Merchant Link SecurityCents

When it comes to evaluating payment data security technologies….are you following the 5 “S’s”?
scope, study, support, seek, secure…

If you’re not, how can you really know your data is protected and secure? Too often merchants go with the solution that is directly in front of them. They are focusing on their business, selling their products and services to their customers, and security and PCI simply get in the way. But one breach and suddenly, all of their hard work is gone.

A breach of merchant data not only hurts the consumer, but it harms the merchant as well. PCI will fine merchants in the case of a negligent breach and once the word gets out, consumers become weary of doing business with you – so the merchant’s brand reputation is impacted.

The process of evaluating all the different payment security technologies out there doesn’t have to be complicated or time-consuming. Follow these 5 simple steps…

1. SCOPE – Examine your data flow and look at where data is stored
2. STUDY – Educate yourself on security methods, technologies, and PCI compliance
3. SUPPORT – Inventory current systems – your hardware, software, and processors – and understand how will integrate to the technology
4. SEEK – Evaluate vendors and seek answers to key questions
5. SECURE – Implement the right mix of methods and technologies to secure  cardholder data

If you don’t know whether or not your data is protected and secure, give us a call.

…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web.  Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….

Hotel Leaders Discuss Key Issues – and beyond <Tweet this article>
by Jeff Higley
Using a rapid-fire approach, moderator Don Landry covered plenty of ground during Wednesday’s opening general session at the 18th annual Lodging Conference.
Along the way, Landry, owner Top Ten Hospitality Advisors, poked and prodded panelists into addressing key issues ranging from the future of full-service, suburban hotels to merger-and-acquisition activity in the industry to the so-called “electile dysfunction” buzzword that’s sweeping the country……Click here to read more

What Security Benefits Does Contactless Technology Offer? <Tweet this article>
by Blogger News
Contactless technology offers many benefits, including faster and easier transactions, versatility to be incorporated into various personal devices including mobile phones, and improved data security over the magnetic stripe technology.
According to the Smart Card Alliance, “Contactless smart card technology includes strong security features optimized for applications involving payment and identities…..……. Click here to read more

Restaurant VARs: 3 Ways To Inject New Life Into Your Business <Tweet this article>         
by Mike Monocello
I’m going to give you a sneak preview of a feature article in next month’s issue of Business Solutions because the VAR we highlight is doing some great stuff that’s really impacting his business. The VAR is Andrew Strickler and his company is Tampa Bay POS. We featured Andrew in our magazine back in 2007. At the time, his company was four years old and business in the hospitality space was absolutely booming….…….  Click here to read more

…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion
……………………………………………………………………………………………..………………………………….

CIO’s and IT staff have continually full plates these days.  They are required to juggle complex and often competing projects just to “keep the lights on” and at the same time work toward the overall vision their CEO lays out for the business.  Operating during a down economy the past few years has caused businesses to look for efficiencies and many reduced staff.  At the same time there has been an explosion of user-generated project requests for new applications, web functionality and mobile technology.  It can be a tall order to implement new or strategic projects such as company-wide security plans and PCI compliance when you are fighting everyday just to do the basics.

For hospitality IT departments, putting off security projects can be very risky.  As Merchant Link reported in March of this year, according to the Verizon 2012 Data Breach Investigation Report, Restaurants/Accommodations continues to be the most targeted industry for data breach attacks.  So how can you, the CIO or IT Director, ensure that data security doesn’t fall to the bottom of your “to-do” list?  By partnering with a payment security expert, you can benefit from the collective experience and support garnered by assisting numerous customers in implementing a secure and comprehensive solution.

Look for a flexible payment data security solution that takes a layered approach to implementation so you can plan each stage.  This eases constraints on resources while still allowing you to gain benefits as you implement each layer.  For example, by implementing a cloud-based payment gateway, merchants can take advantage of a hosted architecture while removing the credit card interface system from PCI scope.  Additional scope reductions can be achieved by removing stored PAN data using a tokenization solution.  To protect card data from initial point of interaction and as it travels through the network, point-to-point encryption can also be added.  A key benefit of a layered solution is the ability to implement in stages while receiving cost savings and scope reduction at each stage.

It’s true an IT department has to juggle many priorities and projects but data security is just too important to let fall off your plate.  An experienced partner, a comprehensive solution and flexible implementation options will allow you to achieve your data security goals and ensure the day to day operations keep running without busting your budget or your team.  We invite you to share your experiences, questions and comments below.

From the old knuckle busters, to electronic transactions, to mobile wallets. The world of payments today is evolving at breakneck speed, with more change expected over the next few years than in the last few decades combined. At last week’s Electronic Transactions Association Annual Meeting & Expo, the message was loud and clear: keep up, remain versatile, and continue to innovate, or risk getting left behind.

Having attended the ETA show for many years, it’s interesting to experience the shift in focus. We’re not just talking about basic credit card processing anymore. For example, an exciting new wave of data mining is turning transaction data into marketing gold, providing valuable business intelligence for merchants, and a more personalized experience for consumers. It’ll be interesting to see the reaction as more of these programs are rolled out. I suspect merchants will be thrilled, but consumers may be wary given the high volume of marketing messages we are exposed to daily. But as long as these programs remain “opt-in” and provide real and relevant value, the outlook looks good.

As mobile wallets continue to evolve, which some predict will be the payment method of choice by 2020, I imagine we’ll see a shake-out with a select few companies rising to the top. As card types evolved years ago, most merchants came to accept MasterCard, VISA, American Express, Discover and Diner’s Club.  As mobile wallet options evolve, it will be interesting to see which options become standard.

When it comes to transaction security, the focus has shifted from technical problem to an essential and expected part of doing business. Various methods are still being discussed and debated and this year, many were wondering what EMV would mean for security.

Check out ETA’s conference highlights, photos and video here and we’ll hope to see you at the show in New Orleans next year!

There has been much discussion on credit card security and the use of card-based vs. transaction-based tokens.  What is the difference exactly?   Transaction-based tokens relate to individual transactions. With transaction-based tokenization, a new token is created each time a transaction occurs.  Card-based tokens are generated for each card number.  In this approach, the same token is reused every time that card number is used.  Hoteliers will find a great deal of value in card-based tokens.  Card-based tokens maintain the history critical to guest satisfaction, loyalty programs and marketing analytics.

Guest Preference and History
For the hotelier, a card-based approach means that you can track all guest transactions within the establishment to one folio/card number.  All guest purchases, from their room charge, dining, spa services or gift shop purchases can be tracked and identified by the card-based token.  Guest preferences associated with the profile will flow to the reservation and tie to the same token.  In addition, even if the guest has multiple stays the token remains the same.  This methodology is extremely useful for multi-property and chain environments where a central reservation system is in use.  All guest stay history can be tracked across the entire chain.   

Technology Footprint
IT departments responsible for maintaining and supporting the property management system environment will appreciate card-based token technology as well.  Card-based tokens do not require as much database storage as transaction-based systems.  The one-to-many relationship used for card-based tokenization uses less database real estate.   

Operations Impact
Accounting and audit functions are also streamlined with card-based tokens.  Credit card batch settlement reports are simplified since all incremental transactions roll up to one card number.  It is faster for accounting personnel to look up charges on guest folios.  Bank statement reconciliation and research is also easier with card-based tokenization by associating one card number with multiple transactions on a folio.

As we all know, credit card security is becoming more complex to manage all the time.  With card-based tokenization hoteliers can achieve the high level of security required while gaining operational advantages as well.    Merchant Link invites your feedback and opinions on this topic.  Please share your experiences or questions in the comment section below.

As they often say in technology, you’re not wrong, just too early… and this may be the case with the mobile wallet.  Yes, the technology has been around for awhile.  But now that consumers have embraced their mobile devices and broadened their perspectives on payments, is it still not quite ready for primetime?

While 2012 was supposed to be the year of the mobile wallet, players like Google are still struggling to find merchants who are willing to support and embrace the new technology.  Recent attempts to hack into the Google Wallet application are not helping these players make their case.

Google Wallet requires a personal identification number (PIN) code and a phone lock screen, which the company claims provides a higher level of security than most credit cards have today.  However, this past month two incidents proved that the PIN code could be cracked.  These breaches also forced Google to discontinue the acceptance of prepaid cards.

While we know that there will continue to be a lot of hype around mobile commerce, we also clearly understand that adoption by merchants and processors will really depend on payment security.

To deny the possibility of an attack over a mobile payment network would be irresponsible.  Most merchants are awaiting further development in this area before they take that leap and adopt a mobile wallet solution.  Once the industry embraces an aggressive security strategy for mobile payments, we believe adoption by merchants will follow suit.

What do you think? Let us know by leaving a comment below.

The big day is just around the corner.  With only days left, how can you show your significant other how much you care?

According to New Online Spending Index conducted by Javelin Strategy & Research, 19 percent of shoppers will spend more money on gifts.

The National Retailer Federation’s (NRF) conducts an annual Valentine’s Day Consumer Intentions and Actions survey and this year found that the average person will spend more than they have over the past 10 years, reaching a spending total of $17.6 billion.

Shopping surges happen throughout the year and it often makes us wonder if merchants are prepared to secure all that consumer payment data.  Both of these recent surveys indicate that safe and secure shopping is critical for both online and traditional brick and mortar merchants.  Flowers and chocolates are always favorite gifts around this time of year, but according to Javelin, 60 percent of those surveyed plan on purchasing something else.

Jewelry merchants should be especially vigilant. Last year, the day after Valentine’s Day, several jewelry stores were under attack from hackers.  Day’s Jewelers, with five stores across Maine and New Hampshire, suffered a breach from outside hackers and nearly 1,000 customers who purchased items from Day’s reported fraudulent activity on their cards.

So don’t let the big day break any hearts or wallets.  Retailers must protect that trust of their customers and can do so by following a few simple tips that we often talk about on this blog:

• It’s all in the heart — of the network that is. Every retailer should understand where cardholder data is stored on the network. Are there proper security controls in place to protect this data? Ensure data is properly protected according to PCI standards.
• Focus on the relationship. It’s not just technology, its people and processes, and how they all connect and work together. Merchants must educate and train staff to understand network security policies and procedures.
• Know when it’s time to move on. As in every relationship, there are times when you need to take stock of things and let go.  The same holds true for information stored on the network. Merchants tend to hold on to data when in reality, this information can be easily removed from the system which in turn minimizes the cardholder data environment and security risk.

We hope that merchants take these tips to heart to maintain strong relationships the loyalty of their customers.

These days, merchants are being told they can save money by using a client-to-processor connection or “direct driver” vs. a hosted payment gateway in the cloud. Are these claims really true? What do merchants stand to lose by sending transaction data directly from their point-of-sale system to a processor?

A hosted payment gateway facilitates the secure transfer of information between a point of payment (your POS) and the payment processor or bank. The gateway acts as a translator, traffic cop and bodyguard – interpreting and directing data streams through a secure route to the appropriate destination, quickly and accurately.

Merchants considering both options should keep in mind:

1. Choice: A gateway connects merchants to a variety of processors and often offers the flexibility to switch payment providers quickly and efficiently, enabling a merchant to best manage its payment acceptance fees. Merchants with franchisees can offer them the choice of processors and maintain a secure and consistent payments acceptance process across their brand.  Merchants can also use the gateway to route different card types to specified hosts, saving them money by reducing processor’s switching fees.  A quality gateway assures that a merchant is not locked in to a particular processor’s technology that is hard to “unravel” if they decide to change.
2. Support: A quality gateway provider has the unique ability to track down and efficiently resolve problems no matter where an issue occurs within the life cycle of a transaction; saving merchant’s time and money by eliminating “finger pointing” between POS providers and payment processors.  The more complex the merchant environment, the more a gateway is needed.  A gateway can help a merchant quickly resolve payments hassles and get back to managing their business.
3. Cost: While most gateway providers charge a subscription or per-transaction fee, merchants should take into account the ongoing investment they will have to make in new software and/or a POS upgrades when considering a client-to-processor connection. The merchant is then locked in to technology that will soon be dated.  In contrast, a cloud-based payment gateway is easily implemented and maintained.  Configuration changes are usually performed at the gateway without interrupting business at the site when software and payment scheme updates are required.

Savvy business owners know that the only way to separate claims from reality and determine what’s best for their business is to educate themselves, talk to other merchants who are utilizing similar solutions, and ask a whole lot of questions. Check out this informative presentation and let us know what you think by leaving a comment below.

Joie de Vivre, which manages the largest collection of boutique hotels in California and an assortment of restaurants and spas, will raise the standards of customer service by implementing Merchant Link’s tokenization solution to protect the credit card data of its guests across 27 of its locations.  Merchant Link is a leading provider of cloud-based payment gateway and data security solutions.

Joie de Vivre offers one of the most unique collections of lifestyle hotels and continues to expand on its fresh and inventive properties.  Merchant Link will deploy its hosted, card-based tokenization solution across the Joie de Vivre enterprise, including the hotel property management systems and the spa point-of-sale systems, ensuring that every transaction is tokenized and there is an extra layer of protection that will protect Joie de Vivre’s brand.

“We pride ourselves on being innovative and offering exceptional hospitality services and products to our customers,” said Michael Stano, Joie de Vivre’s vice president of technology. “Our commitment to excellence extends even further by offering safe and secure financial transactions for our customers so they can enjoy their experience without worrying about the safety of their payment information.  And we have the peace of mind knowing that sensitive data doesn’t live on our network.”

Joie de Vivre, a long time customer of Merchant Link, will utilize TransactionVault™, a tokenization technology that removes customer card data from merchants’ systems where it is most at risk of being compromised by hackers. By tokenizing every transaction throughout the entire hotel experience from check-in to purchases at the gift shop and more, Joie de Vivre can remove payment data from all points in the payment process.  This valuable data will instead be stored in Merchant Link’s secure, hosted “vault,” and therefore effectively lowering the cost and effort of attaining and maintaining PCI compliance.

“The lodging industry is quickly realizing the importance of tokenization to secure sensitive data,” said Dan Lane, President and CEO of Merchant Link.  “We have served Joie de Vivre’s payment transaction needs since 2007, and we continue to work with them as they address the complexities of payment transactions.”

About Joie de Vivre Hotels

Joie de Vivre Hotels ( www.jdvhotels.com ) embarked on its mission to “create joy” for guests and employees in 1987, when Chip Conley founded the innovative hospitality company in San Francisco. Each one of Joie de Vivre’s more than 30 hotels is an original concept designed to reflect the local community and engage the five senses so that guests enjoy authentic, memorable experiences. Today Joie de Vivre manages the largest collection of boutique hotels and resorts in California and is expanding outside the state with openings in Scottsdale, Arizona this fall and Chicago in early 2012.

With more than 25,000 guests visiting each month, Fantasy Springs Resort Casino, owned by the Cabazon Band of Mission Indians, is known for providing luxurious accommodations, the finest cuisine, exciting entertainment, and a world-class casino.

Fantasy Springs is also on the cutting-edge when it comes to payments and transaction security.  Following is an exclusive podcast with Don Lindsey, Fantasy Springs Resort Casino’s Director of Information Technology, who discusses transaction security trends and their use of tokenization.