Merchant Link SecurityCents

These days, merchants are being told they can save money by using a client-to-processor connection or “direct driver” vs. a hosted payment gateway in the cloud. Are these claims really true? What do merchants stand to lose by sending transaction data directly from their point-of-sale system to a processor?

A hosted payment gateway facilitates the secure transfer of information between a point of payment (your POS) and the payment processor or bank. The gateway acts as a translator, traffic cop and bodyguard – interpreting and directing data streams through a secure route to the appropriate destination, quickly and accurately.

Merchants considering both options should keep in mind:

1. Choice: A gateway connects merchants to a variety of processors and often offers the flexibility to switch payment providers quickly and efficiently, enabling a merchant to best manage its payment acceptance fees. Merchants with franchisees can offer them the choice of processors and maintain a secure and consistent payments acceptance process across their brand.  Merchants can also use the gateway to route different card types to specified hosts, saving them money by reducing processor’s switching fees.  A quality gateway assures that a merchant is not locked in to a particular processor’s technology that is hard to “unravel” if they decide to change.
2. Support: A quality gateway provider has the unique ability to track down and efficiently resolve problems no matter where an issue occurs within the life cycle of a transaction; saving merchant’s time and money by eliminating “finger pointing” between POS providers and payment processors.  The more complex the merchant environment, the more a gateway is needed.  A gateway can help a merchant quickly resolve payments hassles and get back to managing their business.
3. Cost: While most gateway providers charge a subscription or per-transaction fee, merchants should take into account the ongoing investment they will have to make in new software and/or a POS upgrades when considering a client-to-processor connection. The merchant is then locked in to technology that will soon be dated.  In contrast, a cloud-based payment gateway is easily implemented and maintained.  Configuration changes are usually performed at the gateway without interrupting business at the site when software and payment scheme updates are required.

Savvy business owners know that the only way to separate claims from reality and determine what’s best for their business is to educate themselves, talk to other merchants who are utilizing similar solutions, and ask a whole lot of questions. Check out this informative presentation and let us know what you think by leaving a comment below.

We are coming to the end of the year, when everyone takes a look back and reflects on the past 12 months and tries to determine the trends that will impact the coming year. Many industries are facing a sobering outlook for 2012 and looking to do more with less.

The hospitality sector in particular has struggled with the economic downturn the past few years. Steve Short, president of NetLink Resource Group, says that it is still possible for hospitality executives to achieve their goals by investing in smart IT projects to drive business growth.

By smart, I assume he means that these IT projects should help the company meet business objectives while simultaneously saving the company money. My guess is that many will look to implement cloud solutions that require less management and maintenance.

But specifically, the hospitality sector should focus on investment in projects that secure their sensitive customer data and by extension, their brand reputation. The potential return on investment includes simplified PCI compliance. Technology solutions such as point-to-point encryption and tokenization have been reviewed by the PCI Council, resulting in documents that guide executives on how to properly implement these solutions.

As budgets decrease and focus on ROI increases. making sense of the dollars and cents is more challenging ever. But given the cost of compliance, and the cost of a potential data breach, the hospitality sector should seriously consider and measure the ROI of protecting their data.

To read more from Steve Short and his predictions, check out his blog on HTFP Connect.

Avivah Litan is a vice president and distinguished analyst in Gartner Research and is a renowned expert in the area of payments security.   She regularly publishes key industry research reports with regards to PCI compliance, has a well-read blog and is often quoted in the media discussing PCI compliance and payment security – among other things. Following is an exclusive podcast with Avivah Litan who discusses key payment security trends and highlights the value of end-to-end encryption and tokenization.

Joie de Vivre, which manages the largest collection of boutique hotels in California and an assortment of restaurants and spas, will raise the standards of customer service by implementing Merchant Link’s tokenization solution to protect the credit card data of its guests across 27 of its locations.  Merchant Link is a leading provider of cloud-based payment gateway and data security solutions.

Joie de Vivre offers one of the most unique collections of lifestyle hotels and continues to expand on its fresh and inventive properties.  Merchant Link will deploy its hosted, card-based tokenization solution across the Joie de Vivre enterprise, including the hotel property management systems and the spa point-of-sale systems, ensuring that every transaction is tokenized and there is an extra layer of protection that will protect Joie de Vivre’s brand.

“We pride ourselves on being innovative and offering exceptional hospitality services and products to our customers,” said Michael Stano, Joie de Vivre’s vice president of technology. “Our commitment to excellence extends even further by offering safe and secure financial transactions for our customers so they can enjoy their experience without worrying about the safety of their payment information.  And we have the peace of mind knowing that sensitive data doesn’t live on our network.”

Joie de Vivre, a long time customer of Merchant Link, will utilize TransactionVault™, a tokenization technology that removes customer card data from merchants’ systems where it is most at risk of being compromised by hackers. By tokenizing every transaction throughout the entire hotel experience from check-in to purchases at the gift shop and more, Joie de Vivre can remove payment data from all points in the payment process.  This valuable data will instead be stored in Merchant Link’s secure, hosted “vault,” and therefore effectively lowering the cost and effort of attaining and maintaining PCI compliance.

“The lodging and travel payment industry is quickly realizing the importance of tokenization to secure sensitive data,” said Dan Lane, President and CEO of Merchant Link.  “We have served Joie de Vivre’s payment transaction needs since 2007, and we continue to work with them as they address the complexities of payment transactions.”

About Joie de Vivre Hotels

Joie de Vivre Hotels ( www.jdvhotels.com ) embarked on its mission to “create joy” for guests and employees in 1987, when Chip Conley founded the innovative hospitality company in San Francisco. Each one of Joie de Vivre’s more than 30 hotels is an original concept designed to reflect the local community and engage the five senses so that guests enjoy authentic, memorable experiences. Today Joie de Vivre manages the largest collection of boutique hotels and resorts in California and is expanding outside the state with openings in Scottsdale, Arizona this fall and Chicago in early 2012.

By Jorge Bertran, Director of Business Development, Merchant Link

This week at RetailNOW has been great.  One of the most memorable events was the night of the RetailNOW 2011 conference awards dinner.  Especially, when we heard our name called as one of the winners for the Retail Solutions Provider Association (RSPA) Awards of Excellence.

Merchant Link was recognized as the Bronze winner in the Payment Processing category.  It was an honor to receive this award. More so because these awards are unique in the retail technology industry due to the fact that dealers get to vote for the winners.

It also gives us further validation that our approach, which is to ease the burden for our customers, is the right one. Every day, our staff looks for ways to remove the hassle and risk from the payment process and ensure smooth, secure transactions from start to finish.  This award highlights that we are succeeding in our mission.

For a full list of the award recipients, click here. For photos of our team at RetailNow 2011, visit our Flickr page.

by Beth McGarrity

Last month Verizon Business released its latest Data Breach Investigation Report.  The industry with the largest number of breaches was the financial sector, followed closely by hospitality, and then retail also comfortably in the top 10.  The vulnerability of the retail and hospitality sectors should come as no surprise given the sheer number of transactions processed and the vast amount of data stored by these merchants.

Based on an analysis of 257 incidents, the Verizon team discovered that 48 percent of breaches were as a result of privilege misuse, 70 percent of breaches were initiated by external sources and insider attacks increased 26 percent.  What is surprising is that overall, 85 percent of attacks required relatively little sophistication and skill and could have been avoided without difficult or expensive controls.

So what can merchants do to protect their data?

• Become PCI Compliant – according to the report, 79 percent of companies were not PCI compliant in the period leading up to the data breach.  While the 12 requirements may not keep an attack from happening, they do provide a set of best practices which make it more difficult for an attacker to compromise records.

• Protect Your POS and Database Servers First – these two areas were noted as being some of the most vulnerable assets companies have.

• Don’t Retain Data on Your Systems – the researchers at Verizon have recommended for several years now that companies not store data on their own systems.  After all, if no records are kept, then cyber criminals will have nothing to steal. The PCI Council recommends tokenization and encryption as two ways of maintaining transaction integrity without violating the cardholder data storage and handling requirements.

What steps has your company taken to secure its data and infrastructure from attack?

While we hear a great deal about the threats to consumer credit card security, we don’t hear that much about the issues facing merchants, just criticism and finger pointing when they suffer a breach.

At Merchant Link we understand how complicated it is for merchants to navigate their way through the payment processing system to ensure the safety and security of their customers’ personal information.

Our CTO, Dan Lane, spends a lot of time thinking about these problems and devising solutions for merchants who are confronted with a lack of resources and too many vendors touting too many products.

In the video below Dan outlines his top tips and suggestions for merchants looking to protect their brand and their customers against ever-evolving threats.