Only 38% of Retailers have Implemented a Single Token Solution Across the Enterprise, According to New BRP Report

Tokenization removes sensitive information from the network, improves security and enables a shared cart across channels

Boston, MA – April 3, 2019– According to BRP’s SPECIAL REPORT: Security, retailers must continuously reexamine their policies surrounding customer payment and personal data. Every day, new dangers emerge and enhanced security measures are necessary to adequately defend against these malicious attacks. A single security breach is enough to deal a crippling blow to many companies.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior vice president and practice lead, BRP Consulting. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels. What began as a solution to remove payment card data from a retailer’s environment has found additional value in substituting Personally Identifiable Information (PII) to help drive omni-channel use cases. We continue to see improved security practices across the retail industry in efforts to thwart malicious attacks and remain compliant with regulations, but this is a never-ending challenge.”

Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token which is used as an identifier but has no exploitable value or meaning. In addition to the increased security offered by tokenization, it is also key to enabling a shared cart across channels.

Retailers’ capabilities for a shared cart across channels are behind consumers’ expectations. According to the BRP Consumer Study, 56% of customers want access to a single cart to shop across channels and be able to reach their cart via phone, computer, or even in the store, yet only 38% of retailers have implemented a single token solution to enable this feature. While some retailers are on the path to offering this service by implementing a single token across the enterprise, only 7% of retailers offer this shared cart concept.

BRP’s SPECIAL REPORT: Security is based on findings from the BRP Consumer Study and the 2019 POS/Customer Engagement Survey and offers insights into how retailers are progressing with their security efforts to protect consumers’ payment and personal data.

The SPECIAL REPORT: Security highlights:


  • Customer expectations: 33% are likely to allow retailers to save credit card details if it eases the checkout process
  • Retailer capabilities: 61% have implemented end-to-end encryption to offer customers greater security of their personal and payment data


  • Customer expectations: 50% are likely to allow retailers to save personal details if it eases the checkout process and allows for more personalized offers
  • Retailer capabilities: 38% have implemented a single token solution across the enterprise to offer customers greater security of their personal and payment data


  • Customer expectations: 38% are likely to choose a store if it offers mobile wallet/payments
  • Retailer capabilities: 59% offer mobile payment acceptance

To download BRP’s SPECIAL REPORT: Security, visit:

The special report platinum sponsor is TSYS, the gold sponsors are Aptos, Diebold Nixdorf, ECRS and Fujitsu, and the silver sponsor is STORIS.

About BRP

BRP is an innovative retail management consulting firm dedicated to providing superior service and enduring value to our clients. BRP combines its consultants’ deep retail business knowledge and cross-functional capabilities to deliver superior design and implementation of strategy, technology, and process solutions. The firm’s unique combination of industry focus, knowledge-based approach, and rapid, end-to-end solution deployment helps clients to achieve their business potential. BRP’s consulting services include:

Strategy | Business Intelligence | Business Process Optimization | Point of Sale (POS)
Mobile POS | Payment Security | E-Commerce | Store Systems and Operations | CRM
Unified Commerce | Customer Experience | Order Management | Networks
Merchandise Management | Supply Chain | Private Equity

For more information on BRP, visit

CVS Pay joins growing list of in-store mobile payment apps

SNL Financial – As the list of in-store mobile payment apps grows, more large retailers are giving consumers the option to pay with their smartphones.

CVS Health, the largest drugstore chain in the U.S., is one of the most recent merchants to build out its mobile app to enable in-store payments. With CVS Pay, customers can store payment methods and present a barcode to a cashier at the point of sale. Users also can manage prescription information and coupons within the same application.

For retailers like CVS, identifying consumers’ buying habits and preferences is important, according to Perry Kramer, vice president and practice lead at Boston Retail Partners.

“The easiest way to identify the customer is in the payment space,” Kramer said. In exchange for valuable data, merchants can give shoppers a more “frictionless” payment experience, he added.

Still, mobile wallets are an IT challenge for most stores. Kramer said many retailers are focused on updating antiquated point-of-sale systems and are busy with EMV implementation. Only the largest retailers with enough critical mass can feasibly build out an app with payments capabilities, he said.

Read full article: CVS Pay joins growing list of in-store mobile payment apps

The Chip-Card Ninjas Weaning America Off Swiping

Bloomberg News – Getting the U.S. off magnetic stripes isn’t easy and could take years. There are long waitlists of merchants trying to get their terminals certified, and the hardware and software—as well as communication hand-offs to processors and banks—don’t always work perfectly together. Almost a year after the official switch to chip cards, only a third of U.S. merchant locations accept them, according to MasterCard Inc. An additional third are somewhere in the process of switching over, according to payment expert Crone Consulting LLC. Thousands of stores around the U.S. currently have their terminals’ chip-card slot taped up as they try to achieve certification.

For smaller merchants, it’s easier to outsource the process. That’s where Creditcall, and other companies like it, come in.

There are now dozens of such firms, part of a huge new consulting industry that has grown up around helping companies implement EMV. Boston Retail Partners, for example, sends teams of consultants to retailers’ headquarters to assist their sales operations and training departments. Companies, such as Accenture PLC, help banks get their customers and merchants to use chip cards. And others, such as Creditcall, are helping merchants’ technology vendors get hold of pre-certified gear to accept chip cards.

Altogether, consultants and various helpers are booking $2.6 billion a year from helping merchants get EMV up and running, according to Crone Consulting. At Boston Retail Partners alone, EMV-related business has been doubling or tripling annually for the last two years, Perry Kramer, vice president and practice lead, said in an interview.

“It’s become a big business for a lot of firms. Because you really need expertise—because it’s very complicated—the rules are continuing to change, the vendors and banks are still figuring it out,” Kramer said. “It’s a full-time job, and merchants’ associates already have full-time jobs.”

Read full article: The Chip-Card Ninjas Weaning America Off Swiping

More Chip-Card Headaches, This Time for Merchants

Wall Street Journal – For millions of merchants that haven’t yet met the credit-card industry’s deadline for accepting more secure plastic, the bill is coming due.

As of last October, retailers who didn’t make the transition to chip cards are on the hook for counterfeit transactions that used to be covered by card-issuing banks. The costs of the fraud, known in the industry as chargebacks, are starting to stack up.


Chargebacks among small and medium-size merchants rose 15% in the fourth quarter from a year earlier, according to a recent survey by The Strawhecker Group, a payments consulting firm. The industry believes the volume of chargebacks has likely risen since then, because the fourth quarter included only a few weeks under the new rules and it often takes a while for the costs to flow through to merchants.


Financial institutions have been issuing the new cards to customers for more than a year, but just 22% of retailers are able to process them, according to a survey released last month by Boston Retail Partners. Another 53% of the merchants in the survey planned to install the systems within the next 12 months.

Read full article: More Chip-Card Headaches, This Time for Merchants

Merchants Without Chip Readers On The Hook For Tens Of Millions Of Dollars In Fraudulent Purchases

International Business Times – Your new bank card with the fancy, more secure chip might just be sticking your favorite store with a nasty bill, the Wall Street Journal reported.

In the past, when purchases were made using counterfeit cards, the bank picked up the tab, leaving the merchant and cardholder protected from the wiles of ne’er-do-wells.

But since October, U.S. retailers have been the ones who have to cover the cost of fraudulent purchases, not banks. October was the deadline for all U.S. merchants to be able to process payments made by chip cards; the banks backing the cards no longer make merchants whole if the store can’t process chip card payments.

That’s led to tens of millions of dollars in lost revenue for small- and medium-sized stores.

Although the credit card industry’s deadline was six months ago, only 22 percent of merchants actually are processing payments using the chip, the Journal said, citing a report from consulting firm Boston Retail Partners. The other 78 percent’s reasons for not having pulled the chip trigger yet vary from seasonal worries (not wanting to disrupt the holiday shopping season), to the new payment terminals not working correctly, to not being able to have their payment systems certified.

Read Full Article: Merchants Without Chip Readers On The Hook For Tens Of Millions Of Dollars In Fraudulent Purchases

VIDEO: Tokenization and Encryption are Key Components of Payment Security

According to the 2016 POS/Customer Engagement Survey, only 22% of retailers support EMV transactions. Why has the adoption of EMV been so slow? For payment security, many retailers have focused their attention on tokenization and encryption to help prevent payment card breaches, which can cost a retailer far more than the chargebacks as a result of not deploying EMV.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, share his thoughts on tokenization and encryption and why retailers are making this a higher priority than EMV.

Tokenization and Encryption are Key Components of Payment Security

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.


How Is EMV Transition Going?

eSecurity Planet – Several months after the October 2015 deadline for card issuers and merchants in the U.S. to shift to EMV (chip-based) credit and debit cards, a recent Boston Retail Partners survey found that just 22 percent of retailers currently support EMV, with another 53 percent planning to do so within the next 12 months. Sixteen percent say they have no plans ever to support EMV.

Separately, a recent CardHub survey found that approximately 42 percent of larger U.S. retailers haven’t updated the point-of-sale (POS) terminals in any of their stores, and 24 percent have updated fewer than 50 percent of their terminals to accept EMV cards.

Why So Slow on EMV?
One problem, Boston Retail Partners vice president Ryan Grogman said, is that point-of-sale systems in the U.S. are relatively complex, making the EMV upgrade process more challenging than it might otherwise be.

“Support for EMV can often mean not just an upgrade of these payment terminals to support the new insert/dip process, but also changes to the POS application, changes to payment gateways and potentially changes at the credit switches,” he said.

He cited long lead times for new payment terminals and certification, a limited set of payment switch development resources and payment provider support resources, and a scarcity of POS developers as factors contributing to a big backlog in EMV implementations.

Read Full Article: How Is EMV Transition Going?

Amazon eyes selfie payments but starring role not guaranteed

Mobile Commerce Daily – Amazon joins a growing list of companies, including MasterCard and Alibaba, betting on facial recognition to appeal to young consumers and address security concerns for mobile payments, but whether the popularity of selfies can translate into commerce has yet to be proven.

Amazon has reportedly filed for a patent that would entail a phone or computer prompting the user to perform certain motions such as smiling or blinking to authenticate identity and complete a payment. The move points to the ongoing push for more streamline mobile commerce experiences, with four-digit passwords viewed as too cumbersome.

“With the rapid growth of many mobile device payment solutions – Apple Pay, Samsung Pay, etc. – the industry has seen an explosive growth in the utilization of fingerprint authentication to validate the owner of the card being used in the transaction,” said Ryan Grogman, vice president at Boston Retail Partners. “Facial recognition authentication, being branded as ‘selfie payments’ in the headlines, is another form of bio-authentication that will see some traction in the coming years.

“When Alibaba initially announced their entry into this solution space last year, there weren’t many details around how the technology would work, which led to questions around such scenarios as users holding photos to cameras to spoof the app or website into thinking the valid purchaser was completing the transaction,” he said.

“With MasterCard’s announcement last month, and certainly with the details contained within the patents filed by Amazon, we can start to see how these solutions will combat those potential concerns – in Amazon’s case, by having the purchaser perform certain live-action movements to complete the validation.”

Read Full Article: Amazon eyes selfie payments but starring role not guaranteed

VIDEO: Payment Security is Still a Top Priority for 2016

According to the 2016 POS/Customer Engagement Survey, payment security continues to be one of retailers’ top three priorities, as many retailer have not implemented EMV yet.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, explain why payment security is still a top priority for retailers in 2016 and what they are focused on in the next year.

Payment Security is Still a Top Priority for 2016

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.


6 Must-Have Data Security Measures

Convenience Store and Fuel News – With the goal being a “multilayered” approach to data security, retailers focused on EMV need to implement additional measures and infrastructure to properly reduce risk, according to a recent report.

Risk-management firm Boston Retail Partners recently released a study called “Beyond EMV: Best Practices for Payment Security,” which highlights six security strategies critical for a high level of protection.

Retailers, however, have a ways to go to implement many of these options. According to Boston Retail’s 2016 POS/Customer Engagement Survey, even after the liability shift deadline of last October for in-store point-of-sale (POS), only 22% of retailers support these transactions, with another 53% of retailers still planning to implement the capability within 12 months.

The study also found that 49% of retailers have implemented end-to-end encryption and 35% have implemented tokenization of payment data “at rest.”

Read full article: 6 Must-Have Data Security Measures