Posts

Noticed stores still can't take your chip card? You're not alone, survey says

CNBC – American consumers are finally getting on board with new chip-enabled credit cards — but retailers aren’t following suit, leaving them vulnerable to fraud, according to a study released Thursday.

Seventy percent of U.S. credit card holders have EMV chip cards, according to CreditCards.com. Meanwhile, between 22 percent and 37 percent of retailers have adopted the technology, the survey said, citing research from Boston Retail Partners and The Strawhecker Group.

“Consumers have the chip-enabled cards and are looking to use them,” said Rob Cameron, chief product and marketing officer at Moneris, one of the largest debit and credit card processors in North America. “We’ve certainly seen an increase in interest from our merchants in moving toward EMV-enabled terminals.”

The deadline for converting to the new cards was October, when merchants became financially responsible for fraudulent charges on credit cards, according CreditCards.com, which in March conducted telephone surveys of more than 900 people who owned major credit cards. EMV adoption tends to be higher among older, college-educated consumers and men, while it is less common in rural areas, the study found.

Read Full Article: Noticed stores still can’t take your chip card? You’re not alone, survey says

Amazon eyes selfie payments but starring role not guaranteed

Mobile Commerce Daily – Amazon joins a growing list of companies, including MasterCard and Alibaba, betting on facial recognition to appeal to young consumers and address security concerns for mobile payments, but whether the popularity of selfies can translate into commerce has yet to be proven.

Amazon has reportedly filed for a patent that would entail a phone or computer prompting the user to perform certain motions such as smiling or blinking to authenticate identity and complete a payment. The move points to the ongoing push for more streamline mobile commerce experiences, with four-digit passwords viewed as too cumbersome.

“With the rapid growth of many mobile device payment solutions – Apple Pay, Samsung Pay, etc. – the industry has seen an explosive growth in the utilization of fingerprint authentication to validate the owner of the card being used in the transaction,” said Ryan Grogman, vice president at Boston Retail Partners. “Facial recognition authentication, being branded as ‘selfie payments’ in the headlines, is another form of bio-authentication that will see some traction in the coming years.

“When Alibaba initially announced their entry into this solution space last year, there weren’t many details around how the technology would work, which led to questions around such scenarios as users holding photos to cameras to spoof the app or website into thinking the valid purchaser was completing the transaction,” he said.

“With MasterCard’s announcement last month, and certainly with the details contained within the patents filed by Amazon, we can start to see how these solutions will combat those potential concerns – in Amazon’s case, by having the purchaser perform certain live-action movements to complete the validation.”

Read Full Article: Amazon eyes selfie payments but starring role not guaranteed

VIDEO: Payment Security is Still a Top Priority for 2016

According to the 2016 POS/Customer Engagement Survey, payment security continues to be one of retailers’ top three priorities, as many retailer have not implemented EMV yet.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, explain why payment security is still a top priority for retailers in 2016 and what they are focused on in the next year.

Payment Security is Still a Top Priority for 2016

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.

David

6 Must-Have Data Security Measures

Convenience Store and Fuel News – With the goal being a “multilayered” approach to data security, retailers focused on EMV need to implement additional measures and infrastructure to properly reduce risk, according to a recent report.

Risk-management firm Boston Retail Partners recently released a study called “Beyond EMV: Best Practices for Payment Security,” which highlights six security strategies critical for a high level of protection.

Retailers, however, have a ways to go to implement many of these options. According to Boston Retail’s 2016 POS/Customer Engagement Survey, even after the liability shift deadline of last October for in-store point-of-sale (POS), only 22% of retailers support these transactions, with another 53% of retailers still planning to implement the capability within 12 months.

The study also found that 49% of retailers have implemented end-to-end encryption and 35% have implemented tokenization of payment data “at rest.”

Read full article: 6 Must-Have Data Security Measures

No chips: A slow go for new credit card technology

CNBC – Less than half of American businesses have adopted the credit card chip technology that was all the rage in the fall of 2015.

Only 37 percent of businesses are currently able to accept chip-enabled credit and debit cards, according to a survey by The Strawhecker Group. TSG’s sample included 92 payment service providers that service more than 3.9 million merchants, or about 50 percent of the U.S. card-accepting market.

Chip cards, also known as EMV cards (for Europay, MasterCard and Visa), are touted for safety and improved security over traditional cards. Retailers, credit card companies and merchants were supposed to adopt the new technology by Oct. 1, 2015, or face penalties. Missing the deadline made U.S. card-accepting merchants liable for fraudulent transactions.

Ten percent of retailers are performing EMV-enabled transactions that are working well, and another 12 percent say their EMV-enabled transactions need improvement, according to a report from Boston Retail Partners.

Read Full Article: No chips: A slow go for new credit card technology

Beyond EMV: Best Practices for Payment Security

There is no single strategy that can entirely eliminate the risk of a data breach. To provide retailers practical tips on how to improve the security of their customers’ payment card and personal data, we recently wrote this white paper: Beyond EMV: Best Practices for Payment Security.

2016 White Paper - Payment Security - CoverEMV continues to gain the attention of retailers – mostly driven by the very large number of retailers who are seeing 6-digit monthly charge backs for EMV non compliant transactions. Most retailers who knew they were going to miss the EMV dealine had budgeted for some amount of charge backs. However most retailers are seeing the amount of charge backs far exceed the budgeted amount.

This is a significant challenge and could result in retailers running to EMV and skipping some security opportunities. However, many retailers are finding that moving to EMV, E2EE, and tokenization at the same time is faster than trying to push EMV implementations forward without closing some of their existing payment attack vectors.

Industry best practices dictate that the most effective strategy is a multi-layered security approach. Retailers’ security strategies need to include: integrated EMV-compliant payment terminals, strong e-commerce controls, network segmentation, secure communication protocols, E2EE, tokenization and a thoroughly documented and comprehensive internal set of security policies and practices.

Increasingly, retailers are realizing that simply meeting PCI compliance standards is no longer sufficient to protect customer data. Hackers are becoming more sophisticated, requiring organizations to reanalyze and revamp their current security protocols to adequately protect their customers’ payment and personal data. Retailers who have not implemented these technologies are at high risk, as the likelihood of being targeted by hackers increases every day.

Unfortunately, even as retailers focus their efforts on EMV and increasing data security in-store, fraudsters have recognized gaps in online security and are shifting their efforts to the exploitation of e-commerce sites. Online transactions create a unique set of security challenges. To protect against fraudulent online transactions, retailers must implement a rules-based fraud detection tool, auditing suspect transactions and authorizing legitimate ones.

In addition to providing a best practices comprehensive payment security strategy, this white paper includes recommended “quick wins to beat online fraud.”

Download the complete white paper:

Beyond EMV: Best Practices for Payment Security

As always, I appreciate your opinions on this topic. Please share your comments below.

Perry

Sophisticated hackers call for refined payment security systems: report

Luxury Daily – As retailers innovate and enhance the omnichannel shopping experience, one of their biggest challenges will be creating an inclusive payment security strategy, according to a new report by Boston Retail Partners.

Payment security is one of the top concerns for retailers today, with hackers becoming more sophisticated and even high-profile institutions falling victim to data breaches. In order to protect themselves, brands need to update and strengthen their security systems, which may now be out-of-date.

“Hackers and fraudsters are in a constant back and forth with retailers as it relates to payment security,” said Ryan Grogman, vice president at Boston Retail Partners. “As retailers close certain loops, the hackers move on to the next most vulnerable spot in the transaction, and retailers are then forced to develop new measures to address the weakness.

“This cycle has been going on for many years, and the biggest change in payment security today is the sophistication and level of technology available to both sides,” he said. “The advent of PCI standards really moved the needle forward in terms of retailer defenses, but even with these controls in place, we are seeing high-profile retailers subjected to massive data breaches and the associated public relations fallout.

“For the card issuers and banks, they are driven by a need to reduce the amount of fraudulent charges. For retailers, it is the fear of being the next company in the headlines for a breach along with having their valued customers’ sensitive information exposed that is driving many of these changes. EMV is another attempt by the issuers to deflect the fraud liability back to retailers, and that financial liability has driven many retailers to allocate more budget to enhance payment security and implement EMV.”

Boston Retail Partners’ “Payment/Data Security in an Omnichannel World” is based on data from the consultancy’s 2016 POS/Customer Engagement Survey.

Read Full Article: Sophisticated hackers call for refined payment security systems: report

Study: EMV lags other payment security options

Chain Store Age – Retailers have yet to make a major move toward EMV compliance, but that doesn’t mean they are ignoring the need to secure card-based transactions.

According to a new special report from Boston Retail Partners, “Payment/Data Security in an Omnichannel World,” only 10% of retailers are performing EMV-enabled transactions that are working well, with another 12% saying their EMV-enabled transactions need improvement.

However, 53% of retailers plan to implement EMV within 12 months. Thus EMV should have a significant impact on retailers’ technology activities in 2016 despite its small impact so far.

While the use of EMV-compliant terminals weakens the incentive for thieves to steal credit card information, EMV adoption by a retailer in and of itself does not do anything to actually reduce the risk of a breach. Retailers demonstrate awareness of this fact with relatively high levels of end-to-end encryption (E2EE) usage.

Read full article: Study: EMV lags other payment security options

How do your Payment Security Practices Compare to other Retailers?

According to a new special report from Boston Retail Partners (BRP), the threat posed by payment security breaches continues to consume retailers’ resources. While only 22% of retailers currently support EMV (Europay, MasterCard and Visa) transactions, another 53% of retailers plan to implement this capability within 12 months. According to the BRP SPECIAL REPORT: Payment/Data Security in an Omni-channel World, 38% of retailers indicate that payment/data security is a top priority.

2016 Payment Data Security Special Report coverThis Special Report provides insight into BRP’s 2016 POS/Customer Engagement Survey and highlights the payment security objectives and challenges facing leading retailers today.  Specifically, this report addresses topics such as:

  • EMV – Where Are We Now?
  • Beyond EMV
  • Mobile Payments are on the Rise – and so is the Competition
  • Increased Options for Getting Data to Processors
  • The Shift to Online Fraud
  • Quick Wins to Beat Online Fraud

“Hackers and fraudsters are becoming increasingly sophisticated; requiring retailers to reanalyze and revamp their current security protocols in order to adequately protect the interests of themselves and their customers. The good news is that retailers realize the magnitude of payment risks and continue to focus resources to lock-down payment and data security across all touchpoints.” – Perry Kramer, vice president and practice lead, Boston Retail Partners.

“While the use of EMV-compliant payment solutions weakens the incentive for thieves to steal credit card information by requiring that the physical card be present at the transaction, EMV adoption in and of itself does not do anything to actually reduce the risk of a breach. The most effective approach for securing payment card transactions is a multi-tiered approach which includes implementing end-to-end encryption (E2EE) and tokenization in addition to support for EMV.” – Ryan Grogman, vice president, Boston Retail Partners

I encourage you to read the report to see how your payment security practices stack-up to other retailers.

Download the complete report:

BRP SPECIAL REPORT: Payment/Data Security in an Omni-Channel World

I hope you enjoy the report and welcome any comments or feedback. Please share your comments below.

David

VIDEO: Why are EMV Implementations Complicated?

According to the 2016 POS/Customer Engagement Survey, only 22% of retailers support EMV transactions. Why has the adoption of EMV been so slow?  Well, it’s complicated. Many factors are making this complex, including: debit cards, mobile devices, banks, payment terminals, switches and the certification process.

Watch this video blog post to hear Perry Kramer, Vice President and Practice Lead, Boston Retail Partners, explain the factors that make EMV implementations complex.

Why are EMV Implementations Complicated?

Visit our BRP Videos page to watch videos on other topics.

As always, I appreciate you thoughts on this topic. Please enter your thoughts and comments below.

David