Transaction trends The Official Publication of the Electronic Transactions Association
| November 2012
Bold new POS solutions capture customer data, manage inventory, and build lifetime value
or go home
ALSO INSIDE: Visa Merchant Data Secure v. the Competition Acquirer Tips for EMV Migration
NO CANCELLATION FEES
ON EVERY DEAL
CHANGE YOUR GAME RUSH PAST THE COMPETITION WITH NORTH AMERICAN BANCARD
North American Bancard provides the competitive edge you need to close more deals. Now you can offer no cancellation fees and place free equipment, combined with bonuses paid on every deal, our new program is a win for everyone.
TAKE ADVANTAGE OF THE OPPORTUNITIES Call 1-855-563-9107 or visit gonab.com/trends North American Bancard, LLC is a registered Independent Sales Organization/Merchant Service Provider for HSBC Bank USA, National Association, Buffalo, NY and Wells Fargo Bank, N.A., Walnut Creek, CA ÂŠ 2012 North American Bancard, LLC - All Rights Reserved.
We’ve Got Your Gear. Elavon gives you exactly what you need to protect and retain your customers.
Get Equipped to Succeed. Elavon provides partners all the tools needed to be successful. In addition to our best-in-class payment solutions, we handle all customer service, decision applications within 24 hours, and offer PCI programs that protect cardholder data while generating a new revenue stream for your business. And we are backed by the financial strength and stability of U.S. Bank, extending peace of mind to you and your merchants. • Freedom From Risk & Liability • No Minimum Revenue Commitments
Learn more @ elavon.com/MSPsuccess ©2012 Elavon, Inc. All Rights Reserved.
• Flexible Pricing Programs • Residual Advance Programs
Transaction trends The Official Publication of the Electronic Transactions Association
Vol. 17 | No. 11
cover story 12 Go Big or Go Home
By Julie Ritzer Ross Some large retailers are replacing traditional POS systems with less expensive mobile devices, while others are embracing self-checkout options. These strategies, as well as clienteling solutions, are intended to simplify the checkout process and capture key customer data.
FEATURES 16 Visa’s Line in the Sand
20 S P E C I A L S E R I E S Startup Stories: Innovation Lab
By Tom Goldsmith Visa’s new Merchant Data Secure is generally hailed as “a giant step forward.” But questions about its effect on competition and innovation won’t be answered until the solution takes hold.
By John Manasso FreedomPay, which was founded on the concept of stored value, continues to innovate and roll out new products.
depar tmentS 6 8
Trends, strategies, and news in the payments business and ETA member community
Risk in Review
23 Ad Index 24 Industry Insider
ShopKeep POS aims to separate itself from the point-of-sale pack by being both Cloud and iPad based.
EMV migration: Seven guiding principles for acquirers
Transaction trends | November 2012 3
Editorial Policy: The Electronic Transactions Association, founded in 1990, is a not-for-profit organization representing entities who provide transaction services between merchants and settlement banks and others involved in the electronic transactions industry. Our purpose is to provide leadership in the industry through education, advocacy, and the exchange of information. The magazine acts as a moderator without approving, disapproving, or guaranteeing the validity or accuracy of any data, claim, or opinion appearing under a byline or obtained or quoted from an acknowledged source. The opinions expressed do not necessarily reflect the official view of the Electronic Transactions Association. Also, appearance of advertisements and new product or service information does not constitute an endorsement of products or services featured by the Association. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided and disseminated with the understanding that the publisher is not engaged in rendering legal or other professional services. If legal advice and other expert assistance are required, the services of a competent professional should be sought. Transaction Trends (ISSN 1939-1595) is the official publication, published monthly, of the Electronic Transactions Association, 1101 16th St. N.W., Suite 402, Washington, DC 20036; 800/695-5509 or 202/828-2635; 202/828-2639 fax. Postage paid at Pittsburgh, Pennsylvania, and additional mailing offices. POSTMASTER: Send address changes to the address noted above. Copyright ÂŠ 2012 The Electronic Transactions Association. All Rights Reserved, including World Rights and Electronic Rights. No part of this publication may be reproduced without permission from the publisher, nor may any part of this publication be reproduced, stored in a retrieval system, or copied by mechanical photocopying, recording, or other means, now or hereafter invented, without permission of the publisher.
Electronic Transactions Association 1101 16th Street NW, Suite 402 Washington, DC 20036 202/828.2635 www.electran.org ETA CEO Jason Oxman Deputy Director/COO Pamela Furneaux Director, Education and Professional Development Rori Ferensic Director, Government and Industry Relations Mary Weaver Bennett Director, Membership and Marketing Del Baker Robertson Transaction Trends Publishing office: Stratton Publishing & Marketing Inc. 5285 Shawnee Road, Suite 510 Alexandria, VA 22312 703/914.9200
Publisher Debra Stratton Associate Publisher & Editor Josephine Rossi Contributing Editor Angela Hickman Brady Editorial/Production Associate Christine Umbrell Art Director Janelle Welch Contributing Writers Lia Dangelico, Tom Goldsmith, John Manasso, Phillip M. Miller, Bryan Ochalla, and Julie Ritzer Ross Advertising Sales Steve Schwanz or Fox Associates (800/440.0232; email@example.com) Fox Associates Offices Chicago 312/644.3888 New York 212/725.2106 Detroit 248/626.0511 Phoenix 480/538.5021 Los Angeles 805/522.0501 Atlanta 800/440.0231
ernest N. Morial Convention Center, New Orleans, La
april 30 â€“ May 2
4 November 2012 | Transaction trends
Save the DateS
01010101010001001010010100101110101101011011111001001001001010100110001101 10101101111100100100100101010011000110101010101010001001010010100101110101 11010101010101000100101001010010111010110101101111100100100100101010011000 01011010110111110010010010010101001100011010101010101000100101001010010111 10001101010101010100010010100101001011101011010110111110010010010010101001 01110101101011011111001001001001010100110001101010101010100010010100101001 10011000110101010101010001001010010100101110101101011011111001001001001010 10010111010110101101111100100100100101010011000110101010101010001001010010 10101001100011010101010101000100101001010010111010110101101111100100100100 00101001011101011010110111110010010010010101001100011010101010101000100101 01001010100110001101010101010100010010100101001011101011010110111110010010 01010010100101110101101011011111001001001001010100110001101010101010100010 00100100101010011000110101010101010001001010010100101110101101011011111001 00100101001010010111010110101101111100100100100101010011000110101010101010 10010010010010101001100011010101010101000100101001010010111010110101101111 10100010010100101001011101011010110111110010010010010101001100011010101010 11111001001001001010100110001101010101010100010010100101001011101011010110 10101010001001010010100101110101101011011111001001001001010100110001101010 01101111100100100100101010011000110101010101010001001010010100101110101101 10101010101000100101001010010111010110101101111100100100100101010011000110 11010110111110010010010010101001100011010101010101000100101001010010111010 01101010101010100010010100101001011101011010110111110010010010010101001100 10101101011011111001001001001010100110001101010101010100010010100101001011 11000110101010101010001001010010100101110101101011011111001001001001010100 10111010110101101111100100100100101010011000110101010101010001001010010100 01001100011010101010101000100101001010010111010110101101111100100100100101 01001011101011010110111110010010010010101001100011010101010101000100101001 01010100110001101010101010100010010100101001011101011010110111110010010010 10010100101110101101011011111001001001001010100110001101010101010100010010 00100101010011000110101010101010100101110101101011011111001001001001010010
INDuSTRYnews AROUND THE HORN
Walmart, Amex Release Prepaid Account Walmart and American Express have announced the release of Bluebird, a lowcost prepaid account alternative to debit and checking accounts. Available in more than 4,000 Walmart stores across the United States, Bluebird accounts can be funded by payroll direct deposit, remote deposit capture through the Bluebird mobile app, cash reloading at any Walmart register, or linking to a checking, savings, or debit card.
If consumers use direct deposit with their Bluebird accounts, they are granted fee- and surcharge-free access to MoneyPass ATMs. Built on the American Express Serve platform, the program includes mobile features such as a digital wallet, mobile app, and account management capabilities. Bluebird went live in October at www. bluebird.com.
Google Wallet Tests Micropayments With Cloud POS is expected to reach Web Content fast FACT
nearly $200 billion in gross processed volume in 2017, up from $15 billion in 2012, according to Aite Group.
Google has an announced an experiment to gauge user readiness to pay for premium web content via Google Wallet. Content is offered with an “instant refund” option, which allows users to cancel all charges if the content did not meet their expectations.
The setup appeals to companies looking to sell premium content to users for a low price—typically less than $1 per article. Publishers such as Peachpit, DK, and Oxford University Press are participating in the experiment. 6 November 2012 | Transaction trends
Suncorp Bank has implemented ACI Worldwide’s comprehensive fraud management solution, ACI Proactive Risk Manager 8.0. Atos Worldline has launched an NFC mobile payment application for card issuers worldwide. Elavon announced it will offer its MobileMerchant POS solution to merchants in Ireland. Daily deal site Groupon launched GrouponPayments, a mobile POS service. Heartland Payment Systems has launched Mobuyle, a free app that helps restaurateurs accept and process card payments anywhere inside and outside a restaurant. Impact Payments Recruiting has hired industry veteran Don Smith to lead its new impact advisors team. Layered Tech has launched Layered Tech Cloud Data Center, the next-generation secure, PCI-compliant cloud, and reported that its compliant hosting customers have passed every compliance audit since the introduction of its program Compliance Guaranteed. Merchant Warehouse announced its Genius Solution Suite, a product family with mobile payment and mCommerce acceptance solutions. Payment Alliance International has received a WorldPay US Top Distributor Award. PayTrace announced the roll-out of transaction processing capabilities on the First Data North processing network. SecureNet Payment Systems has named Greg Constantine EVP of client operations. VeriFone Systems Inc. will deploy its latest mobile checkout and multimedia-driven countertop payment solutions at sporting goods retailer The Finish Line Inc. Voltage Security announced that payment processing company Mercury will integrate Voltage SecureData Payments into its solutions.
News from the association
New Members ETA is pleased to welcome the following companies to its membership. To inquire about a membership with ETA, please contact Del Baker Robertson, director of membership and marketing, at firstname.lastname@example.org.
Advocacy Efforts Part of ETA’s mission to fully serve its members and advance their profession is to provide advocacy on members’ behalf. Here is an update on recent activity: • The ETA Industry Relations Committee held discussions on the proposed interchange settlement, EMV migration challenges, and industry coordination efforts for EMV migration implementation. The committee continues to work on a new ETA policy position on EMV migration and discuss resolutions to key problems. • The ETA Government Relations Committee held a discussion with the Federal Trade Commission (FTC) to determine how a working relationship between ETA and the FTC may best be developed. The committee also is reviewing the Federal Reserve’s proposal to collect survey information from processors. • ETA staff continued to conduct a series of meetings on Capitol Hill with congressional aides. In September, meetings were held with various committee and subcommittee staff to discuss ETA, mobile payments, and intellectual property legislation. For more information on ETA’s public policy activities, contact Mary Bennett at email@example.com.
AT&T Mobility Atlanta, GA www.att.com
Gilbarco Veeder-Root Greensboro, NC www.gilbarco.com
Neustar Inc. Washington, DC www.neustar.biz
The Bancorp Bank Wilmington, DE www.thebancorp.com
Ericsson Plano, TX www.ericsson.com
Payair Naples, FL www.payair.com
C-SAM Oak Brook Terrace, IL www.c-sam.com
Microsoft Redmond, WA www.microsoft.com
T-Mobile Washington, DC www.t-mobile.com
Clover Mountain View, CA www.clover.com
MoneyDart Global Services Woodbridge, NJ www.usaexchange.com
Verizon Washington, DC www.verizon.net
Computer Services Inc. Valaparaiso, IN www.csiweb.com Gemalto www.gemalto.com
Movenbank New York, NY www.movenbank.com
Vesta Corp. Portland, OR www.trustvesta.com
My Clear Reports LLC Westbury, NY http://myclearreports.com
CALENDAR : n 2012 Compliance Day
Sheraton DFW Airport Hotel Irving, TX November 13-14, 2012 www.electran.org/content/view/845/530/ n Silicon Valley Day
San Francisco, CA November 15, 2012 For details, contact Rori Ferensic, 202/828.2635 x 205 or firstname.lastname@example.org. n 2013 Annual Meeting & Expo
Ernest N. Morial Convention Center New Orleans, LA April 30-May 2, 2013 www.electran.org/content/view/831/516
Transaction trends | November 2012 7
ISO Corner RISK IN REVIEW
Preparing for EMV Migration
Seven guiding principles of EMV readiness for acquirers By Phillip M. Miller
he timeline is in place for EMV migration: Beginning Oct. 1, 2015, issuers or merchants that do not support EMV assume liability for counterfeit fraud. (The compliance deadline for automated fuel dispensers is two years later, October of 2017.) Of course, preparation for that shift will need to start well before that time. MasterCard, along with Visa, American Express, and Discover, have announced that acquirers, service providers, and subprocessors will be required to have the capability to process any EMV POS transaction, both contact and contactless, as of April 2013. Many industry professionals think of the migration as another step in a gradual evolution: First there was the embossed plate pressed against carbon paper, then the magnetic strip, and now the EMV chip.With that in mind, they visualize the transition in terms of a new technology that does essentially the same task. Merchants will have to get new terminals and learn to use them; acquirers will need to ensure that their systems support the technology. T he migration will involve some new hardware and some training, but otherwise it should be a fairly straightforward transition. Right? The truth, however, is that the EMV chip is not simply a new device for doing the same old task. The magnetic strip (like the embossed card before it) is a passive medium for encoding a fixed set of information. Swiping the card simply transfers that information to the terminal, which in turn sends that information, along with the specifics of the transaction, on to the acquirer. But the EMV chip does not simply store information; it is a microcomputer, capable of doing all sorts of tasks, and it is as far removed from the magnetic strip as a smartphone is from the old rotary version. This means the interaction between the EMV and the terminal will not be limited to that simple one-way transmission of information. Instead, the new technology will make possible a range of services, many yet to be imagined, to benefit consumers, merchants, and all of the other parties in the payment value chain. To prepare for the transition, here are seven principles for EMV readiness that can help acquirers gain the greatest possible benefit in the most efficient way possible:
1. Check network approvals. Plan ahead for an expansive EMV future by making sure that terminals are certified by all payment networks at the beginning of the process. Don’t make the mistake that was made in Canada, where the need for recertification by multiple networks cost several acquirers incremental time and money.
2. Carefully select terminals. EMV technology will offer a wide variety of functions, and different terminals may or may not support particular options as indicated by their Implemen8 November 2012 | Transaction trends
tation Conformance Statements. Forward-looking merchants and acquirers will want to ensure that they select the most recently approved terminals to implement.
3. Manage terminal updates. The greater flexibility offered by EMV technology means that terminals will require more frequent updates as options and applications change, and this will only increase with the growing importance of mobile payments. By investing in an automatic update management system, acquirers can avoid the costly manual updates that were necessary in markets like Canada and Mexico.
4. Manage EMV keys. EMV technology allows for an unprecedented level of security, powered by complex cryptographic keys, with offline PIN authentication as a backup in case of temporary communication downtime. T he seamless functioning of both online and offline authentication requires key management support strategy, with appropriate resources and trained staff in place well before they are needed.
5. Test diligently. Each terminal model, and each configuration, must undergo multiple stages of testing prior to deployment. Some of these will be done as a matter of course: The hardware interface and EMV kernel or software approvals
ISO Corner RISK IN REVIEW
should have been received by the vendor, and each payment network makes approval of a terminal contingent on its own specific set of tests. Best practices, however, suggest additional tests that careful acquirers should deploy, as they can make the difference between a smooth and successful EMV adoption and a difficult and more expensive one.
6. Develop an on-boarding process. Different retailers will have different needs when it comes to EMV functions and supporting terminals, but all retailers will need education and support. The acquirer’s readiness to support “integrated merchants” not only can reduce the time and expense of the onboarding process, but it also can enhance the relationship with the merchant.This involves an understanding of the retailer’s needs, and the ability to test, analyze, and respond throughout the implementation process. The initial investment in testing tools will be more than recouped in optimizing the migration.
7. Monitor after deployment. No matter how extensive the preliminary testing, there is a possibility that problems of some kind or another will arise in the initial stages of deployment. T hrough ongoing monitoring, careful analysis, and swift response, acquirers can ensure that these problems do not persist past those initial stages. Monitoring also can be used to identify potential abuses and to provide the basis for more sophisticated and profitable business practices by the merchant. In doing this, the acquirer can both strengthen the relationship
10 November 2012 | Transaction trends
EMV migration is less about a new technology and more about building the foundation for an entirely new way of doing business. with the current customers and offer a compelling proposition to retailers that have not yet made the journey to EMV. Implementing these seven guiding principles is not easy; it requires a number of upfront investments as well as consistent diligence.Acquirers that are able to execute across all stages will find they saved time and money in the migration process, but also that they and their merchant customers are positioned to take the greatest advantage of the opportunities that EMV technology affords. EMV migration is less about a new technology and more about building the foundation for an entirely new way of doing business.And that will be a much more demanding process. TT Phillip M. Miller is global head, acquiring knowledge center, for MasterCard. Reach him at email@example.com.
[ COVER STORY ]
By Julie Ritzer Ross
Large retailers embrace technologies that give consumers more control over the purchasing experience and give retailers more insight into consumer preferences
KEY NOTES 8 The financial incentive for new POS solutions is clear, according to one retailer: The iPod Touch device “fully loaded, fully installed, is about $500, and a register is about $5,000.” Some major retailers are eliminating cash registers altogether. 8 CRM and “clienteling” solutions let retailers quickly capture customer information like demographics and purchasing histories to enhance and facilitate the shopping experience. 8 Omni-channel retailing also is gaining steam: Store associates can tap into a single inventory data repository to find out-of-stock items, arrange for them to be shipped to the shopper’s door or picked up at another store, and be paid for on the spot. 12 November 2012 | Transaction trends
arlier this year, Walmart Stores said it was piloting a system that would replace traditional self-checkout technology with iPhone technology. It was big news and indicative of a trend among big retailers to make major technology changes in how customers shop and pay for purchases. A handful of players are eschewing tethered POS systems entirely and replacing the units with mobile devices for transaction processing. Along with Apple, which has executed customer checkout with iPads for some time, some of the trailblazers include the following: • Urban Outfitters—In September 2012, CIO Calvin Hollinger announced that the retailer was “out of the register business.” Gradually, over the next few months, Urban Outfitters will equip associates in its 400-plus U.S. stores with Apple iPad and iPod Touch devices to handle all checkout functions. An out-of-stock application will assist customers in locating and paying for merchandise from other stores.“If you come into a store and we don’t have your color or your size, the sales associates can find a color or the size somewhere in the enterprise,” says Hollinger.“We can print out the closest three stores, but we can also check you out with two or three physical items and fulfill, from somewhere in the enterprise, another item, with one simple transaction.”
checkout lanes where customers use traditional barcode scanning hardware and touchscreen kiosks to make purchases without cashier intervention, using credit, debit, and EBT cards as well as cash. The new system, called Scan & Go, would let shoppers peruse stores’ aisles, scan individual items with their iPhone, and place them in a shopping bag.A complete list of items would then be presented at the self-checkout counter with the iPhone application, thereby eliminating the need to scan all of the items at the time of checkout.
• JC Penney—Last July, the retailer announced its plan to eliminate cashiers and cash registers in all 1,100 of its stores by the end of 2013. Salespeople will use iPad devices to accept payments from shoppers, and self-checkout lanes equipped with iPads also will be implemented. Last summer, sales associates working in JC Penney’s new Levi’s “store-within-a-store” departments began using only mobile POS technology for payment processing. Analysts expect the financial benefits of eliminating cash registers will spur other large retailers to follow suit, with medium and small retailers likely following in their footsteps. The iPod Touch device “fully loaded, fully installed, is about $500, and a register is about $5,000,” points out Hollinger. T he iPad, which can be mounted on a swivel arm at a cash wrap station, is about $1,000 fully installed.
Bye-Bye Checkout Lines Self-checkout is taking a new turn in the tier 1 retail space as well, as companies
launch initiatives that let customers execute transactions with their own iPhones. “Some larger merchants are getting rid of the traditional self-checkout lanes because, in many instances, the technology malfunctions and slows customers down instead of speeding them through the checkout lanes,” one vendor says.“It appears they see this as a viable alternative.” Here are some examples: • Apple—Not surprisingly, Apple rolled out self-checkout functionality in its stores last November. With its Easy Pay application, shoppers can pay for their purchases direct from their own iPhones with no assistance needed from a salesperson. Almost immediately after the launch, skeptics dubbed Easy Pay “Easy Theft,” predicting it would lead to significant problems with inventory shrink. A company spokesperson says that hasn’t been the case. • Walmart Stores—As discussed, Walmart kicked off a self-checkout pilot using the iPhone. Many Walmart locations already have “regular” self-
Customer relationship management (CRM) and “clienteling” solutions also are emerging. New approaches let retailers quickly capture customer information like demographics, purchasing histories, preferences, and loyalty club participation, as well as digitally harness data from CRM and inventory/product information databases. Combined with other information in retailers’ databases—such as data pertaining to complementary merchandise—this information is then used on the sales floor to provide a higher level of customer service, personalizing store employee/customer interaction. The driving force behind clienteling solutions adoption is the premise that closer relationships with consumers enhance satisfaction, allegiance to the merchant and its brand, and lifetime value, suggests Lee Holman, lead analyst with retail consulting firm IHL Consulting in Franklin,Tennessee. Larger retailers have more incentive to use clienteling solutions: It sharpens their competitive edge against local merchants whose associates are well-acquainted with customers, address them by name, and are familiar with their preferences, Holman explains. “Mobile POS technology has become a real staple of many retail and hospitality verticals,” he adds. “At the same time, customers want—or, more accurately, demand—detailed product information at the point of decision. T he more retailers themselves harness the same mobile devices consumers have come to know—at the POS and to practice CRM in store aisles— the more deeply vested in the brand shoppers will become.” A sizable number of clienteling solutions Transaction trends | November 2012
[ COVER STORY ] now feature a mobile POS component, so that store associates can “close” interactions with customers with an actual transaction completed at the point of decision rather than at a fixed checkout counter. Many also support omni-channel retailing, which lets store associates tap into a single inventory data repository to find out-of-stock items, arrange for them to be shipped to the shopper’s door or picked up at another store, and be paid for on the spot. Epicor Retail Clienteling, released by Epicor Software earlier this year, and Engage 2.1, a mobile sales/CRM solution introduced recently by Starmount, are a couple of examples. The Epicor product runs on tablet devices and allows consumers to enter payment and other information themselves to streamline transactions and bolster accuracy, says Ian Rawlins, vice president of marketing, retail software. Engage 2.1 runs native on Apple iPod Touch, iPhone, iPad, and other mobile devices. It accepts magnetic strip cards and supports chip-and-PIN transactions. Engage 2.1 also integrates with the vendor’s Connect open shopper engagement platform.
The driving force behind clienteling solutions adoption is the premise that closer relationships with consumers enhance satisfaction, allegiance to the merchant and its brand, and lifetime value. —Lee Holman, IHL Consulting Among the retailers that have migrated to a clienteling solution with mobile payment functionality is Aurora Fashions. T his London-based operator of approximately 2,000 apparel stores around the world uses an iPad-based solution that, in addition to enabling associates to process transactions on the store floor, permits them to use their mobile device to accept payments for items that are out of stock in their particular store, but available in another location or from a central warehouse. “Mobile POS and mobile CRM play a pivotal role in bringing customers closer” to Aurora—the former, by helping to clinch the sale at the true point of decision, and the latter, by minimizing shoppers’ inclination to go elsewhere for merchandise that is unavailable in a certain store, says Ish Patel, group omni-channel director. “In a highly competitive and, even more importantly, customer-centric world, if we don’t have what the shopper wants on one store’s rack, the associate needs the tools to locate it at another store or the warehouse and arrange for it to be shipped wherever the shopper wants it to go.”
Go Time Large retailers that don’t go with the clienteling solutions flow will not only be unable to compete with their smaller counterparts, but they also may find themselves at a competitive disadvantage because many smaller merchants fully intend to jump on the bandwagon, says Holman. He notes that 41 percent of small to mid-sized retailers surveyed by IHL Group plan to deploy mobile devices this year, and 23 percent intend to follow suit next year.They’ll use the devices to engage customers and enhance the store experience. Twenty-five 14 November 2012 | Transaction trends
percent of retailers will leverage tablets and associated solutions for mobile POS and clienteling. Other retailers are concentrating on solutions that support omni-channel retailing by allowing payments to be accepted in one channel (e.g., online) for products picked up or delivered elsewhere (e.g., at a store). Toys “R” Us is using an omni-channel initiative to facilitate payments across different sales segments. A “Ship to Store” component, added this past fall, lets customers pay for and ship select online purchases to local Toys “R” Us or Babies “R” Us stores free of charge. Enhancements to the “Buy Online, Pick Up In Store” program include adding merchandise pick-up kiosks where consumers can retrieve and pay for goods ordered on the retailer’s website. Other retailers are upping their mobile app sophistication in an attempt to better engage customers. Building on its existing mobile strategy, Rite Aid now offers a free app that permits members of its wellness+ loyalty program to use Load2Card functionality to clip coupons virtually and redeem them, along with rewards, by presenting their mobile device at the point of sale. The app also lets customers manage their prescriptions, including copayments, electronically by scanning the barcodes on prescription bottles with their mobile device. Big retailers clearly are at the tip of the iceberg in terms of big technology adoption. Those that embrace solutions sooner rather than later stand to make the largest gains going forward. TT Julie Ritzer Ross is a contributing writer to Transaction Trends. Reach her at firstname.lastname@example.org.
The Isis Mobile Commerce Platform offers your merchants the opportunity to build more customer loyalty, increase customer engagement and mobilize their existing rewards cards and offers. And with our industry relationships, we’re positioned to provide you with the innovations that your merchants want today. So why not stay a step ahead? Reap the benefits of partnering with Isis and join us on our mission to be the industry’s most widely accepted mobile commerce platform. TM
Learn more at paywithisis.com or reach us by email at email@example.com Isis, Isis Mobile Commerce Platform, Isis Mobile Wallet, Isis Pay Smarter and the associated Isis logos are trademarks of JVL Ventures, LLC. Contactless Symbol is a trademark of EMVCo, LLC. © 2012 JVL Ventures, LLC.
[ FEATURE ]
By Tom Goldsmith
Linein the Sand
KEY NOTES 8 Some think Visa’s visibility and familiarity will make its solution the easy choice, but others worry innovation could wither in the wake of Visa’s solution becoming the de facto standard. 8 Visa most likely will offer its solution to processors, gateway operators, and acquirers, and the company has indicated that processors and acquirers may be able to resell the product to merchants. 8 There are too many unanswered questions to determine whether Visa’s entry into the encryption market will be a net plus or minus in terms of competition. The first indications will come when the service is unveiled next year.
16 November 2012 | Transaction trends
The behemoth’s new encryption solution has some wondering if the move will drive out competitors
hen Visa Inc. announced in August it would offer a point-to-point (P2P) encryption solution, the immediate reaction seemed to be “great” or “it’s about time.” But given the market power Visa wields, it didn’t take long for questions to arise about the ability of other vendors offering similar solutions to compete with the world’s dominant card company. In its release announcing the encryption service, Visa said it already was working with acquirers, processors, and terminal makers to design the system for easy integration into the payments infrastructure, but didn’t address the impact on the existing P2P products available from other vendors, including Trustwave,Voltage Security, Heartland, First Data, and others. But the company later said it didn’t see its service as a direct competitor to those offerings. For now, that may be true, if only because the market for more widespread encryption is so large. Payment data that could be used to commit fraud has for a long time been encrypted “at rest”—whenever it is stored in a terminal or on a processor’s computers—but until recently, much of the data “in transit” traveled without the benefit of strong encryption. That began to change significantly in January 2009, when Heartland Payment Systems discovered that hackers had managed to place a software program inside its processing systems that tapped into data as it was transmitted and recorded sensitive card information, compromising millions of credit card accounts. In the wake of the breach, Heartland committed itself to end-to-end encryption, and began urging the industry to adopt the practice. Later in 2009, Visa took its first high-profile action, issuing best practices guidance for P2P. The PCI Security Standards Council (PCI SSC) also issued guidelines and, though it doesn’t require P2P encryption, the standard does provide for less onerous validation requirements for those who employ it. Those events, and the lessons learned from Heartland and other breaches,
have created a robust market for encryption products and services, one that’s just getting started but potentially worth billions of dollars. And it is that market that Visa’s announcement will affect, for better or worse.
Giant Step Forward All of those who spoke to Transaction Trends about the Visa announcement agreed that by making Visa Net encryption friendly, the Visa encryption solution is a giant step forward and long overdue. It will enable P2P encryption throughout the Visa payments network, even for those using a third-party system like Heartland’s or First Data’s. Competitive concerns fall into two categories. In the first camp are those who think Visa’s brand name visibility and familiarity will make its solution the easy, obvious choice, especially by merchants, who likely aren’t familiar with the idea of encrypted data or perhaps would be surprised to learn it’s not already part of the processing system. Those in the second camp worry that in a world in which a Visa encryption solution becomes the de facto standard, innovation could wither and perhaps even better security technology might never come to market. John Reynolds of Showcase Furniture in Manassas, Virginia, is among those merchants who were unaware that the data they transmit probably isn’t encrypted and balked at the idea that the service will carry a price tag, even if it makes PCI compliance easier. “We’re paying a significant amount for credit card processing and our processor charges us PCI compliance fees and other fees related to security,” Reynolds says.“I’m not eager to pay anything more, but if I have to pay, then I would probably lean toward something that the credit card company is offering. T hey have a reason to make sure it works.” The competitive issues arise when it comes to acquirers, processors, and merchants. Visa most likely will offer its solution to processors, gateway operators, and acquirers, and the company has indicated that processors and acquirers may be able to resell the product to merchants. In other words, Visa Merchant Data Secure (the name given the new service) won’t involve Visa competing directly with other encryption vendors, but the service may compete,
How Visa’s Merchant Data Secure P2P Encryption Service Works If you’re not a deep-diving security expert, encryption probably is a bit of a mystery. You likely know that encryption scrambles the original data (credit card transaction data) so that it is unintelligible to anyone who can somehow obtain it. That’s true, but making sure the encryption scheme does an effective job of hiding the data, in a way that’s recoverable, is a complex proposition. In a simplified form, encryption starts with a key, which is used as part of a mathematical formula, or algorithm, to encrypt the transaction data. In P2P encryption, the data is transmitted in this encrypted form and the receiver uses a key (usually a complimentary key, not the original) to remove the encryption and recover the card transaction data. While most encryption schemes are difficult to break, the weak points in the system involve the robustness of the algorithm and the secrecy around the keys. If a hacker can easily determine the algorithm using a powerful computer, or if the key is compromised, the whole scheme falls apart pretty quickly. The method Visa uses in its encryption service relies on two techniques to ensure its security. The first is Triple DES, an algorithm based on the DES standard developed in 1998, but improved over the years to keep up with increasing computer power. The second is a key management system, Derived Unique Key Per Transaction (DUKPT), which also was created by Visa to manage PIN data in the late 1980s and early 1990s. Triple DES, as the name implies, follows the DES encryption standard, which is a mathematical formula that, even if a hacker knows the formula, can’t be reversed to recover the data (absent the key). The “Triple” part of the name refers to the fact that the DES algorithm is applied to the data three times, often using three different keys. The DUKPT key management scheme adds to the security of the transaction. It starts with a single, “super secret” key that’s tightly guarded. From it, a second key is generated and distributed to payment device manufacturers and processors (each manufacturer gets a unique key for a class of devices, while processors get a bank of keys representing all those distributed to the manufacturers). Within the devices, the second key is used to generate a new unique key for each transaction using a process that processors also can perform to determine the appropriate key at the receiving end. Apart from random coincidence, the final keys are not duplicated, so even if one key is compromised, it can be used only on one transaction and is useless for all others. Visa, terminal manufacturers, and processors have used the combination of Triple DES and DUKPT for more than two decades to protect the four-digit PINs used with credit and debit cards (including EMV cards, presumably). It has proven extremely effective and is well-understood by manufacturers and processors, which should make it fairly simple to apply to card transaction data as well as PINs going forward.
Transaction trends | November 2012
[ FEATURE ] through resellers, with other products already in the market. Visa seems to be avoiding the appearance of trying to dominate the market by offering its P2P encryption through resellers, noting that the company could have offered the service at no cost and created an instant standard, says David Fish, an analyst with Boston-based Mercator Advisory Services. Fish counts himself among those who have at least some concern that innovation could suffer. “Why would an entrepreneur bring something to market that would take a different approach to security now that Visa has thrown its weight behind a particular approach to encryption of payment data?” he asks.
Looks Like a Standard Intentionally or not,Visa’s Merchant Data Secure does set parameters that bear at least a resemblance to a standard. For example, the service that is now set to arrive early next year will rely on the same Triple Data Encryption Standard (Triple DES) and Derived Unique Key Per Transaction (DUKPT) key management currently used to encrypt PINs. But that technique relies on a data encryption
algorithm that is nearly 15 years old and now considered secure only because it has been modified to apply three keys to each block of data (the original single DES algorithm became susceptible to attacks as computing power grew over the past decade or more). For the existing payments infrastructure, using the system currently employed to protect PINs is a plus, since it simplifies the updating of many existing merchant terminals. Of less concern, at least for now, is the possibility that end-to-end encryption will be a requirement, either as one of Visa’s own rules governing use of its cards or through the PCI council. In recent interviews,Visa’s Eduardo Perez said,“We do not mandate [P2P encryption] or require it at this point. But [it] is one of the tenets of the PCI Data Security Standard.”
And Then There’s EMV For the long term,Visa’s announcement of the Merchant Data Secure service has to be evaluated in terms of the larger security picture, and in particular the push by all of the major card companies for adoption of EMV standards, which add encryption to the physical credit or debit cards,
as well as the terminal that reads them. When EMV is widely adopted—possibly within two to five years—unencrypted data in transit may be the last major vulnerability unless in-transit encryption becomes required, either by card companies or for PCI compliance. There are too many unanswered questions to determine whether Visa’s entry into the encryption market will be a net plus or minus in terms of competition. The first indications will come when the service is unveiled next year along with the rumored reseller program. For now, the company appears to be more interested in thwarting card fraud than creating a massive new revenue stream. In fact, by working with acquirers and processors to develop the final specifications for Merchant Data Secure and by making the system flexible enough to accommodate third-party solutions at other points in the data stream, Visa may expand the market and bring new competitors into the mix of available solutions. TT Tom Goldsmith is a contributing writer to Transaction Trends. Reach him at firstname.lastname@example.org.
Why should I do business with an ETA CPP? By obtaining your payments processing solution from an ETA CPP, you can be sure that your representative is knowledgeable about the products and services he recommends and has the expertise to recommend the best and most appropriate solution for your business. Your ETA CPP has made a significant personal (and financial) commitment to his or her profession and has agreed to adhere to the Electronic Transactions Association (ETA) Code of Conduct.
For more information visit: www.electran.org
18 November 2012 | Transaction trends
Innovation Lab FreedomPay CEO has a knack for creating products that work, no matter what merchants need By John Manasso
FreedomPay Radnor, PA Founded: 2000
Annual processing volume:
$1 billion Processing power:
2,500 merchants “We need to be ahead of the industry and take a leadership role.” —Tom Durovsik, founder and CEO
20 November 2012 | Transaction trends
om Durovsik fondly recalls childhood memories of lying on his living room floor and playing with Matchbox cars. In the 1980s, when he worked for the collectibles maker Franklin Mint, eventually becoming president, Durovsik leaned back on those reminiscences and introduced a line of precision-made, one-to-24 scale automobiles— sort of like Matchboxes for adults. “They were just hugely successful as collectible items for men,” says Durovsik, now the founder and CEO of Radnor, Pennsylvania-based FreedomPay, whose processing volume is $1 billion annually. “I like to think that when you’re in a toy store like the Franklin Mint and you can think back to childhood and now create things for adults, it’s a huge, fun project as well as a great financial success.” Durovsik is an entrepreneur with a knack for creating products that find a niche in the marketplace. He did it early in his career at PepsiCo., later at the Franklin Mint, and then again when he founded an early web-based company that provided health-care information called InteliHealth, which was subsequently purchased by Aetna. Based on his interest in technology, Durovsik founded FreedomPay in 2000. He wanted to explore the concept of stored value as an alternative to credit cards from a cost and functionality standpoint. FreedomPay was founded with the idea of creating a stored value network, a closed loop for captive environments. “Today, we’ve grown that into a highly successful business, where we do college campuses, government agencies, Fortune 500 companies, and some of the biggest teaching hospitals in the country. We manage all of their payment and voucher systems,” says Durovsik. “We also do their credit card processing. But in the beginning, the company was really founded on strength of stored value.”
Good VIBEs FreedomPay handles processing for 2,500 merchants. Some of them, like Case New Holland, the world’s second-largest manufacturer of construction equipment, have thousands of locations. During the company’s 12 years, its creative products—such as those FreedomPay offers in stored value— have paved the way. FreedomPay continues to innovate and roll out new products. Several months ago, it launched its new VIBE platform, roughly four years in the making, which it expects to be important in the company’s future growth. In a news release, FreedomPay describes VIBE as a “cloud-based transaction platform” that is “revolutionizing the enterprise processing world.” The key to VIBE is how it uses mobile phones, which Durovsik believes are the key to the industry’s future. FreedomPay’s Chris Kronenthal, vice president of IT, says one of the goals of VIBE, which he helped to build, is “making very complex things as simple as possible.” Nonetheless, it is designed to operate using Visa Level 4 merchant compliance data in hundreds of milli-
WORDSTOTHEWISE � Go mobile. “My advice would be to get on board with mobile,” says Tom Durovsik, CEO of FreedomPay. “I think it’s moving much faster than people understand and it’s going to bring a lot of speed and efficiency to the merchant location. It’s going to create deeper relationships with their customers because it’s going to be in real time in their customers’ hands, and they can communicate incentives and messaging whenever they want. I think for merchants who are unaware or hesitating or what have you, it’s a really good time to get involved.” � Have a “say yes” philosophy. “We always start with yes,” Durovsik says. “That’s just a mentality that I preach corporate-wide here. We don’t like to say no to clients. Sometimes it’s hard to get there, but we like to think we do. And a lot of it is even beyond that because I think customers want more. They typically will come to us and go, ‘Can you do this? Can you do that?’ I think the traditional environment or processor will say, ‘We can’t,’ or, ‘It’s out of our realm.’ What we’ve done is built this very robust platform so when customers come to us and they have something that can even be specific to their business, we’re generally in a situation where we can work with them and find solutions to their business.” � Make customer service “job one.” FreedomPay likes to “over deliver,” says Durovsik. “We like to take a leadership role in new product solutions. I’d like to think we’re responsible for innovation for our customers.”
Learn more at apriva.com or call us at 877-277-0728
Security. Connectivity. Mobility.
ATTRACT MORE MERCHANTS TAILOR-MADE POS SOLUTIONS GIVE YOUR MERCHANTS THE ABILITY TO SELL ANYTHING, ANYWHERE Wireless Terminals • Secure Gateway • Cashless Vending • Mobile Payments • Mobile Wallet
Transaction trends | November 2012
seconds. T he first merchant to use VIBE was Companion Baking, a commercial baker that has three locations in the St. Louis area that operate as cafés and offer breakfast. Andrea Waldin, FreedomPay’s vice president of marketing, describes the user-friendly nature of VIBE for merchants and how they can get added value out of the system: T he merchant logs in to the system to create a promotion. It specifies the parameters it wants, whether it’s the hours of the day the merchant wants the promotion available to customers, a specific dollar amount customers must spend, a percentage off, or a fixed number of customers who are eligible for the discount, so that the customer receives the rules that apply. The merchant uploads a graphic with some text, saves it, and then the promotion gets pushed out on the network.The technology also has been created in such a way as to prevent couponing-fraud, potential multiple uses by a single customer,Waldin says. Consider the example of a breakfast café having the sunk costs of staffing and food and losing business because of a rainstorm, Waldin says. The merchant can counteract the bad weather and lack of business by sending out a coupon for 20 percent off during a specified time to try and drive business. “That’s really powerful,” she says. “If you think about all of the different service-type industries [with] sunk-cost models, where they don’t really know what hours of the day they want to generate business, it’s very difficult to drive consumer behavior with things like printed coupons because they’re not done in real time.” Kronenthal says one of the advantages of the system was that it was not built for a company with just a few merchant locations, which would mean FreedomPay would then have to scale its system up to use it for larger merchants. Instead, it was built more with the likes of a Case New Holland and its 2,000 locations in mind so that that the system could be scaled down, if need be.
Next Wave Focused With such an investment of time to build the technology, private equity has been part of FreedomPay’s strategy from the beginning. Its board of directors includes Peter Buhl of BlueRun Ventures, Mark Levine of Core Capital Partners, and Jack R. Selby of Clarium Capital Management. BlueRun’s website says it makes an initial investment between $1 million and $6 million, with additional capital reserved for later rounds. On its website, Core Capital Partners says some of the areas in which it chooses to invest are “infrastructure and applications to support advancing mobile devices, networks, and data usage” along with cyber security and data protection. Clarium was founded by Peter Thiel, a co-founder of PayPal and an early investor in Facebook. “We have private equity investors and partners over the 10year course of the life of the company,” Durovsik says.“They’re very involved in and very helpful with strategy and financing.” Durovsik acknowledges that when FreedomPay began building VIBE four years ago, it made a “big bet” on mobility. “As an entrepreneur, I’ve always felt that we need to be ahead of the industry and take a leadership role,” he says.“I think that’s been 22 November 2012 | Transaction trends
a driving force with us. Mobility was on our radar four or five years ago, certainly as a serious opportunity.We did take a very big investment and a big bet on mobility, and I think we’re very happy we did. I think back then, it wasn’t prime time. I think everyone was saying,‘Mobile payments, oh, it’s coming,’ but it wasn’t really there. “Today, I’d say we’re officially in the era of mobile incentives and using the mobile platform to really create stronger relationships between merchants and customers. So it was a strategic decision. We built something and a platform and an application on the mobile platform that really is unparalleled now in the industry.” Durovsik predicts VIBE will become better known in the marketplace, along with products that come from big-name companies such as Google.To that end, Waldin is beginning to ramp up the company’s marketing effort, which extends to the company’s website that was relaunched in September. FreedomPay is about more than just processing transactions for its customers, says Durovsik.“They’re really coming to an innovation laboratory that heavily focuses
on new products and advancements and enhancements,” he says. “That’s what we like to do: Bring our clients the next wave, what’s hot, what’s coming.” TT John Manasso is a contributing writer to Transaction Trends. Reach him at email@example.com.
Advertisers index Company
2 678-731-5236 800-296-4810
eProcessing Network, LLC
Network Merchants, Inc.
North American Bancard
Planet Group, Inc.
Total Merchant Services, Inc
NPC, a Vantiv company
Transaction trends | November 2012
ShopKeep POS’s Cloud- and iPad-based systems distinguish it from the pack By Bryan Ochalla
f all the things that help differentiate his company’s POS platform from its competitors, Jason Richelson says the most important is that his solution was created by someone who has “spent a lot of time behind the counter ringing up customers and seeing what happens when the register doesn’t work.” Nearly as important a differentiator is that ShopKeep POS is both Cloud- and iPad-based.What’s more, Richelson and his colleagues “are here for our customers seven days a week.” A lot of companies “don’t have the capability of offering the kind of support we offer, because the model just isn’t there to pay for it,” he adds.“They can’t be there for all of their previous customers because they get their money up front and then move on to the next guy.” Richelson, who owns and operates a pair of wine stores called T he Greene Grape as well as a gourmet grocery store called The Greene Grape Provisions in New York City, came up with the idea for ShopKeep POS nearly four years ago after “getting frustrated with my POS software and the guys who were managing it.” —Jason Richelson At the time, “it was hard to get information out of the software because it ran on a server in the basement of one of our stores,” recalls Richelson.“When I wanted to see our sales for the day, for instance, I had to log into the server and run reports.That was really annoying.”
“Our dashboard app allows you to manage your store from pretty much any location … without having to buy a server.”
Do-It-Yourself POS Although Richelson himself developed a number of workarounds for that problem, he wasn’t able to do the same when, toward the end of 2008, the aforementioned server crashed, preventing his stores’ cashiers from ringing up sales. Richelson was on vacation at the time, and the people who installed the server wouldn’t come out to fix it for several days. “This kind of thing happened over and over and over again,” he adds. 24 November 2012 | Transaction trends
As a result, Richelson decided to switch his stores to a Cloud-based POS, but couldn’t find one that would work in grocery stores.“So, I decided to do it myself. I came up with the name, bought the domain, hired an engineer, and started building something.” Richelson launched a PC-based platform in 2010,“but then the iPad came out and I realized that a touch-screen,Windows XP-based system, sold by guys trying to make huge margins, costs $3,000, while an iPad, which is smaller, more powerful, and has a touch-screen and battery back-up built in, costs just $500.”As a result, the entire register portion of ShopKeep POS was rewritten for the iPad in the beginning of 2011. Since the resulting system, which was tested in Richelson’s own stores, was added to the Apple App Store last August, the company’s client roster has grown to include almost 3,000 stores—with an additional 50 to 60 joining the fray each day. Secrets of Success What is it about ShopKeep POS that’s attracting those merchants? To begin with, says Richelson, there’s its software, which allows cashiers to ring up sales and more on their snazzy, new iPads.“When you look at it as a retailer, it makes sense. For example, the cash button is really big because 60 to 70 percent of what our customers do is cash. Also, we’ve reduced the number of clicks needed to do certain tasks.” Clients also enjoy the product’s ease of access: “ Our dashboard app allows you to check your sales whenever and wherever you want using your smartphone,” says Richelson, whose company has partnered with Dwolla, LevelUp, and PayPal in the past year.“It also allows you to manage your store from pretty much any location.You can add inventory, you can run sales history, you can run reports—and you can do all of those things without having to buy a server.” The fact that ShopKeep POS is a “completely open system” also likely appeals to certain merchants, he adds.“We will work with any ISO and any processor, and we will eventually work with multiple loyalty providers and multiple delivery systems, too.The goal is to give retailers as many options as possible and help them run a smarter business.” TT Bryan Ochalla is a contributing writer to Transaction Trends. Reach him at firstname.lastname@example.org.
Managing Payments, Driving Solutions
We’re Vantiv. Dedicated, strategic professionals with 40 years of experience developing innovative payment processing solutions for merchants across the nation. We’ll work with you to develop programs that simplify your payment acceptance strategies, while providing you with new sources of revenue. And we’ll help protect your business with our comprehensive data security and fraud prevention solutions. Our people, technology, and partnerships are the Vantiv difference. Let’s discuss your future success.
Let’s talk payment processing 866.622.2833 vantiv.com/tt
Expect more. © Copyright 2012 Vantiv, LLC. All rights reserved.
THE MOST IMPORTANT THING TO REMEMBER ISN’T THAT WE WON ETA’S 2012 ISO OF THE YEAR. IT’S THAT EVERYONE ELSE DIDN’T. Your business deserves the best. Join our winning team and our 16 year reputation of creating great experiences for Sales Partners and Customers. We have assembled a New Leadership Team with the experience and vision to secure your long-term success. We won ISO of The Year for a reason. Call us now and find out why.
CALL US TODAY AT (888) 848 - 6825 X9411 WWW.ISOOFTHEYEAR.COM
The official publication of the electronic transactions association