‘Tis the Season — For Secure Payment Processing

Samsung – Just weeks into the 2015 holiday shopping season, retailers industry-wide are tightening mission-critical operations to ensure their shoppers have a satisfying shopping experience. The one area that they can’t afford to overlook this holiday season, however, is secure payment processing. By implementing new security measures across payment networks, retailers are taking steps to secure sensitive customer information this holiday season — a move that promises to drive loyalty well beyond December.

It’s not surprising that 63 percent of retailers reported that secure payment processing is among their top three priorities for 2015, according to the “2015 POS/Customer Engagement Benchmarking Survey” from Boston Retail Partners. Some of the most recognized data breaches over the last 24 months have occurred in the retail industry, and these heists pilfered millions of consumer card numbers, as well as other personally identifiable information.

Often, POS systems are their entry point of choice, due to insecure, Web-based network support and the volume of unencrypted data flowing between networks and units.

Read full article: ‘Tis the Season — For Secure Payment Processing

The Transformation of the Store

CIO Review – With the rapid adoption of smartphones, today’s consumers are always connected and have access to unlimited information at their fingertips. Consumers expect their shopping experience to transcend channels so that they can shop anywhere, buy anywhere, pick up anywhere and receive service anywhere.

“While the store isn’t going away, it’s about to get a whole lot more connected, mobile, smarter and exciting.”

The digital world is infiltrating the physical store, where consumers are equipped with their smartphones and a new set of expectations. While two-thirds of online transactions occur after a shopper visits the store, 90% of all retail sales transactions still occur within the store.

The Store is not Dead–It’s Digitized

Over the past twenty years, many in the retail industry have predicted the demise of the physical store. The store is still the foundation of retail; it is where the tactile and sensory experience comes together for the consumer. The store is the theatre for shopping. However, we are on the cusp of a significant and fundamental transformation in the store environment. Online shoppers are now accustomed to features such as product reviews, extensive assortments, one-click transaction processing and personalized recommendations.

Unfortunately, these expectations don’t dissipate when they walk into the physical store. Retailers must therefore infuse digital features into the store environment to exceed customer expectations. The store of the future must be mobile, relevant, personal, ubiquitous and secure.

Read Full Article: The Transformation of the Store

Future Store Manifesto: Real-time Retail Changes Everything: Study

Progressive Grocer – In an era of significant, fundamental transformation within the store environment, Boston Retail Partners (BRP) has articulated its vision of the future store while identifying the challenges and imperatives retailers face in delivering on consumer expectations in its recently released “The Future Store Manifesto.”

“Stores must now encompass both worlds – the sensory experience of the physical store combined with the personalization and convenience of online shopping. The most successful retailers will seamlessly blend the physical with the digital in the future store,” said Ken Morris, principal, Boston Retail Partners. “Retailers can no longer afford to operate from within silos and must transform their technology, business processes, and organization to align with their customers’ expectations.”

“The technology in stores today is outdated and broken – it can’t support the real-time connection between the consumer, the associate, inventory and pricing essential to the omni-channel experience. It’s time for change,” added Eric Olafson, SVP of store solutions for Demandware, which sponsored the Future Store Manifesto research.

Read full article: Future Store Manifesto: Real-time Retail Changes Everything: Study

Online Retail Fraud to Increase 106% – Are you ready?

As the portion of shopping done online rises, so does the importance of e-commerce to retailers’ overall strategies. Unfortunately, the increased focus on e-commerce also extends to fraudsters looking to make illegitimate purchases – a trend accelerated by the EMV liability shift earlier this month. As more retailers have provided greater payment security in the store with the addition of EMV, fraudsters will be shifting their efforts to target e-commerce sites.

106 Percent online fraudAs a result of EMV according to Trustev, and referenced in our 2015 E-Commerce survey, online fraud is predicted to increase 106% over the next three years. Fraudsters also are looking to exploit ecommerce transactions to capture credit card numbers and other personal data. These changes in the retail landscape make it more important than ever to protect customer data and effectively monitor online transactions.

Online transactions create a unique set of security challenges. Since the transactions are “card not present,” there is no way to verify the card’s legitimacy by verifying the signature, checking the customer’s ID or matching the last four digits of the card. To protect themselves from fraudulent online transactions, retailers must implement a rules-based fraud detection tool, auditing suspect transactions and authorizing legitimate ones.

Protecting Online Customer and Payment Information

Today’s customer expects a certain level of convenience when shopping online including the ability to save their personal and payment information on sites they frequent.

Customer Information – Retailers should be encrypting all customer information as soon as it enters their environment.Hacker_Thief_2

Payment Card Information – Further, the amount of credit card data retailers must save to offer this convenience makes it a target for hackers. Fortunately for retailers, tokenization technology works for both brick and mortar and e-commerce transactions. In fact, all of our clients currently implementing tokenization are implementing multi channel tokens. This not only secures their customer’s credit card data, but also provides the retailer with an omni-channel payment solution central to creating a consistent brand experience across channels.

PCI is not Enough

With the shifting retail paradigm, simply passing PCI is no longer enough to truly protect customer information. Retailers must build security into their technology roadmaps to ensure that the level of protection is commensurate with their omni-channel strategies. We suggest an annual security audit outside of PCI and other standards to ensure that security measures are not in place merely to pass audits but to truly protect the customers’ information retailers work so hard to gain and retain.

As always, I appreciate your opinions on this topic. Please share your comments below.


Chase Pay: Initial Reactions

Chase PayOn Monday, October 26, 2015, JPMorgan Chase & Co announced that it plans to launch a smartphone payment service called Chase Pay by mid-2016. With Apple Pay, Android Pay, and Samsung Pay already making inroads into this upstart mobile payment market, the competition for customers will now be even greater with the addition of Chase’s own service. However, when you start to peel back the onion, it is clear that Chase Pay has some very distinct advantages and disadvantages with their solution.

Thumbs UpAdvantages

Captive Customer Base – With over 94 million card accounts (estimated at 50% of all U.S. households), Chase is certainly in a position to leverage their current market share in helping to gain traction in the fast-growing mobile payment space. Many of the tech-savvy Chase customers already use their smartphone for Chase banking, and adding the ability to execute a payment transaction with these phones is a logical a
nd smart move by Chase. Chase customers will be automatically signed-up for the new mobile payment service, which will accelerate the adoption towards growing their user base in this market.

Backed by MCX – In addition to Chase’s massive customer base, Chase Pay is backed by the MCX (Merchant Customer Exchange) Consortium which will have the support of over 100,000 retail locations at launch, including some of the bigger names in the industry such as Walmart, Target, Lowe’s, Dunkin Donuts and ExxonMobil. 

Device Agnostic – One of the biggest advantages Chase will have in maintaining usage is that they will not be tied to a given smartphone manufacturer. Because Apple Pay will only work on Apple devices and Android Pay on Android devices, Chase Pay has an advantage given its functionality will be supported across multiple devices and mobile platforms.

Retailer Support for Barcode Scanning – Chase Pay’s use of QR barcodes for executing the payment can be supported by virtually any merchant that utilizes 2D barcode scanning.  Their service doesn’t require the latest generation of payment terminals which are necessary for the support of NFC-based payment solutions.

DisadvantagesThumbs Down

Late to the Party – Chase Pay is a latecomer to the mobile payment market which is becoming even more muddled with new solutions with each passing month.  Customers that have taken the time to set up their phones to use either Apple Pay or Samsung Pay may be reluctant to switch over to yet another payment method at this point.

Integration Challenges – For those merchants who aren’t members of the MCX Consortium supporting the CurrentC platform, there will be some integration challenges at the POS to accepting these QR codes.

Consumer Usability – To use Chase Pay, consumers will need to unlock their phones and launch an app (either the MCX CurrentC app or the Chase Pay app) to generate the code during the checkout, which is a more complicated process than simply holding your phone near a payment terminal for executing an NFC-based mobile payment app transaction. Consumers may also debate whether these steps will be worth the effort vs. simply taking a card out of their wallets and swiping/inserting to make a payment.

Enterprise Payment Security Alignment – Many retailers who have invested in new payment terminals over recent years have implemented end-to-end encryption, tokenization and other omni-channel payment security solutions which may be impacted by accepting Chase Pay transactions. Even though Chase Pay utilizes their own tokenization technology to ensure the security of their transactions, it remains to be seen how the underlying message format and routing will sync with other transaction flows.


With an extensive built-in merchant base supporting the acceptance of Chase Pay, this new mobile payment solution will be able to quickly gain traction with existing Chase banking customers. However, given the intense competition from the current industry leaders, along with a lagging underlying technology, it will be interesting to see if Chase Pay is able to maintain long-term relevance in this fast growing market.

As always, I appreciate your opinions on this topic.  Please enter your comments below.


Will Chase dethrone Apple with bank-branded mobile payment adoption?

Mobile Commerce Daily – Chase’s dedication to competing with current mobile payments developers, such as Apple and Samsung, could potentially offer it front-runner status as its substantial customer base strays away from the pigeonhole caused by software developers.

The bank is the first to develop a mobile payment platform, named Chase Pay, and is likely to hold its own against big names in the field as its customers use a varied range of devices, opening it up for a wider audience. Chase is one of the larger banks, and all its customers with a smartphone are automatically eligible.

“The greatest advantage for a bank, like Chase, to introduce mobile payments is that they are not tied to a given smartphone manufacturer like Apple, Android and Google,” said Ryan Grogman, vice president at Boston Retail Partners. “Another benefit for large banks entering the mobile payment space is the large volume of customers that will automatically be signed-up for the service.

“It is estimated that one if every two households in the U.S. is a Chase customer,” he said. “Chase Pay is also backed by the Merchant Customer Exchange Consortium so they are going to have the support of over 100,000 retail locations at launch.

Read full article: Will Chase dethrone Apple with bank-branded mobile payment adoption?

EMV for Automated Fuel Dispensers is Coming Soon – 6 Steps to be Prepared

If the current day status of retailers’ EMV compliance (or lack of compliance) is an indicator of what to expect in 2017, there is no time to wait in preparing your organization and systems to support EMV for automated fuel dispensers. Traditional brick and mortar retailers continue scrambling to meet the already past October 2015 liability shift deadline for EMV.  Delays across software partners, payment terminal providers, and bank certifications have all contributed to the current backlog of non-compliant retailers.

Even if you’re not ready to kick-off a project in the next couple of months, it would be wise to at least begin identifying some of the critical components of your solution:

  1. Gas Station_CroppedKnow your exposure – talk to your bank or payment processor and have them outline, in detail, your potential liability after October 2017. Understanding the magnitude of your risk early on will help drive your decision making process.
  1. Know your potential sales impact – what could the impact be to your sales if your competition deploys well ahead of your own timeline? Will consumer security concerns drive them to do business with EMV compliant fuel dispensers?
  1. Know your software implications – identify all the potentially impacted software components of EMV for your forecourt business: CRIND (card reader in dispenser) firmware or software, POS integration, payment gateway changes, reporting, consumer receipts, etc. Talk to some of your partners now to get a head start on laying out an overall implementation plan that includes the certification of your solution.
  1. Know your hardware/infrastructure implications – take time now to determine if you will need to purchase new card readers, CRINDs, network infrastructure, cabling, POS terminals, etc. If you wait too long, you may have a bigger challenge of “who’s available to assist in these installs.” Don’t get caught in the position of having to scramble to get the right resources to assist in your implementation efforts.
  1. Know your associate/consumer training impacts – Woman Pumping Gas_croppedThe general perception may be that by 2017 EMV will be generally accepted and US consumers will be trained. However, the reality is that without adequate business process changes at the forecourt and readily available associates to quickly provide instructions and answers customer questions, there could be significant disruptions on the island.
  1. Think about future payments – contactless payments such as Apple Pay, Samsung Pay and Android Pay should factor into your planning process as well. As some of these newer payment methods continue to gain adoption with consumers, it is important to understand how the acceptance of these will impact to your EMV preparation plans.

The key takeaway is that the majority of your planning and design needs to be completed before 2017. By heading down the path to compliance in 2016, you can help reduce the risk of getting caught in a last minute scramble which may result in taking unnecessary shortcuts that may add risk to your business. The time to act is now!

I welcome your opinions on this topic. Please share your comments below.


Technically Secure

Chain Store Age – The October deadline for retailer to accept EMV (Europay, Mastercard, Visa)-compliant, chip-based payment cards or face increased fraud liability has placed payment card security in the industry headlines. While important, securing card-based payments a the store is one small facet of the huge undertaking retailers face in protecting their entire network.

For retailers, the broad concept of “security” encompasses specific areas, such as store systems, supply chain, financial data, third-party partners and the enterprise as a whole.

This article includes opinions from Perry Kramer, vice president and practice lead, Boston Retail Partners, in a side bar on page 25.

Where NOT to Store Financial Data

“One of the best ways retailers can make both their financial data and store systems more secure is to reduce potential vulnerability by removing financial data from the store.”  Read the full article for more details.

Read Full Article: Technically Secure


Apple Pay Makes Inroads for Everyday Purchases

eMarketer – Mobile payments are slow to catch on among the general population, but early adopters of the Apple Watch are also rapidly adopting Apple Pay, research suggests. Among those who are using Apple Pay, they report it’s making a different in their everyday life. Four in five said they used it for everyday shopping activities, like going to the grocery store. And three in five said they used it for common services like their morning coffee.

Those respondents who hadn’t used Apple Pay were potentially open to it—29% said the main thing holding them back was lack of support from their bank. Another 18% said it was not available in their local market. Education is still an issue, though: Nearly one in five said they did not know where they could use it.

According to Boston Retail Partners and Mozu, that may be because not many places accept Apple Pay yet. In July, just 7% of retailers surveyed in North America currently accepted it. Nearly two-thirds planned to implement Apple Pay over the next two years, however.

Read Full Article: Apple Pay Makes Inroads for Everyday Purchases

The Big Problem With Those New Credit Cards That No One’s Talking About – Here’s a prediction you need to heed: a large number of you will soon leave your credit cards behind at a retail store after making a purchase. Why? Because the biggest change in the way Americans spend money in decades is about to occur, and there will be hiccups. And because that’s what happened when other parts of the world transitioned to chip-enabled credit cards, according to consultancy Boston Retail Partners.

Boston Retail Partners, a retail consultancy, also wrote about this issue earlier this month.

“Compared to a traditional magnetic strip swipe of a credit card which may result in a sub second response, an EMV authorization and response will take considerably longer – approximately 5-10 seconds. This is due to behind the scenes authentication and validation of the new chip on the credit card,” the firm said in a blog post. “Another impact of this longer duration of leaving the card inserted in the EMV terminal, there is a high risk of the consumer leaving their card behind. This issue was a documented problem in Europe and other early EMV adopters during their EMV cutovers. Solutions exist to configure the payment terminal or POS to alert the associate and customer audibly, or to restrict the printing of the final receipt until the card is removed. To help minimize this issue, retailers should work with their technology partners to understand which solutions work best.”

Read Full Article: The Big Problem With Those New Credit Cards That No One’s Talking About