Posts

BRP Report Identifies Tokenization as Top Retailer Priority

Store Brands – A new study indicates that retailers are having varying success providing the shopping and payment options customers want.

According to “Special Report: Security” from Boston Retail Partners (BRP), retailers are lagging in implementing a single-token payment security solution across the enterprise. Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token which is used as an identifier, but has no exploitable value or meaning. In addition to the increased security offered by tokenization, it is also key to enabling a shared cart across channels.
BRP analysis shows that only 38 percent of retailers have implemented a single token solution, and a mere seven percent offer a shared omnichannel cart. Yet 56 percent of customers want access to a single cart to shop across channels and be able to reach their cart via phone, computer, or in the store.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior VP and practice lead, BRP Consulting. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels.”

Read Full Article: BRP Report Identifies Tokenization as Top Retailer Priority

How retailers can meet consumer expectations

StoreBrands – A new study indicates that retailers are having varying success providing the shopping and payment options customers want.

According to “Special Report: Security” from BRP, retail consulting firm, retailers are lagging in implementing a single-token payment security solution across the enterprise. Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token which is used as an identifier, but has no exploitable value or meaning. In addition to the increased security offered by tokenization, it is also key to enabling a shared cart across channels.
BRP analysis shows that only 38 percent of retailers have implemented a single token solution, and a mere seven percent offer a shared omnichannel cart. Yet 56 percent of customers want access to a single cart to shop across channels and be able to reach their cart via phone, computer, or in the store.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior VP and practice lead, BRP Consulting. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels.”

Read Full Article: How retailers can meet consumer expectations

BRP Report Identifies Tokenization as Top Retailer Priority

Convenience Store Decisions – Only 38% of retailers have implemented a single token solution across the enterprise. Tokenization offers increased security and enables a shared cart across channels, according to a report by retail management consulting firm BRP. BRP’s SPECIAL REPORT: Security says that retailers must continuously reexamine their policies on customer payment and personal data as new dangers emerge that require enhanced security measures.

Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token, which is used as an identifier but has no exploitable value or meaning.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior vice president and practice lead of BRP. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels. What began as a solution to remove payment card data from a retailer’s environment has found additional value in substituting Personally Identifiable Information (PII) to help drive omni-channel use cases. We continue to see improved security practices across the retail industry in efforts to thwart malicious attacks and remain compliant with regulations, but this is a never-ending challenge.”

Read Full Article: BRP Report Identifies Tokenization as Top Retailer Priority

Study: Do retailers meet customer shopping and payment expectations?

Chain Store Age – A new study indicates retailers are having varying success providing the shopping and payment options customers want.

According to “Special Report: Security” from BRP, retail consulting firm, retailers are lagging in implementing a single-token payment security solution across the enterprise. Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token which is used as an identifier, but has no exploitable value or meaning. In addition to the increased security offered by tokenization, it is also key to enabling a shared cart across channels.

BRP analysis shows that only 38% of retailers have implemented a single token solution, and a mere 7% offer a shared omnichannel cart. Yet 56% of customers want access to a single cart to shop across channels and be able to reach their cart via phone, computer, or in the store.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior VP and practice lead, BRP Consulting. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels.”

Read Full Article: Study: Do retailers meet customer shopping and payment expectations?

Only 38% of Retailers have Implemented a Single Token Solution Across the Enterprise, According to New BRP Report

Tokenization removes sensitive information from the network, improves security and enables a shared cart across channels

Boston, MA – April 3, 2019– According to BRP’s SPECIAL REPORT: Security, retailers must continuously reexamine their policies surrounding customer payment and personal data. Every day, new dangers emerge and enhanced security measures are necessary to adequately defend against these malicious attacks. A single security breach is enough to deal a crippling blow to many companies.

“Tokenization is a top priority for many retailers, as it improves the security of sensitive customer payment data,” said Ryan Grogman, senior vice president and practice lead, BRP Consulting. “Tokenization technology is also valuable as a foundation to enable a seamless experience for consumer returns, customer profiles and electronic shopping carts that need to retrieve data across channels. What began as a solution to remove payment card data from a retailer’s environment has found additional value in substituting Personally Identifiable Information (PII) to help drive omni-channel use cases. We continue to see improved security practices across the retail industry in efforts to thwart malicious attacks and remain compliant with regulations, but this is a never-ending challenge.”

Tokenization enables retailers to remove sensitive information from the network by substituting payment card data with a token which is used as an identifier but has no exploitable value or meaning. In addition to the increased security offered by tokenization, it is also key to enabling a shared cart across channels.

Retailers’ capabilities for a shared cart across channels are behind consumers’ expectations. According to the BRP Consumer Study, 56% of customers want access to a single cart to shop across channels and be able to reach their cart via phone, computer, or even in the store, yet only 38% of retailers have implemented a single token solution to enable this feature. While some retailers are on the path to offering this service by implementing a single token across the enterprise, only 7% of retailers offer this shared cart concept.

BRP’s SPECIAL REPORT: Security is based on findings from the BRP Consumer Study and the 2019 POS/Customer Engagement Survey and offers insights into how retailers are progressing with their security efforts to protect consumers’ payment and personal data.

The SPECIAL REPORT: Security highlights:

PAYMENT SECURITY:

  • Customer expectations: 33% are likely to allow retailers to save credit card details if it eases the checkout process
  • Retailer capabilities: 61% have implemented end-to-end encryption to offer customers greater security of their personal and payment data

PERSONAL DATA:

  • Customer expectations: 50% are likely to allow retailers to save personal details if it eases the checkout process and allows for more personalized offers
  • Retailer capabilities: 38% have implemented a single token solution across the enterprise to offer customers greater security of their personal and payment data

MOBILE WALLET/PAYMENTS:

  • Customer expectations: 38% are likely to choose a store if it offers mobile wallet/payments
  • Retailer capabilities: 59% offer mobile payment acceptance

To download BRP’s SPECIAL REPORT: Security, visit:

https://brpconsulting.com/download/2019-special-report-security

The special report platinum sponsor is TSYS, the gold sponsors are Aptos, Diebold Nixdorf, ECRS and Fujitsu, and the silver sponsor is STORIS.

About BRP

BRP is an innovative retail management consulting firm dedicated to providing superior service and enduring value to our clients. BRP combines its consultants’ deep retail business knowledge and cross-functional capabilities to deliver superior design and implementation of strategy, technology, and process solutions. The firm’s unique combination of industry focus, knowledge-based approach, and rapid, end-to-end solution deployment helps clients to achieve their business potential. BRP’s consulting services include:

Strategy | Business Intelligence | Business Process Optimization | Point of Sale (POS)
Mobile POS | Payment Security | E-Commerce | Store Systems and Operations | CRM
Unified Commerce | Customer Experience | Order Management | Networks
Merchandise Management | Supply Chain | Private Equity

For more information on BRP, visit http://www.brpconsulting.com.

Online Fraud has increased 137% post-EMV – Are you Protected?

Online Fraud has increased 137% post-EMV – Are you Protected?

According to a new white paper from BRP, fraudsters have become more sophisticated and retailers need to adapt new security tactics to protect their customers’ payment card and personal data. The Payment Security Update: What’s Next After EMV white paper provides retailers practical tips on how to improve payment and data security across all channels.

“While EMV has received most of the attention in the last few years, there are several other critical security strategies that play a much greater role in protecting sensitive payment card and personal information,” said Perry Kramer, vice president and practice lead at BRP. “It is imperative that retailers have the right strategies and controls in place to thwart the ever-increasing advances made by fraudsters.”

EMV doesn’t really offer data security functionality, for that, retailers need to look to end-to-end encryption (E2EE) and tokenization. BRP’s 2017 POS/Customer Engagement Survey recently found that 68% of retailers have implemented E2EE and 48% have implemented tokenization of payment data. Increasingly, retailers realize that simply meeting PCI compliance standards is no longer sufficient to protect customer data.

“Hackers are becoming increasingly sophisticated, requiring organizations to re-analyze and revamp their current security protocols to adequately protect their customers’ payment and personal data,” said Ryan Grogman, vice president at BRP. “Retailers who have not implemented these technologies are at high risk, as the likelihood of being targeted by hackers increases every day.”

This white paper provides insights on the following topics:

  • Baseline Payment Security Measures
  • A Multi-Tiered Security Approach
  • The Rapid Growth of Omni-Channel Transactions’ Impact on Tokens
  • The Shift to Online Fraud
  • Increased Mobile Transactions Create Additional Security Complexities
  • Quick Wins to Beat Online Fraud
  • Quick Hit Protective Tactics

I encourage you to download and read the complete white paper:

Payment Security Update: What’s Next After EMV?

I appreciate your opinions and insights on this topic.  Please share your comments below.

Is the rocky road to EMV retail adoption getting smoother?

CIO – There was plenty of confusion to go around in October 2015, with only a small percentage of retailers ready to roll when the deadline passed for them to become EMV-compliant by installing new EMV-capable credit card readers and acquiring certifications from various payment networks.

Now that over a year, and two holiday seasons, have passed by, the question is: Where does retail stand with EMV? The answer, says experts, is that it’s been a rocky road, but there have been improvements in adoption and an ongoing evolution in implementation.

The good news is, consumers are starting to adapt to the new normal — their first instinct now is to insert a chip, not swipe. In addition, Visa and Mastercard implemented new quick-chip technology last summer, to make the processing time faster for consumers.

“One of the biggest complaints off the bat was that EMV was too slow, taking 10-15 seconds,” says Perry Kramer, vice president and practice lead at Boston Retail Partners. “Now the EMV transactions have really gone back to the same speed as what it used to be with swipe transaction — from the consumer point of view, it has sped up dramatically.”

Retailers, on the other hand, have struggled to get up to speed with EMV and have dealt with a variety of challenges, particularly due to vendor delays and the liability shift that has left them on the hook for chargebacks. “Those that weren’t ready really got thrown into panic mode,” Kramer says. “The amount of chargebacks, in terms of dollars and quantity, far exceeded anyone’s expectations.”
Read Full Article: Is the rocky road to EMV retail adoption getting smoother?

Mobile Payments in the C-Store

PMAA Journal – Americans don’t mind paying for the things they want, but they are increasingly insisting on deciding how they pay for them.

There are two underlying criteria c-store retailers want in a payment system: first, something that is convenient for both the customers and retailer; second, a payment method that does not unfairly add cost to the retailers,” explained Steven J. Montgomery, president of b2b Solutions, LLC in Lake Forest, Illinois.

Retailers don’t mind paying credit card and debit card fees, Montgomery has found. “They mind the fact the fees are seen as too high. The only reason the noise regarding this has calmed down some recently is because the cost of fuel has dropped and margins have increased. It is still a big issue for the industry.”

“A convenient and frictionless mobile payment experience is going to be a differentiator with increased significance in the c-store and petroleum space over the next two to three years,” said Perry Kramer, vice president and practice lead for Boston Retail Partners. “In this highly competitive space, Apple Pay, Android Pay, Chase Pay, Samsung Pay and the many other emerging mobile wallets are going to significantly continue to grow in usage and reach a tipping point for customers in a space were margins are tight and price is often differentiated by 2 to 3 cents.”

The importance of speed, ease of payment, and convenience at the pump and in the store are going to increase in the c-store area faster than many other retail formats. Much of this, Kramer explained, is driven by the significant number of under-35-year-old customers in this retail segment. “This demographic is on the go, and in almost all cases, the fuel purchase is a mandatory purchase, not a discretionary one. This consumer demographic expects convenienceand rewards for their loyalty.”

Any time one of these mobile wallets can be tied to a cash-back or loyalty program, while remaining frictionless, it significantly increases the chance that the consumer will remain loyal to that brand, he noted further. “Once we get them hooked with faster checkout and compelling rewards, they are more likely to increase both the number of visits and the spend per visit.”

Read Full Article: Mobile Payments in the C-Store

The Chip-Card Ninjas Weaning America Off Swiping

Bloomberg News – Getting the U.S. off magnetic stripes isn’t easy and could take years. There are long waitlists of merchants trying to get their terminals certified, and the hardware and software—as well as communication hand-offs to processors and banks—don’t always work perfectly together. Almost a year after the official switch to chip cards, only a third of U.S. merchant locations accept them, according to MasterCard Inc. An additional third are somewhere in the process of switching over, according to payment expert Crone Consulting LLC. Thousands of stores around the U.S. currently have their terminals’ chip-card slot taped up as they try to achieve certification.

For smaller merchants, it’s easier to outsource the process. That’s where Creditcall, and other companies like it, come in.

There are now dozens of such firms, part of a huge new consulting industry that has grown up around helping companies implement EMV. Boston Retail Partners, for example, sends teams of consultants to retailers’ headquarters to assist their sales operations and training departments. Companies, such as Accenture PLC, help banks get their customers and merchants to use chip cards. And others, such as Creditcall, are helping merchants’ technology vendors get hold of pre-certified gear to accept chip cards.

Altogether, consultants and various helpers are booking $2.6 billion a year from helping merchants get EMV up and running, according to Crone Consulting. At Boston Retail Partners alone, EMV-related business has been doubling or tripling annually for the last two years, Perry Kramer, vice president and practice lead, said in an interview.

“It’s become a big business for a lot of firms. Because you really need expertise—because it’s very complicated—the rules are continuing to change, the vendors and banks are still figuring it out,” Kramer said. “It’s a full-time job, and merchants’ associates already have full-time jobs.”

Read full article: The Chip-Card Ninjas Weaning America Off Swiping

Life After EMV – No Rest for the Weary

EMV_Terminal2For many retailers, getting to EMV was a long and arduous task. Delays in certifications, long lead times for new payment terminals, and high competition for valuable software, payment terminal and banking resources meant 6 month projects often turned into 12 and 18 month projects. So if you are a retailer who has successfully implemented EMV, congratulations! But where do you go from here?

The first critical step will be to ensure that you are indeed no longer seeing any higher than usual chargebacks coming from the bank. If you are, then you need to investigate further to validate that your transaction messaging is correctly flagging transactions as being EMV and that the bank isn’t erroneously passing along any charges which should not be shifted to the merchant.

Finishing What you Started

The next step is to shore up additional security gaps from a store systems perspective. Many retailers who chose to focus their priority on EMV did so at the expense of implementing end-to-end encryption (E2EE) or tokenization.  Whereas EMV is critical for limiting the use of lost or stolen cards in your stores, it does nothing to protect the card information itself once it gets into your store and back-office systems. E2EE helps to ensure that the card data is encrypted immediately upon swipe and will remain locked down and protected until it is outside of your network at the gateway or processor.  And implementing a tokenization solution, which stores a non-sensitive token in lieu of the credit card number in your system, helps to ensure that there is no critical information to be obtained in a breach event. The combination of EMV, E2EE and tokenization is the best defense for securing your store environment.

Improving Online Payment Security

HackerAs retailers continue to secure their in-store retail systems, many fraudsters are turning their attention to online systems. An additional recommendation is to extend tokenization solutions to online and mobile systems to ensure payment security while still being able to support advances in cross-channel business processes through the use of an omni-token.

As a result, retailers who have e-commerce solutions need to ensure they are securing these systems as well. From validating the secure transport of card data to processors to the ongoing tweaking and configuration of the rules within an advanced fraud management system, there are additional steps which retailers can take to address the already-present rise in online fraud.

Monitoring EMV Issues and Trends

Finally, it will be important to monitor coming trends and shifts related to EMV.  The longer authentication timeframe is causing headaches for many speed-of-service focused retailers, and the card issuers are working to implement “Quick EMV” fixes to speed up the precious seconds which have been incrementally added to a credit card transaction using EMV chip technology. Even though these should not result in additional development or projects for retailers, it will be important to understand how these impact the checkout process before deciding to implement.  Additionally, there has been an ongoing debate around the initial implementation of chip-and-signature for EMV vs. the more secure chip-and-PIN implementation.  If the momentum continues to shift towards chip-and-PIN, there will be additional steps required to ensure a successful implementation.

EMV compliance is a tremendous step towards avoiding additional liability stemming from fraudulent transactions as well as reducing the ability for customers to use fraudulent cards in your stores. But payment security is an ongoing process, not just a project. And to keep up, following many of the steps above will continue to help secure your customer’s information and your payment processing.

As always, I appreciate your opinions and insights on this topic. Please share your comments below.

Ryan