Merchant Link SecurityCents

If you’re like me, you spend time during your daily commute at the local Starbucks, standing in line, waiting for your caffeine fix. As you eagerly await your turn in line, reciting your order repeatedly in your mind to ensure you don’t mess it up, you see individuals approach the register and pay for their cappuccinos, coffees, espressos and other concoctions with…their cellphones?

The scenario of a barista scanning their mobile device and account information being transferred through a point-of-sale system raises some red flags in the minds of consumers. Yet studies by credit card giants, such as MasterCard, show that customers aren’t so adverse to the increased adoption of mobile payments.

In fact, results of a recent study they conducted showed that 62 percent of Americans with cell phones would welcome paying for purchases with a mobile device.  It really becomes a psychology issue rather than a pure technology issue. Does the convenience of the purchase outweigh the security concerns in their minds?

With that in mind, younger generations are more likely to embrace mobile payments and feel more comfortable without a wallet than without a mobile device.  That could mean that mobile payments and a society without cash are clearly around the corner. Right?

Well, not completely. The customer is only one half of the equation for mobile payment adoption. The other half is the merchant, and right now, merchants are simply not seeing the potential return on their mobile payment investment. That’s because the switch to mobile payments involves much more than just training your staff to add “cell phone” to the list of ways customers can cover their tab.

To embrace mobile payments, a merchant’s point of sale, payment processing, and device management systems need to be overhauled. Most importantly, additional security concerns need to be addressed.

With advanced tokenization and encryption solutions being embraced by merchants, the customer’s invaluable credit card information can be protected from the time of the card swipe through the rest of the transaction lifecycle.

Most of us in the industry understand that the movement to secure mobile payments is only in the beginning stages and that solutions are in development to secure these types of transactions in the future. However, until merchants see enough benefit in embracing mobile devices as forms of payment to cover their investment in upgrades to their point of sale, payment processing and security systems, a cashless society could remain simply a pipedream.

Hospital Technology Next Generation (HTNG) is an association that we’ve been working closely with.  We have been impressed with their efforts in helping hoteliers take an active stance against cyber criminals. The organization plays a major role in advocating for best payment security practices for hotels, and our own Sue Zloth, is actively involved in HTNG working groups.

Now the group has launched this comprehensive web site called “HTNG is Improving Hotel Credit Card Security” that serves as a key resource for hoteliers to learn more about protecting their customer data.  Douglas Rice, Executive Vice President and CEO, to discuss this new initiative and other key payment security trends for hoteliers in our latest podcast on the Merchant Link SecurityCents HITEC page.

What trends do you think will be featured at HITEC?  Join the conversation on our HITEC page and leave a comment.  Interested in being a guest blogger and providing our readers with your perspectives?  Send me an email.

The week between Christmas and New Year’s Eve is always a time of reflection and anticipation. We often like to look back at major events that shaped our worlds, while at the same time, keeping our eyes on the year ahead.

The editorial staff at SecurityCents has opted to look back and highlight our most popular posts this year. In 2010 hackers made tremendous strides in obtaining customer credit card data, so there was no shortage of news and developments impacting our sector.

Fortunately, SecurityCents launched in 2010 with the mission of being the online destination for merchants to gain insights for winning the war against hackers. The following is a summary of our top posts that resonated with our readers. Enjoy!

Hotels Remain #1 Target for Hackers
2010 was the year that hackers made hotels their #1 target for stealing customer credit card data from hotels.  In what was one of the most significant hotel breaches this year, Destination Hotels and Resort had suffered from a credit card fraud scheme that impacted 21 of its hotels across the United States.  It was reported that data from more than 700 guests across the country was involved.  Check out our full post from Sue Zloth on this topic here.

A Look Back at 2010: What Has Impacted Retail?
Our very own Mike Ryan penned a post about all the major happenings in the retail sector in 2011.   From the sentencing of Albert Gonzalez to the evolution of PCI standards and The PCI Council providing guidance on emerging technologies that mitigate breaches, we have it all in this comprehensive post.

Before You Head Out On Vacation, Know the Difference between Tokenization and Encryption
Merchant Link’s Tim Kinsella wrote about the differences between tokenization and encryption right at the peak of summer vacation season.  Why the summer vacation angle?  As most CSOs of major retail and hospitality chains were heading to the beach for some much-needed rest, payment security was surely still top of mind.  Check out the full post here.

PCI Council Releases Guidance on Encryption for PCI DSS and Scope Reduction
In October, The PCI Council released the first in a series of documents that delved into the issue of encryption as it impacts PCI DSS and scope reduction. Merchant Link’s Sue Zloth provided key insights into this guidance and how it provided merchants with an understanding of what they should be evaluating to determine if a point-to-point encryption solution will simplify PCI DSS compliance for their environment.  Read the full post here.

Using Panasonic SMP? You Are No Longer PCI Compliant
When Panasonic decided to concentrate on their workstation business last year, they discontinued support for their software products, including the System Manager Pro (SMP) point-of-sale software — leaving nearly 3,500 merchants and quick service restaurants (QSR) at a loss. Merchant Link partner Don Bunt provided an insightful post about how Bunt Software and Merchant Link created a PCI compliant solution for Panasonic SMP users called SMPLink™.  Check out the full post here.

Most Notorious Hacker Sentenced; DOJ’s Perspective
In early 2010, Albert Gonzales, one of the most notorious hackers to-date, was sentenced to 20 years in prison for leading the attack on TJX and other retailers.  More than 90 million credit and debit card numbers were stolen at a cost of hundreds of millions to the affected retailers.  Here’s a podcast that we ran (courtesy of the ITAC blog) with Kim Peretti, Former Senior Counselor, DOJ, who discusses her role in bringing down Albert Gonzalez.

“Security is a Moving Target:” Staples Security Analyst at RSA 2010
The editorial team of SecurityCents was armed with a video camera at RSA 2010 and was able to secure an on-the-spot interview with Carlton Jones, Security Analyst at Staples Inc., who discussed what guides Staples’ security philosophy from best-of-class investments to using business cases to making on-going process improvements.  Check out the full video here.

We could have made this post longer – there were simply too many good posts to choose from! As we continue to make SecurityCents the ideal destination for all news and commentary related to secure payments in 2011, we welcome all comments and feedback on how to make this blog even more effective in the coming year.

by Beth McGarrity

Imagine what it’s like trying to secure a multi-billion dollar online and brick and mortar business.  That’s the task that Carlton Jones, Security Analyst at Staples, Inc. takes on every day.

We interviewed Carlton at RSA 2010 between sessions to find out what it takes to assure customers that each time they buy office supplies their credit card transaction is secure and their data is protected.

Watch the video below to learn about what guides Staples Inc.’s security philosophy from best of class investments to using business cases to making on-going process improvements.