpoints – existing ones and future ones – is a powerful opportunity for businesses that want to exceed their customers’ expectations.

Rik van ‘t Hof, Director of Front-End Product Management, Ingenico ePayments

eCommerce Solutions | AllcardUSA.net

Signatures for Payments to Be a Thing of the PAST

Mastercard, Discover, AmEx will ditch signatures

Not scribbling your name will speed checkout, won’t affect card security

John Egan
Personal Finance Writer
Writes trendy stories about credit cards.


Signature on payment slips may be going the way of the dodod

You may not be jotting your name on payment slips and checkout terminals much longer. Mastercard, Discover and American Express plan to ditch the signature requirement at merchants April 2018, and experts say Visa likely will do the same.

  • Mastercard, which announced the move in October, says more than 80 percent of the in-store transactions (also known as point-of-sale purchases) it processes now don’t need a signature.
  • Discover said on Dec. 6, that it, too, would abandon the signature requirement. “With the rise in new payment security capabilities, like chip technology and tokenization, the time is right to remove this step from the checkout experience,” Discover’s Jasma Ghai, vice president of global products innovation, says.
  • American Express announced Dec. 11 that it will drop the signature requirement globally in April 2018.

Signatures are no longer necessary to fight fraud

“The payments landscape has evolved to the point where we can now eliminate this pain point for our merchants,” said Jaromir Divilek, executive vice president of global network business for American Express. “Our fraud capabilities have advanced so that signatures are no longer necessary to fight fraud.”

Jack Jania, senior vice president of strategic alliances at Gemalto, expects Visa also will follow Mastercard, Discover and American Express in ditching the need for signatures within a year.

If Jania’s prediction holds true, that would spell the end of a decades-old ritual for cardholders: scribbling your name on payment slips.

“This is a good move for both consumers and merchants, as it will speed up the in-store purchase experience,” Jania says.

And when might Visa join the no-signatures-required party?

Jeanette Volpi, head of North America communications at Visa, declined to say. She added, though, that more than three-fourths of Visa’s face-to-face transactions in North America don’t require signatures.

“Visa supports multiple technologies to bring speed, security and consumer convenience to the authentication and authorization process,” Volpi said in a statement.

“THIS IS A GOOD MOVE FOR BOTH CONSUMERS AND MERCHANTS, AS IT WILL SPEED UP THE IN-STORE PURCHASE EXPERIENCE.”

‘A costly yet feeble means of securing transactions’

The Retail Industry Leaders Association and even Walmart, the nation’s largest retailer, say it’s time to say so long to the signature requirement.

“Mastercard’s decision to end signature verification acknowledges what retailers have long argued, that signatures are a costly yet feeble means of securing transactions,” says Austen Jensen, vice president for government affairs at the Retail Industry Leaders Association. Discover and American Express announced in December that they, too, will eliminate requiring signatures at point-of-sale terminals.

“Going forward, the payment industry needs to focus on finding solutions to the growth of fraud both in stores and online, where current measures are inadequate for protecting consumers and merchants.”

Walmart said in a statement about just saying no to the signature:

“Removing this step at checkout will save time for our customers and decrease the expense associated with storing and presenting signatures back to the issuer, all while preserving security for customers.

“We anticipate this will result in savings that can be used to continue to lower prices for our customers.”

Is safety in jeopardy?

Industry insiders don’t think the rollout of no-signature policies will endanger cardholders’ data.

Philip Andreae, a consultant in the digital payments industry, questions whether the signature requirement for in-store card purchases really improves the security of transactions.

Why? Merchants typically don’t check a cardholder’s signature – either on a paper receipt or an electronic screen – against the signature on the back of a card, he says, and many cardholders fail to sign their cards anyway.

“If merchants were doing what they are supposed to do, then maybe it has added a level of security,” says Andreae, of Philip Andreae and Associates. “Otherwise, as it is today, there is no value.”

Gemalto’s Jania believes not requiring signatures will have no effect on card security, since existing chip technology and other high-tech tools for verification of a cardholder’s identity aren’t going away.

Laura Townsend, senior vice president of operations at the Merchant Advisory Group, agrees. In a statement, she praised the no-signature move and noted that “new and improved” digital authentication tools – such as face, voice and fingerprint recognition – will bolster the security of in-store transactions via credit or debit card.

“WHAT CONSUMERS WILL FIND REASSURING IS THAT REMOVING THE NEED TO SIGN FOR PURCHASES WILL NOT HAVE ANY IMPACT ON SAFETY.”

Not a ‘radical’ idea

Mastercard describes dropping the signature as “another step in the digital evolution of payments and payment security.”

“At first glance, this might sound like a radical proclamation, especially to people who have had credit and debit cards for decades,” Linda Kirkpatrick, Mastercard’s executive vice president of U.S. market development, wrote in a blog post announcing elimination of its signature requirement.

“However, the change matches all of our expectations for fast and convenient shopping experiences.”

Mastercard says merchants such as retail stores and restaurants will be offered the option to ask for signatures, though.

Discover says the change is part of its efforts to continually improve the payment experience by speeding up the time spent at checkout all while maintaining a high level of security for both customers and merchants. Discover has already implemented a number of digital authentication technologies such as tokenization, multi-factor authentication, and biometrics that are more secure than requiring a signature and provide a more seamless payment transaction.

“As the payments industry continues to evolve and introduce new methods of transacting, we’re making sure that Discover is providing customers and merchants with a smooth and more secure payments experience,” Ghai says.

Kirkpatrick stresses that ensuring the security of credit and debit card transactions continues to be a top priority for Mastercard.

“What consumers will find reassuring is that removing the need to sign for purchases will not have any impact on safety,” she wrote. “Our secure network and state-of-the art systems combined with new digital payment methods that include chip, tokenization, biometrics and specialized digital platforms use newer and more secure methods to prove identity.”

Mastercard research shows most cardholders and merchants are ready for the signature requirement to die, particularly since that will accelerate the checkout process.

“While security remains paramount,” she writes, “we know that convenience is also a large part of what consumers want when they are shopping and paying. … The move will help merchants speed customers through checkout, provide more consistent experiences for every customer with every purchase and should decrease costs associated with safely storing signatures.”

Thank You to ALL Veterans!

12 Common Cybersecurity Mistakes and How to Help Avoid Them

12 Common Cybersecurity Mistakes and How to Help Avoid Them

While it may not constitute end times for a business, an incident that can result in stolen data, diminished customer confidence, reputational harm, compliance penalties and legal fees isn’t exactly a drop in the bucket either.

A study last fall found that the average data breach costs victim companies $15.4 million, up 19 percent year over year. Nobody in good faith wants to cost their company money because of a compromise, CEOs included.

Look, we all do dumb things. The key is learning from them and not making them habits. Because, as you know, the definition of insanity is doing the same thing over and over again – and expecting a different result.

Here is a list, in no particular order, of 12 cybersecurity mistakes you should avoid making in the current era of modern cybercrime. If something is missing from the list that you think should be on it, please drop us a note in the comments.

1) Failing to Map Where Data Flows and Lives

It can’t be said enough: Your data is your company’s lifeblood. Assessing and charting where that data flows (especially if it’s going outside of your organization), with whom it’s shared and where it lives at rest is paramount to knowing what you need to protect. When challenged with being right all the time – and the attackers typically needing to be correct just once – visibility is everything.

2) Neglecting Security Testing

Vulnerabilities reside across your databases, network and applications – and now also extend to devices like mobile and Internet of Things. These require regular testing through both automated vulnerability scanning and deep-dive penetration testing. Remember: Test, don’t guess.

3) Concentrating Too Much on the Perimeter

Prevention is not exactly an anachronism, but considering how advanced threats have become, attackers will inevitably make it through your border defenses. And once they’re inside, they will look to acquire privileges that will camouflage them as trusted users. They may evade you for a long time, unless you have strong visibility and an actionable understanding of indicators of compromise.

4) Blanking on the Basics

Oftentimes, it’s the simple things that will get you. To avoid having that “Doh!” moment, make sure all of your staff uses strong passwords (passphrases are preferred) and are following the principle of least privilege, and all of your network components are properly segmented to minimize access to confidential data, adequately configured to avoid undesirable changes, and up to date with the latest patches.

5) Disregarding Security Awareness Training

You’re likely familiar with the campaign “If you see something, say something.” Just as in the physical world, security enforcers rely on the population at large to stop attacks at their source – or at least make them aware of malicious attempts. Train your staff in everything from laptop protection to social engineering identification. And don’t forget to retrain because the scams continue to get sneakier.

6) Ignoring Security Monitoring

If you’re like most businesses, you don’t have the budget to stand up your own security operations center. But that doesn’t relieve you from needing around-the-clock monitoring and intelligence that will help you investigate automated alerts, hunt for threats, escalate serious incidents and minimize attacks.

7) Resisting Vendor Risk Assessments

Some of the most ignominious breaches of late were caused by attackers first infiltrating one of the victim company’s vendors. You must have a plan in place with the third-party entities to which you outsource to ensure that they are taking security and risk as seriously as you are.

8) Overlooking “Shadow IT”

Your endpoints are like ivy – growing mightily and quickly getting out of control. The good ol’ days of only needing to concern yourself with desktop and laptop computers are long gone. Your employees are now accessing so-called shadow applications and devices that are not supported by IT. If you can’t stop it, at least don’t be blind to it. First profile your risk, then institute controls.

9) Thinking it’s Just About Malware

Malware is still a critical part of attackers establishing their initial foothold. But once inside, they often use different strategies to laterally advance across your network. In many cases, that means flying under the radar by using legitimate administrator or ethical hacking tools to harvest sensitive data and detect vulnerabilities.

10) Believing a Breach Won’t Happen to You

Perhaps you’re still holding out hope that cybercriminals will show you mercy and pass over your business, but the reality is that companies of any size are targets. Preparing your defenses to also include response will help you react faster and minimize the fallout if – or more likely, when – your day comes.

11) Dismissing Your Bosses and the Boardroom

Security maturity is the holy grail of any infosec professional’s job objectives. In instances where businesses have reached high levels of maturity, security is ingrained in the culture, from the corner offices on down. Obtaining boss- and board-level support may be uncomfortable, but in today’s climate, it is imperative.

12) Trying to Do It All On Your Own

The cybersecurity skills shortage is no joke. Estimates place the worldwide shortage at one million positions and growing. Whether you’re a small business that lacks any security skills at all, or a larger outfit that needs help enhancing certain areas like penetration testing, security monitoring or incident response, doing more with less just isn’t going to work.

Partnering with a managed security services provider like Trustwave is a viable option. And such an arrangement doesn’t have to result in reduced headcount either – it just means you and your team can instead focus on and expedite IT projects that will have real effect on the top line of your business, while leaving security responsibilities to someone else with deep expertise and scale. This can actually result in elevated job security for your IT staff and fewer worries over losing a skilled in-house security staffer due to the industry’s notoriously high turnover.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

What Could Mobile / Digital Payments Save Your City?

WHAT COULD DIGITAL PAYMENTS
SAVE YOUR CITY?
Over the last decade, the world has gone
digital. Communications, entertainment and
commerce have moved online—bringing
significant benefits to consumers, businesses
and economies.
In this new digital society, payments are more
important than ever—providing the foundation
for new experiences and business models. With
this explosion of connectivity, digital payments
are growing exponentially as well.
It took 60 years for Visa to reach 3 billion
accounts, but we’re now on the cusp of a true
revolution that will see this number explode.
Hundreds of millions of new connected
devices are coming online and they’re all ways
to pay or be paid. The Internet of Things is
expected to reach 20 billion devices by 2020
and these connected devices will be able to
facilitate a range of commercial experiences,
including payments.
However, alongside the digitization of
commerce and payments, cash continues to
play a large role in certain sectors and markets
around the world, which could potentially
hinder economic growth in these communities
and industries.
To better understand the impact cash
can really have on economic growth, Visa
By Visa commissioned economics consulting and
research firm, Roubini ThoughtLab, to analyze
the use, acceptance and cost-benefit impact
of physical versus digital money in 100 cities
across the world. “Cashless Cities: Realizing
the Benefits of Digital Payments” is a unique
study that quantifies the net benefits that
cities, their residents and businesses could
realize by significantly increasing the use of
digital payments.
The study demonstrates that economies that
are moving toward digital payments and away
from cash, could benefit substantially. The
study estimates that reaching an “achievable
level of cashlessness”—defined as the entire
population moving to digital payment usage
equal to top 10 percent of users in that city
today—across the 100 cities examined, could
result in total direct net benefits of up to
US$470 billion per year. These benefits are
derived from many factors, ranging from
time savings among consumers from cashrelated
activities, to increased sales revenues
among businesses, to reduced government
administrative costs.
There are many instances where cash is more
costly than digital payments. The study found
that cash and checks cost businesses 7.1 cents
of every dollar received compared to 5 cents of
every dollar collected from digital sources.
Unbanked consumers across the 100 cities
spend an average $7 to $15 a month on cash
withdrawal activities like check cashing. By
reducing their reliance on cash, each unbanked
consumer could save an estimated $84 to $180
per year, on average. Furthermore, the study
shows the greater adoption of digital payments
could lead to a reduction in cash-related crime,
which benefits not just consumers, but also
governments by reducing criminal justice costs.
The shift to digital payments could also have
a catalytic effect on the city’s overall economic
performance, including GDP, employment,
wage and productivity growth. The study
predicts the combination of greater economic
activity, lower crime and greater ease of living
could make these cities more attractive to
businesses, talent and tourists.
We’ve seen what immediate and longterm
benefits could stem from the greater
adoption of digital payments. So, what now?
What can cities and governments do to help
usher in a more cashless future? The study
sets out 61 actions in a detailed roadmap for
policy makers.
Here are just five immediate and
actionable steps they can consider
taking to reduce cash reliance:
1Undertake targeted financial literacy
programs to help welcome the unbanked
into the banking system and offer secure digital
payment solutions for government benefits to
those who do not have bank cards.
2Phase out cash and check payments to and
from the government by adopting an allelectronic
payment and disbursement system,
meaning all government benefits, relief funds, tax
disbursements, collection and other payments
made to and from government institutions are
shifted to digital format.
3Promote a clear, innovationfriendly
regulation framework
4Ensure that digital payments are a
key component to all “smart city”
plans and strategies
5Implement secure open-loop
payment systems across all
transportation networks
The report is also supplemented by an
online data visualization tool, which
can be used to explore the benefits of
a more cashless world.
From mobile payments using
scanned codes to cards using
biometric authentication, billions
of connected devices such as
smartphones, watches, cars and
fitness trackers are now able to
send (and receive) payments. The
data shows that as communities and
cities become less reliant on cash
and better equipped to offer fully
digital payment experiences, their
businesses and economies could
grow, allowing their populations to
benefit and thrive

Payment Security Questions That Keep Merchants Up at Night

Payment Security Questions That Keep Merchants Up at Night

Payment Security Questions That Keep Merchants Up at NightBeing a part of a payments and security company, my colleagues and I have the opportunity to speak with merchants on a regular basis, during which we hear a lot of questions. Some are confused about which payment solution is the best fit for their business needs, while others are looking to understand how they can do more with their terminals. One of the biggest concerns they have is payment security.

Below are some of the most common security questions we hear from merchants. I’ll go more into depth on these in our upcoming webinar, “PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance.”

The webinar will take place this week, but I want to give you a glimpse of some of the topics we’ll be covering. Let’s take a look at some of the most commonly asked security questions that are keeping merchants up at night:

“What is PCI-DSS?”

It is extremely important for all merchants to understand the Payment Card Industry Data Security Standard (PCI DSS). The security standard set by the council not only protects customers’ data but the merchant’s business as well. PCI recently announced the release of its PCI DSS version 3.2. Following these security guidelines is one way for merchants to stay ahead of the changing requirements.

We also hear lots of questions around the difference between PCI DSS, PCI PA-DSS, and PCI PTS, and with all of these different acronyms, we understand why this is creating so much confusion. During the webinar, we’ll break down the differences between these standards so you can finally have a clear understanding of what each one means and which ones apply to you.

“How do I become PCI compliant?”

Merchants are also concerned about becoming PCI compliant. The PCI Council has fined merchants that aren’t following their security regulations. Moving to PCI compliance is a multi-step process that can vary by merchant.

We’ll be talking about PCI-DSS in depth during our webinar, and about the steps you need to take to ensure compliance with the latest standard.

“What is point-to-point encryption (P2PE)?”

This is a very common question that comes from all types of merchants. With the U.S. EMV migration still underway, retailers have been upgrading their payment technology to support chip cards, but they have also taken the opportunity to implement encryption services to protect their businesses from data breaches.

Even though these major retailers remain a major target for cyber criminals, small merchants are also vulnerable to such attacks. According to the U.S. Department of Homeland Security, 31% of all cyberattacks now target small businesses with fewer than 250 employees, and 44% of small businesses have reported being victims of hacking.

This threat environment should encourage merchants of all sizes to gain a better understanding of how they can protect their business and their customer’s sensitive data.

This is where point-to-point encryption (P2PE) comes into play. According to the PCI Security Standards Council, P2PE “is a combination of secure devices, applications and processes that encrypt data from the point of interaction until the data reaches the solution provider’s secure decryption environment.”

In simple terms, this means converting confidential payment card data and information into encrypted code at the time the card is swiped, so it cannot be hacked or stolen. A P2PE system provides the infrastructure and processes to perform this encryption and protect payment data from the point of sale to the point of the payment processor, which safely decrypts the data for bank authorization.

“How do I know if I’m already using P2PE?”

A lot of merchants we speak to are under the impression that they’re already using a P2PE solution, but the reality is that this isn’t always the case. There is a common misconception that encryption solutions, such as P2PE, are already part of the payment solution provided to the merchant. A P2PE solution doesn’t come built into a point of sale device and needs to be added to existing payment solutions. Merchants should check with their payment solution provider or seek third party expertise to review their current system and ensure they are actually using P2PE.

Do you have similar questions regarding payment security? Ingenico Group’s VP of Security Solutions, Dr. Rob Martin and I discussed the most commonly asked payment security questions we hear from merchants in our recent webinar “PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance.”  Get the answers you’ve been looking for around P2PE, PCI compliance, and other payment security related topics.