…………………………………………………………………………………………………………………………………
Welcome to the Bi-Weekly Best of the Web – a great way to catch up on recent commentary and compelling content from across the Web. Every other Friday, we’ll post insightful news articles, noteworthy blog posts and more related to the world of payments, payment data security and technology.
……………………………………………………………………………………………..………………………………….
Why Credit Card Fraud Grows
Missing the Mark on Secure Card Tech Will Haunt Any Issuer <Tweet this article>
by Tracy Kitten
Payments card fraud is a growing concern for U.S. card issuers, yet few have taken dramatic steps to fight it. Last week’s announcement that major card brands and domestic issuers are joining forces to create an EMV Migration Forum reflects at least some interest in enhancing payment-card security…….Click here to read more
Starbucks/Square partnership: what does it mean? <Tweet this article>
by Javelin Strategy & Research
The Starbucks/Square partnership certainly is among the major recent announcements related to in-store mobile payments, and has the potential to significantly help jump start adoption. While I don’t agree with some of the more euphoric comments that this one move is the singular event that ushers in mobile payments, it is a big deal……. Click here to read more
RetailNOW: The High Cost of POS Security Failures <Tweet this article>
by Vertical Systems Reseller
Solution providers were given a wake up call about the perils of point-of-sale security breaches, on Monday, at RSPA’s RetailNOW convention. Secret Services Agent Jason Berryhill, a POS fraud specialist, addressed the packed audience and dropped some very serious statistics……. Click here to read more
…………………………………………………………………………………………………………………………………
What other interesting content have you come across? Leave a comment below and join the discussion!
……………………………………………………………………………………………..………………………………….
The big day is just around the corner. With only days left, how can you show your significant other how much you care?
According to New Online Spending Index conducted by Javelin Strategy & Research, 19 percent of shoppers will spend more money on gifts.
The National Retailer Federation’s (NRF) conducts an annual Valentine’s Day Consumer Intentions and Actions survey and this year found that the average person will spend more than they have over the past 10 years, reaching a spending total of $17.6 billion.
Shopping surges happen throughout the year and it often makes us wonder if merchants are prepared to secure all that consumer payment data. Both of these recent surveys indicate that safe and secure shopping is critical for both online and traditional brick and mortar merchants. Flowers and chocolates are always favorite gifts around this time of year, but according to Javelin, 60 percent of those surveyed plan on purchasing something else.
Jewelry merchants should be especially vigilant. Last year, the day after Valentine’s Day, several jewelry stores were under attack from hackers. Day’s Jewelers, with five stores across Maine and New Hampshire, suffered a breach from outside hackers and nearly 1,000 customers who purchased items from Day’s reported fraudulent activity on their cards.
So don’t let the big day break any hearts or wallets. Retailers must protect that trust of their customers and can do so by following a few simple tips that we often talk about on this blog:
- It’s all in the heart — of the network that is. Every retailer should understand where cardholder data is stored on the network. Are there proper security controls in place to protect this data? Ensure data is properly protected according to PCI standards.
- Focus on the relationship. It’s not just technology, its people and processes, and how they all connect and work together. Merchants must educate and train staff to understand network security policies and procedures.
- Know when it’s time to move on. As in every relationship, there are times when you need to take stock of things and let go. The same holds true for information stored on the network. Merchants tend to hold on to data when in reality, this information can be easily removed from the system which in turn minimizes the cardholder data environment and security risk.
We hope that merchants take these tips to heart to maintain strong relationships the loyalty of their customers.
By Beth McGarrity
Recently, Javelin Strategy & Research released a study that analyzes how consumers’ credit details are secure. The Seventh Annual Card Issuer’s Safety Scorecard dives into existing trends related to card fraud, mitigation against these threats and evaluation of card issuers that have consumer-facing prevention, detection and resolution capabilities.
The study focused on the top 20 card issuers such as American Express, MasterCard, Visa, Bank of America, JP Morgan Chase, Capital One and more. The results found that card issuers do a good job resolving fraud problems once they occur, but ultimately fall short on prevention and detection.
In light of the number of recent breaches that have impacted big brands, as well as financial institutions like Citigroup, consumers need to be aware of how their payment information is protected and take proactive steps to ensure their own credit protection.
By Mike Ryan
A new report from Javelin Strategy & Research was released last month on tokenization and end-to-end encryption. The report offers a lot of great insight into tokenization, though the way in which they define card-based tokens is different from the way Merchant Link defines them and is worthy of note. From the report:
Using tokenization per transaction: If a customer uses card A at store A and then walks across the street and uses the same card at store B, the two transactions will have different results. It is also true that if the customer uses card A in store A and then returns a few minutes later and has another transaction at the same POS terminal with the same card, the customer will have two different encryption results.
Using tokenization per card: If a customer uses card A at store A and then walks across the street and uses the same card at store B, the two transactions will have the same results. It is also true that if the customer uses card A in store A and then returns a few minutes later and has another transaction at the same POS terminal with the same card, the customer will have the same tokenization results.
It is not always the case that card-based solutions would return the same token across merchants. Merchant Link’s tokenization solution, TransactionVaultTM, allows the same card to return the same token over time but only within a given chain. So in the example above the token returned for card A will be the same each time at merchant A but will return a different token at merchant B.
Card-based tokens provide several advantages over transaction-based solutions including allowing for order history look up by card number if the customer has misplaced a receipt. This is a very common practice for most retailers today but can be difficult with transaction-based tokens. Additionally, card-based tokens allow merchants to access data analytics to monitor for fraud or for marketing purposes.
We find that our customers are leery of card-based tokenization when the tokens are shared outside of a chain, especially if tokens may be reused for subsequent authorizations or refunds. The potential for fraud in those situations is higher, which is why Merchant Link’s solution uses card-based tokens but only within a “chain.” A chain may be defined in numerous ways to include multiple brands under one corporate parent or exclude franchisors based on business and security requirements.
The debate between card-based and transaction-based tokens will continue. As Javelin points out, card-based tokens that are shared across chains could be problematic. However if tokens are only used within a chain those concerns quickly fade away and the advantages gained in the area of data usability make card-based solutions very attractive for retailers.
