Merchant Link SecurityCents

From the old knuckle busters, to electronic transactions, to mobile wallets. The world of payments today is evolving at breakneck speed, with more change expected over the next few years than in the last few decades combined. At last week’s Electronic Transactions Association Annual Meeting & Expo, the message was loud and clear: keep up, remain versatile, and continue to innovate, or risk getting left behind.

Having attended the ETA show for many years, it’s interesting to experience the shift in focus. We’re not just talking about basic credit card processing anymore. For example, an exciting new wave of data mining is turning transaction data into marketing gold, providing valuable business intelligence for merchants, and a more personalized experience for consumers. It’ll be interesting to see the reaction as more of these programs are rolled out. I suspect merchants will be thrilled, but consumers may be wary given the high volume of marketing messages we are exposed to daily. But as long as these programs remain “opt-in” and provide real and relevant value, the outlook looks good.

As mobile wallets continue to evolve, which some predict will be the payment method of choice by 2020, I imagine we’ll see a shake-out with a select few companies rising to the top. As card types evolved years ago, most merchants came to accept MasterCard, VISA, American Express, Discover and Diner’s Club.  As mobile wallet options evolve, it will be interesting to see which options become standard.

When it comes to transaction security, the focus has shifted from technical problem to an essential and expected part of doing business. Various methods are still being discussed and debated and this year, many were wondering what EMV would mean for security.

Check out ETA’s conference highlights, photos and video here and we’ll hope to see you at the show in New Orleans next year!

Webcast #4 in our payments education series is up!

In this video, we take a look at merchant services, pricing, and what you can do to better manage your processing costs.

Check it out and let us know what you think.

Webcast #3 in our payments education series is up!

In this video, we take a closer look at interchange and at the various ways you can keep costs as low as possible.

Check it out and let us know what you think.

Last week, we introduced a unique educational series focused on the fundamentals of credit card processing.

Today, we bring you webcast #2!  “Understanding Transaction Fees” provides insight on the different types of transactions fees and how are they calculated and collected.

Check it out and let us know what you think by leaving a comment below.

Here on the SecurityCents blog, we talk a lot about strategies to secure cardholder data, and what’s happening in the world of payments in general. As part of our ongoing commitment to empower merchants with tools and information to better manage their payments, we’re kicking off a webinar program today, starting with a series on the fundamentals of credit card processing.

This unique series will begin with four recorded webcasts, and will answer questions such as:

• How do credit card transactions flow through the network and who are the players involved?
• What are the different types of transaction fees and how are they calculated?
• What can merchants do to reduce their processing costs?

Then, we’ll host a couple of live webinars April 4-5 where we’ll outline valuable best practices to help you run a more efficient and profitable business. Attendees will also have the opportunity to submit questions to be answered live by our panel of experts.

View our first webcast and sign up for the live webinar by clicking here or on the EDUCATION tab above. And let us know what you think by leaving a comment below.

These days, merchants are being told they can save money by using a client-to-processor connection or “direct driver” vs. a hosted payment gateway in the cloud. Are these claims really true? What do merchants stand to lose by sending transaction data directly from their point-of-sale system to a processor?

A hosted payment gateway facilitates the secure transfer of information between a point of payment (your POS) and the payment processor or bank. The gateway acts as a translator, traffic cop and bodyguard – interpreting and directing data streams through a secure route to the appropriate destination, quickly and accurately.

Merchants considering both options should keep in mind:

1. Choice: A gateway connects merchants to a variety of processors and often offers the flexibility to switch payment providers quickly and efficiently, enabling a merchant to best manage its payment acceptance fees. Merchants with franchisees can offer them the choice of processors and maintain a secure and consistent payments acceptance process across their brand.  Merchants can also use the gateway to route different card types to specified hosts, saving them money by reducing processor’s switching fees.  A quality gateway assures that a merchant is not locked in to a particular processor’s technology that is hard to “unravel” if they decide to change.
2. Support: A quality gateway provider has the unique ability to track down and efficiently resolve problems no matter where an issue occurs within the life cycle of a transaction; saving merchant’s time and money by eliminating “finger pointing” between POS providers and payment processors.  The more complex the merchant environment, the more a gateway is needed.  A gateway can help a merchant quickly resolve payments hassles and get back to managing their business.
3. Cost: While most gateway providers charge a subscription or per-transaction fee, merchants should take into account the ongoing investment they will have to make in new software and/or a POS upgrades when considering a client-to-processor connection. The merchant is then locked in to technology that will soon be dated.  In contrast, a cloud-based payment gateway is easily implemented and maintained.  Configuration changes are usually performed at the gateway without interrupting business at the site when software and payment scheme updates are required.

Savvy business owners know that the only way to separate claims from reality and determine what’s best for their business is to educate themselves, talk to other merchants who are utilizing similar solutions, and ask a whole lot of questions. Check out this informative presentation and let us know what you think by leaving a comment below.

Joie de Vivre, which manages the largest collection of boutique hotels in California and an assortment of restaurants and spas, will raise the standards of customer service by implementing Merchant Link’s tokenization solution to protect the credit card data of its guests across 27 of its locations.  Merchant Link is a leading provider of cloud-based payment gateway and data security solutions.

Joie de Vivre offers one of the most unique collections of lifestyle hotels and continues to expand on its fresh and inventive properties.  Merchant Link will deploy its hosted, card-based tokenization solution across the Joie de Vivre enterprise, including the hotel property management systems and the spa point-of-sale systems, ensuring that every transaction is tokenized and there is an extra layer of protection that will protect Joie de Vivre’s brand.

“We pride ourselves on being innovative and offering exceptional hospitality services and products to our customers,” said Michael Stano, Joie de Vivre’s vice president of technology. “Our commitment to excellence extends even further by offering safe and secure financial transactions for our customers so they can enjoy their experience without worrying about the safety of their payment information.  And we have the peace of mind knowing that sensitive data doesn’t live on our network.”

Joie de Vivre, a long time customer of Merchant Link, will utilize TransactionVault™, a tokenization technology that removes customer card data from merchants’ systems where it is most at risk of being compromised by hackers. By tokenizing every transaction throughout the entire hotel experience from check-in to purchases at the gift shop and more, Joie de Vivre can remove payment data from all points in the payment process.  This valuable data will instead be stored in Merchant Link’s secure, hosted “vault,” and therefore effectively lowering the cost and effort of attaining and maintaining PCI compliance.

“The lodging industry is quickly realizing the importance of tokenization to secure sensitive data,” said Dan Lane, President and CEO of Merchant Link.  “We have served Joie de Vivre’s payment transaction needs since 2007, and we continue to work with them as they address the complexities of payment transactions.”

About Joie de Vivre Hotels

Joie de Vivre Hotels ( www.jdvhotels.com ) embarked on its mission to “create joy” for guests and employees in 1987, when Chip Conley founded the innovative hospitality company in San Francisco. Each one of Joie de Vivre’s more than 30 hotels is an original concept designed to reflect the local community and engage the five senses so that guests enjoy authentic, memorable experiences. Today Joie de Vivre manages the largest collection of boutique hotels and resorts in California and is expanding outside the state with openings in Scottsdale, Arizona this fall and Chicago in early 2012.

By Beth McGarrity

For those of us who work in the transaction security business, we know all too well that the hospitality sector is a key target for thieves looking to steal vital customer data.   We write about it on a regular basis on this blog and certainly make note when the hospitality  trade press covers payment security, PCI compliance and the like.

Though every so often, the topic of data security and the hospitality sector bubbles up into the mainstream media, which is good because it raises the issue to a higher level and shines a brighter light on the challenges that faces hoteliers.

The Los Angeles Times recently ran an article about the data security challenges that plague the hospitality sector. In it, they cited a recent study from British insurance firm Willis Group Holdings found data theft insurance claims jumped 58 percent last year.  And, the largest share of attacks – 38 percent – was aimed at hotels, motels, resorts and tour companies.

Laurie Fraser, global markets leisure practice leader for Willis, pointed out in the article that large hotel chains are most vulnerable because hotel management companies fall short in monitoring how data is collected and stored at dozens or even hundreds of properties throughout the world.  She also stated that independent contractors who work for individual hotels could also be the weak link when it comes to exposing hotels to hackers and viruses.

The report from Willis clearly underscores the value of implementing transaction security solutions like encryption and tokenization that fully remove all customer credit card data from a hotel’s IT systems.

Though we may sound like a broken record on this one, these solutions allow hospitality providers to get out of the credit card processing and protection businesses and focus on their core businesses.   In addition, if this Washington Post article is correct about the future economic outlook for the hospitality sector, then hoteliers really need to be focusing on maintaining guest bookings and room rates, as opposed to transaction security.

Last month, Hospitality Technology Magazine hosted its 16th Multi-Unit Restaurant Technology Conference, also known as MURTEC. The event brought together more than 225 restaurant technology, finance and operations professionals for three days of peer-to-peer exchange of ideas and best practices.

Following is an exclusive SecurityCents podcast with Abby Lorden, Editor in Chief of Hospitality Technology Magazine, who discusses some of the key takeaways from MURTEC 2011, as well as transaction security trends for the restaurant sector.

By Mike Ryan

While much of the news cycle involving hackers and cyber crime these days is focused on the activities of the rogue hacker group called Anonymous, there is an underground movement by the hacker community to target something that is very vital to the success of a merchant’s business:  the point-of-sale (POS) system.

According to TrustWave, a company that investigates payment card breaches for American Express, Visa and MasterCard and others, the vast majority of the 220 data breach investigations it did worldwide in 2010 were a result of weaknesses in the POS device.

The company recently issued its 2011 Global Security Report, and here’s a quote from that study that resonates for those of us in the payment security space:

“Representing many targets and due to well-known vulnerabilities, POS systems continue to be the easiest method for criminals to obtain the data necessary to commit payment card fraud.”

In addition, to providing more complete credit card data for hackers to steal, here are other reasons why merchants are experiencing vulnerabilities in their POS systems:

• Improper implementation of Payment Application Data Security standards (PA-DSS)
• Relying on third-party integrators to support the POS devices that have poor security practices
• Using default credentials in operating systems

Of course, there are better ways to manage security controls and authentication, however, the most effective way to mitigate this issue is to completely remove this vital data from a merchant’s network via a tokenization solution.

Hackers like to score the lower hanging fruit.  For far too long, POS systems have provided an easy avenue for cyber criminals to steal customer data.  By completely removing all credit card data from the network, hackers will simply move onto greener pastures.

And, merchants can rest easier knowing that their POS systems are safe and secure.