Merchant Link SecurityCents

…………………………………………………………………………………………………………………………………
Welcome to Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every few Fridays, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Top 6 Retail Tech Trends Videos <Share this article on Twitter>
by Nicole Giannopoulos
Everyday videos are posted to the Web – some funny, some informative and some that are just there – RIS has weeded through these videos finding the top six relevant to retail technology trends. Each speaks of projects that impact the retail marketplace in one way or another. From bricks-and-clicks to technology investments to omnichannel and retail’s impact on the world, the videos touch on a variety of topics and relevant trends…..Click here to read more

Six Technology Trends Revolutionising The Hospitality Industry <Share this article on Twitter>
by Calum McIndoe
As technology developments continue at a relentless pace, it can be difficult for hotels, leisure providers and those in hospitality to keep up with recent changes, let alone look to the future. However, the savings and improvements that technology can deliver mean that managers and directors really need to keep one eye on these six trends……Click here to read more

End-to-End Mobile Solutions <Share this article on Twitter>
by VSR Magazine
Mobile solutions took center stage at the Spring edition of Tech Data’s Channel Link. VSR sat down with Joe Quaglia, senior vice president, U.S. Marketing and president, TDMobility at Tech Data, to find out more about how VARs can add mobility to their repertoire….Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

We’re back from New York and catching up on what people are saying about this year’s show.

Peter Sheldon of Forrester is describing how the show has evolved into “a retail commerce show, not just a retail technology show.”

Forbes is writing about Jeff Bezo’s short but impressive acceptance speech and how it “reveals volumes about the man and his company.” Amazon.com won the Retailer of the Year award.

David Krebs at VDC Research is observing the shift in POS infrastructure and the un-tapped power of the retail associate, among other things.

The folks over at PYMNTS.com are reporting that “PayPal Stole the Show” with the news of their announcement of the addition of 23 retailers and partnership with NCR to enable real-time person-to-person payments from bank ATMs.

Reuters is highlighting technology that helps retailers know their customers and is claiming the store of the future is “threatening to leave technology laggards behind.”

@NRFnews is tweeting “Companies today don’t need to choose between their website and their physical stores. They need both.”

As for Merchant Link, we met with prospects and partners to talk about the cloud, integrations, data security and support. We presented a solution to go mobile without sacrificing security. We urged retailers who are interested in tokenization to use the same token across both card-present and card-not-present environments. We shared news of our recent Petsense implementation.

We even looked cool while we were doing it.

“Cloud before cloud was cool” – showing off our Merchant Link shades!
(left to right: Amy Norton, Beth Farris, Mike Ryan, Laura Kirby-Meck)

Check out all our photos from the BIG show here. 

It seems Retail’s BIG show gets bigger every year. With more than 27,000 attendees, it’s the place to be to find out what’s next in retail solutions and strategy.

When it comes to payments, retailers are seeking cloud-based solutions that are flexible enough to keep up with changing business, compliance and security needs. In these brief videos, we outline key advantages of moving to the cloud, and show off some of the cool new terminals our payment gateway is integrated to in our effort to connect retailers to all major point-of-sale systems and processors in the industry.

In case you missed it, we presented in Motion Computing’s booth Monday afternoon at the NRF show. We demonstrated how retailers using Windows can go mobile now with the innovative SlateMate tablet with magstripe reader and barcode scanner, with no change to workflow and without sacrificing the security they need to protect payment data and comply with PCI.

Learn more by clicking on the presentation below.

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Ten Ways To Secure Web Data Under PCI <Tweet this article>
by Robert Lemos
Whether they’re brick-and-mortar or online, merchants find the Payment Card Industry’s requirements for protecting credit card data challenging and confusing.
But all retailers must understand how to protect the credit card and other customer data that comes from online transactions, because their businesses are in cybercriminals’ crosshairs……. Click here to read more

Gartner VP interview: Mobile and social top challenges for CIOs <Tweet this article>
by Roberta Prescott
Mobile and social technologies represent a departure from the information technologies that CIOs are used to, such as ERP and CRM.  This change is one of the three fundamental questions IT leaders and CIOs are facing, according to Mark McDonald, Gartner group vice president and head of research in Gartner Executive Programs…………. Click here to read more

EMV Migration Gets Answer People <Tweet this article>
by John Adams
Other groups, such as the Smart Card Alliance, are also expanding EMV migration information sharing. The alliance, whose members include card manufacturers, payment processors and financial institutions, operates the EMV Migration Forum, an independent, cross-industry body to discuss issues that require cooperation and coordination across constituents in the payments space…………. Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

When the PCI Security Standards Council (PCI SSC) holds its election for Special Interest Groups (SIGS), it often provides a true window into the future of payment security.  One could actually consider the outcome of the SIG elections a true crystal ball if you will.

Last year, for example, our experts participated in the PCI SIGs for point-to-point encryption and tokenization.  We saw these technologies as reaching a tipping point in the hospitality, retail and lodging industries.

This year, the organization received 500 votes from more merchants, financial institutions, service providers and associations for the initiatives they want to prioritize in 2012, which included cloud computing, e-commerce security and risk assessment.  All of which, are top of mind for merchants as online and mobile transactions become more prevalent.

In addition, PCI SSC received votes from many organizations outside of North America, showcasing how finding global payment security solutions will be a priority.  Here’s what Jeremy King, European Director, PCI Security Standards Council, had to say in the PCI Council’s official press release:

“This is our first SIG election and I’m really pleased with the turnout, with a quarter of all of our Participating Organizations voting. Most impressively, a third of our votes came from outside North America showing that involvement in the Council’s activity and development of PCI Standards and resources to help secure the payment chain is truly a global endeavor.  I’m looking forward to close collaboration between the Council and SIG membership.”

The SIGs have often resulted in guidance for interpreting and implementing the PCI Standards – in such areas as wireless security, EMV chip, point-to-point encryption and virtualized environments. So we will be offering our own opinions and watching with anticipation to see what they will recommend in these new areas.

And while there is no such thing as a real crystal ball, the SIG elections clearly provide a glimpse into the future of payments and PCI compliance.

By Emily Dresner, CISSP

This year I had the wonderful chance to attend the RSA Security Conference in San Francisco, CA.  Between the immense Expo floor, 200+ sessions, peer-to-peer sessions, industry meetings, and keynotes, it is impossible to see it all and do it all.

I did learn about the newest attack vectors, listened to debate on the hottest discussion topics, and saw the product lines for 2011.

So what did I consider the highlights of the show?  Here are some of the topics that caught my attention:

- Cyberwar: Is it real or is it an over talked term?  Can a worm create a “kinetic” effect in the real world?  Where is the line between criminality, vandalism, and war?

- Cloud Computing Security: Business and government are leaping forward into the “cloud.” This has wide implications for security departments who try to secure both the data of their users and their corporation as a whole.  In fact, we’ve talked about tokenization in the cloud and what it means for organizations on this blog.

- Advanced Persistent Threats and Online Espionage: Aurora, Night Dragon, Ghost.Net are the newest crop of “APTs” — advanced persistent threats.  These new threats are burrowing into corporations through social engineering and have the potential to cause massive data loss on scales not yet seen.

- Zeus, Spy Eye, and other botnet networks: Botnets have become commoditized in the black market.  Now they do not merely steal credentials but they take screen shots, steal medical details, and keep a constant record of a compromised host.  They come through both infected websites and infected documents.  These rootkit-based botnets are evolving swiftly to defeat the best defenses to breach corporate and personal security.

- Mobile Security: The workforce is becoming distributed.  Smart phones and tablets are here to stay.  What does this mean for data security?  How does one secure mobile devices and still allow a mobile workforce to work unencumbered?  This is a major developing issue in information security with presentations from some product vendors.

- Wikileaks and Anonymous: Is Wikileaks a news source or theft?  Is Anonymous legitimate free speech or vandalism on a large scale?  How does one protect a network in the days of massively outsourced distributed denial of service attacks on command and continue to operate while under attack?

- Public/Private Partnership: The Department of Defense has realized they can no longer “go it alone” in cyberspace.  They are aggressively reaching out to private enterprise to help secure the nation’s critical infrastructure.

- Cryptography: One cannot go to the RSA Security Conference without hearing about cryptography — its sources, how public-key encryption made the Internet what it is today, and the new algorithms in signature analysis and SHA-3 hashes on the horizon.

I was also surprised that there were minimal discussions about PCI standards and compliance.

But overall, all the conversations were about the future: where we are now, where we have been, but mostly…where we want to be.  We also had a keynote from ex-President Bill Clinton as the capstone to the event.

Here’s looking forward to 2012!