Customers are King; Mobile Use and Commerce Increasing
Mobile has placed even more power into the hands of today’s consumer, with the ability to check competitors’ prices while in store (a phenomenon known as “showrooming”) and so retailers are being forced to adopt new pricing and promotional tactics. Marketing investments are focused on mining more data and using it to provide more customized promotions to increase engagement and loyalty. To keep up with today’s tech-savvy consumers, retailers are also increasingly adopting mobile point-of-sale solutions. We’re seeing some POS providers leveraging the tablet form factor, integrating barcode scanners and mag stripe readers into handheld devices that double as a tool to offer on-demand product information to shoppers wherever they are in the store.
 
Profits Are Up; Retailers Reinvesting Again
According to the NRF Foundation’s recently released Retail Horizons: Benchmarks for 2011, Forecasts for 2012, retailers have returned to profitability after the economic downturn. The survey revealed that marketing and advertising spend is up, as well as investment in IT upgrades, e-commerce and leadership development.
 
P2PE Emerging as Key Data Security Strategy
Point-to-point encryption (P2PE) is gaining greater momentum as one of the most effective ways for retailers to secure on- and offline and mobile payments, with the added benefit of reducing PCI scope. Unfortunately, hackers continue to target retailers, with their favorite method being to target data “in transit,” as it moves through and from the merchant environment. Attackers in 2011 were more successful at harvesting data in transit than any other method, according to the Trustwave’s 2012 Global Security Report. Meanwhile, the PCI Council just released updated point-to-point encryption requirements as well as a fact sheet outlining how merchants can securely accept payments using mobile devices with actionable recommendations on partnering with a P2PE solution provider to securely accept payments and meet PCI DSS compliance obligations.

So those are a few of the key trends I’ve observed.

What are you seeing and experiencing? Share your comments and thoughts below.

From the old knuckle busters, to electronic transactions, to mobile wallets. The world of payments today is evolving at breakneck speed, with more change expected over the next few years than in the last few decades combined. At last week’s Electronic Transactions Association Annual Meeting & Expo, the message was loud and clear: keep up, remain versatile, and continue to innovate, or risk getting left behind.

Having attended the ETA show for many years, it’s interesting to experience the shift in focus. We’re not just talking about basic credit card processing anymore. For example, an exciting new wave of data mining is turning transaction data into marketing gold, providing valuable business intelligence for merchants, and a more personalized experience for consumers. It’ll be interesting to see the reaction as more of these programs are rolled out. I suspect merchants will be thrilled, but consumers may be wary given the high volume of marketing messages we are exposed to daily. But as long as these programs remain “opt-in” and provide real and relevant value, the outlook looks good.

As mobile wallets continue to evolve, which some predict will be the payment method of choice by 2020, I imagine we’ll see a shake-out with a select few companies rising to the top. As card types evolved years ago, most merchants came to accept MasterCard, VISA, American Express, Discover and Diner’s Club.  As mobile wallet options evolve, it will be interesting to see which options become standard.

When it comes to transaction security, the focus has shifted from technical problem to an essential and expected part of doing business. Various methods are still being discussed and debated and this year, many were wondering what EMV would mean for security.

Check out ETA’s conference highlights, photos and video here and we’ll hope to see you at the show in New Orleans next year!

“As credit card data breaches continue to make headlines, and as we continue to grow our business, we knew we had to do everything possible to secure the personal data of our guests,” shared Mark Nicpon, CIO, of AmericInn International, LLC. “Merchant Link’s hosted solution secures cardholder data from the moment of capture and ensures data is not stored anywhere on premise. The solution also helps ease PCI compliance effort and cost for our franchisees.”

The comprehensive solution incorporates the Merchant Link Payment Gateway, TransactionVault tokenization and TransactionShield point-to-point encryption technology. The Merchant Link Payment Gateway provides connectivity to all major processors and sends payments quickly, while detecting and correcting errors along the way. TransactionVault removes guest credit card data from hoteliers’ systems and stores it in a secure, hosted “vault” – away from the business and safe from hackers. TransactionShield encrypts data at the point of interaction and protects it as it travels through the hotel’s IT environment. Decryption occurs within Merchant Link’s cloud-based payment gateway, reducing the risk of comprise.

“AmericInn understands the importance of processing payment transactions securely as well as the value of the support services we provide their franchisees to access information and immediately remediate problems,” said Dan Lane, Merchant Link’s President and CEO. “We are proud that AmericInn has selected Merchant Link as the brand standard for its franchisees and we look forward to working with them.”

Installations are already underway and adoption across the entire chain is expected to be complete over the next 12 months.

About AmericInn
AmericInn® is a leading mid-scale lodging chain with over 260 locations currently open or under development in 27 states. The brand is dedicated to providing an exceptional lodging value for its guests by offering great rates and amenities such as free, hot, home-style AmericInn Perk breakfast, free hotel-wide wireless high-speed Internet, inviting swimming pools and Easy Rewards. AmericInn is part of Northcott Hospitality, owner and developer of successful franchised hospitality brands for more than 50 years. For more information on AmericInn development opportunities visit www.AmericInnDREAM.com or call 1-866-220-7140. For AmericInn reservations visit www.AmericInn.com or call 1-800-634-3444.

SILVER SPRING, MD (April 16, 2012) – Merchant Link, a leading provider of payment gateway and data security solutions, today announced that it is developing an innovative e-commerce solution for merchants to process payments securely in card-not-present environments.

Working closely with industry-leading partners, Merchant Link will offer two options to secure
e-commerce transactions and online payments:

• Hosted Solution: This option will enable a secure process to route sensitive cardholder data directly from the checkout page to the Merchant Link gateway while preserving the look and feel of the merchant website, enabling a seamless user experience.
• Encrypted Solution: This option will encrypt sensitive cardholder data at the moment of capture and prevent such data from being available to the e-commerce application or merchant.

Both options will significantly improve data security while reducing PCI scope and costs by blocking merchant access to cardholder data, the encryption and decryption environments, and to key management operations.

“This offering reflects our ongoing commitment to expand the breadth and depth of our services to provide merchants with all the options, security, support and flexibility they need when it comes to payments,” said Dan Lane, Merchant Link’s President and CEO.

The new solution is expected to be available by the end of the year.

Guest Preference and History
For the hotelier, a card-based approach means that you can track all guest transactions within the establishment to one folio/card number.  All guest purchases, from their room charge, dining, spa services or gift shop purchases can be tracked and identified by the card-based token.  Guest preferences associated with the profile will flow to the reservation and tie to the same token.  In addition, even if the guest has multiple stays the token remains the same.  This methodology is extremely useful for multi-property and chain environments where a central reservation system is in use.  All guest stay history can be tracked across the entire chain.   

Technology Footprint
IT departments responsible for maintaining and supporting the property management system environment will appreciate card-based token technology as well.  Card-based tokens do not require as much database storage as transaction-based systems.  The one-to-many relationship used for card-based tokenization uses less database real estate.   

Operations Impact
Accounting and audit functions are also streamlined with card-based tokens.  Credit card batch settlement reports are simplified since all incremental transactions roll up to one card number.  It is faster for accounting personnel to look up charges on guest folios.  Bank statement reconciliation and research is also easier with card-based tokenization by associating one card number with multiple transactions on a folio.

As we all know, credit card security is becoming more complex to manage all the time.  With card-based tokenization hoteliers can achieve the high level of security required while gaining operational advantages as well.    Merchant Link invites your feedback and opinions on this topic.  Please share your experiences or questions in the comment section below.

In this video, we take a look at merchant services, pricing, and what you can do to better manage your processing costs.

Check it out and let us know what you think.

Most Afflicted Industry
The report found that once again, the most afflicted industry was Accommodation/Food Service (Restaurants 95%, Hotel 5%). The report found that nearly three-quarters of automated opportunistic attacks hit the Retail/Trade or Accommodation/Food Service industries. Even though the amount of data per business is small, these “industrialized” attacks are carried out against large numbers in a surprisingly short timeframe encountering almost no resistance.  Many of these are small to midsize level 4 merchants who are failing in assessing and achieving PCI DSS compliance.

Most Used Techniques
External agents continue to be responsible for the largest proportion of breaches in 2011 (98%). The report shows the most common external breach techniques utilize some combination of hacking and malware (61%). Linked to almost all compromised records is circumventing authentication using stolen or guessed credentials (84% of records).

While internal employee breaches fell again this year to only 4% of total incidents, there is an interesting correlation to the food service industry. Most affected by internal employee breaches were smaller businesses and independent local franchisees of larger brands. The highest percentage of internal incidents belonged to money handlers such as the Cashier/Teller/Waiter category (65%) and the Manager/Supervisor category (15%).

Most Compromised Devices
With the Accommodation/Food Service industry continues to be the most targeted, it is not surprising that the highest percentage of user device compromises consist of POS Terminals (35%), Desktops (18%) and ATMS (8%). The report recommends training staff to detect signs of device tampering and to look for anti-tampering technology in POS and PIN devices.

Conclusions
Mitigating data breach threats can range from simple solutions to costly and complex systems. The report shows overwhelmingly that implementing a few basic safeguards has a big impact for small and mid-size companies that make up a large portion of the Accommodation/Food Service sector. These companies should look to:

• Implement a firewall on remote access services
• Change default credentials of POS systems and other Internet-facing devices
• Make sure your POS is a PCI DSS compliant application
• Eliminate unnecessary data on site

To assist in eliminating data on site, consider combining tokenization and point-to-point encryption to protect both stored data and data in-flight. Tokenization eliminates storage of actual cardholder data, while point-to-point encryption protects data in-flight from the point of interaction and as it travels through the merchant’s IT environment. If you get rid of the data, you get rid of the risk.

(And for all the booth veterans out there… ever notice how the quality of your conversations is directly proportionate to the number of chotchkies acquired? The higher the quality, the less you give away… funny but true.)

The show included an opening keynote address by Mike Inman of TableForce on the art of negotiation that was insightful for buyers and vendors alike. Inman talked about isolating items of high value to you and low value to the other party (and vice-versa) in order to arrive at an agreement.

Jack Clare, VP – Information Technology & CIO for Yum Restaurants International, shared the innovative approach they’re taking to kitchen automation and making their back office more efficient by connecting technology and operations. Clare is featured on Hospitality Technology’s MURTEC video playlist, as is Baron Concors, CIO of Pizza Hut who talks about applying business intelligence and big data to all business functions – not just marketing.

XPIENT Solutions was exhibiting and we announced a partnership yesterday that will allow their customers to increase the security of their payment transactions and cardholder data as well as benefit from the flexibility and support of our payment gateway service.

During the roundtable session, I sat at a table where the topic was PCI – a subject that continues to hit a nerve with operators, many of whom see it as a source of aggravation. One participant admitted it even caused him to consider quitting his job at one point. Still, the good news is that operators, auditors and vendors seem to be more educated these days when it comes to PCI and less confused about the standards and what is considered out of scope versus in scope. As we reported last week, businesses are taking greater ownership when it comes to compliance. And, operators are more interested than ever in solutions such as point-to-point encryption that can help them get rid of the sensitive cardholder data on their networks, effectively removing their systems from PCI scope.

Check out our video highlights, including observations from Alan Hayman of the Hayman Consulting Group and Joe Finizio, President & CEO of the Retail Solutions Providers Association.

SILVER SPRING, MD (March 26, 2012) – Merchant Link, a leading provider of payment gateway and data security solutions, and XPIENT Solutions, a leading provider of point-of-sale, back office, and enterprise management technologies for restaurants, today announced a partnership that allows restaurant operators to increase the security of their payment transactions and cardholder data and benefit from the flexibility and support of a payment gateway service.
 
“We know restaurateurs are looking for ways to address the ongoing threat of theft and fraud, and we were impressed with Merchant Link’s solution that secures both data in-flight and at rest,” said Christopher Sebes, XPIENT’s President and CEO. “Our customers will also value the flexibility of Merchant Link’s processor-neutral gateway as well as the ability to bolster loyalty programs using Merchant Link’s card-based tokens.”
 
The integration pairs XPIENT’s innovative point-of-sale (POS) system with Merchant Link’s Payment Gateway, TransactionVault tokenization and TransactionShield point-to-point encryption solutions. Certification is complete and the first beta site is expected to be live within a few weeks.
 
“XPIENT is a recognized leader in the industry, working with some of the biggest brands and specializing in the quick service restaurant (QSR) segment where we are expanding,” said Dan Lane, Merchant Link’s President and CEO. “This partnership makes sense for both companies to be able to offer more options in the increasingly complex and varied world of payments today.”