Archive for December, 2010

Monthly Archive

Dec 22 2010

Death of the IPOS?

Posted by chris.mark
Industry News, PCI DSS, Technical Discussions
No Comments

With the recent influx of mobile technologies and other payment methods, many are beginning to question the need for an Integrated Point of Sale (IPOS) system.  While there is no denying the value of electronic cash registers (ECR) for inventory control, ordering and other applications, the value derived from using these systems to process transactions has been diminished by the cost and effort required to ensure they are adequately secure.  Recently, Chris Justice, Ingenico’s Managing Director of North America, spoke on the topic in a lecture called: “Redefining the POS”  

It is suggested that the increasingly challenging demands of securing such systems coupled with the increasingly sophisticated mobile technology, will continue to redefine who companies view point of sale applications.  Current Smartphone technology allows merchants to accomplish much of what was previously conducted over large, cumbersome point of sale terminals.  Anyone who has visited an Apple store in the past two years can attest to the value of using mobile technology to accept payment cards.  While there is a long road ahead before the industry settles on a standard, it is fair to say that the landscape is increasingly looking like alternative payment technologies will begin to supplant traditional point of sale terminals in the not too distant future.

Tags: , , ,

 

Dec 14 2010

Multiple Mobile Payment Processing Options Through ProPay!

Posted by travis.allen
Industry News, Mobile Payments, ProPay News, ecommerce merchant
No Comments

You’re a mobile merchant on the move, or in other words, a mobile sales professional, ProPay provides a powerful suite of mobile processing options. Over the next few months you’ll see even more mobile offerings from ProPay. Today, ProPay offers the following mobile payment processing options.

 ProPay Mobile – Merchants with a Smartphone and a ProPay Account can now process credit and debit card transactions virtually anytime, anyplace. ProPay Mobile is automatically available to all ProPay merchants. Merchants can log-in to http://m.propay.com/, with their ProPay credentials, begin processing payments, check account balances, or move funds. ProPay Mobile enables merchants to accept credit or debit card payments anywhere their Smartphone’s can connect to http://m.propay.com/. With ProPay Mobile merchants can:

  •  Process credit or debit cards in real time
  • Transfer funds from their ProPay accounts to a validated bank account
  • View account balances, transactions in process, and total monthly amount processed

In addition to the ProPay Mobile optimized browser, ProPay offers merchants additional mobile solutions that enable merchants to accept and process credit and debit card payments on the go including:

 MicroSecure™ Card Reader – The MicroSecure Card Reader is a small, easy to use swipe device that provides real-time credit and debit card processing and authorization when connected to an internet enabled computer. If internet access is not available, the MicroSecure Card Reader provides store-and-forward capabilities for capturing the payment data and processing those transactions later. The MicroSecure Card Reader encrypts payment card data at swipe to ensure that it is secure through transmission and processing. Merchants also have the option to store the payment data in ProPay’s secure data storage service for other transactions such as repeat billing.

 ProPay/VeriFone PAYware Mobile™ Bundle – Recently, ProPay partnered with VeriFone® to offer a mobile processing bundle that includes a ProPay Merchant Account and VeriFone’s PAYware Mobile device. Merchants receive a robust merchant account and the ability to accept and process credit and debit cards using their iPhone 3 or 3GS.

 IVR Phone Processing – ProPay’s IVR Phone Processing service provides a simple, secure, and cost-effective credit and debit card processing option which is accessible 24 hours per day, 365 days per year via a toll free number. This solution is ideal for any mobile business that needs a real-time credit or debit card authorization. Transactions are immediately approved or declined.

 Create your opportunity to make a sale with ProPay’s suite of mobile payment processing options. To learn more click here.

Tags: , , , , ,

 

Dec 6 2010

So, Is Privacy Important or Not?

Posted by hmark
Data Security, Privacy, Regulations and Laws
No Comments

Over the last couple of weeks, the US has seen some interesting developments with respect to privacy.  We’ve seen the courts issue decisions that indicate that Social Security Numbers are not necessarily as protected or as unique as consumers are often led to believe.  (see here and here)  This week the Federal Government is adding more confusion with seemingly conflicting positions.  The first is the release by the Federal Trade Commission of a preliminary report on privacy practices.  The report, which can be found here, makes several recommendations to help consumers protect their identities and their privacy online.  Among the recommendations are:

  • Do Not Track -allow consumers to opt out of any tracking or recording of their online behaviors.  A practical challenge with such a mechanism is that this may require a persistent cookie which, in an of itself, is a form of tracking.  While it sounds good in theory, there are some tricks to a viable working solution.  The same can be said of Europe’s proposed “right to be forgotten.”  It’s an excellent notion, but how can it be put to practical use.
  • Privacy by Design – According to the report, this would include “Such protections include providing reasonable security for consumer data, collecting only the data needed for a specific business purpose, retaining data only as long as necessary to fulfill that purpose, safely disposing of data no longer being used, and implementing reasonable procedures to promote data accuracy. Such protections include providing reasonable security for consumer data, collecting only the data needed for a specific business purpose, retaining data only as long as necessary to fulfill that purpose, safely disposing of data no longer being used, and implementing reasonable procedures to promote data accuracy.
  • Simplified Consumer Notice – The FTC recognizes, as do most consumers, that simply posting a privacy notice is often not sufficient to explain an organization’s privacy practices.  In many instances, these policies are written by legal teams and not easily understood.

The FTC should be applauded for moving forward on the creation a privacy framework.  The United States significantly lags behind its cohort group in the protection of consumer privacy.  The FTC has advocated for consumer privacy and has published its Fair Information Practices, which provide guidelines for companies on how to protect the privacy of their consumers.  As a backdrop to these actions to protect consumer privacy, though, is the governments attempt to create “Fusion Centers.”

Fusion Centers are described by Electronic Privacy Information Center (EPIC) “as ntelligence databases that have raised substantial privacy concerns. Information in fusion centers comes from many sources, including government agencies, private sector firms and anonymous tipsters.”   In other words, the government is seeking to aggregate as much information about everyone as they can through any number of sources, some of which are more reliable than others.  These databases were initially proposed in the aftermath of the Sept. 11, 2001 attacks.  On November 15, 2010, the Department of Homeland Security and  Office of the Inspector General released a notice seeking public comment on these Fusion Centers.  Certainly the argument can be made regarding the need for more complete information as the country seeks to mitigate terrorist threats, but privacy advocates are rightfully concerned that the information included in these databases be (1) accurate (2) secure (3) protected from misuse.  The Department of Homeland Security has issued a report entitled, “Fusion Center Guidelines: Developing and Sharing Information and Intelligence in a New Era.”  In this document, the agency sets out rules for ensuring civil liberties and the protection of privacy while still maintaining these comprehensive information depositories.  The question becomes one of oversight.  What person, agency or other organization is going to monitor these Fusion Centers to ensure the protection of citizens’ rights?  The report does set forth guidance for law enforcement agencies on the creation of “oversight” committees, but it essentially creates a committee from within the agency in question.  While not advocating for more government regulation, this type of role is one that might best be handled by a federal Privacy agency.  That, of course, is a position that invites more debate, and a very interesting one at that.  However, for the purposes of this article, the question remains, what level of oversight would be brought to bear on these databases?

As consumers and citizens we have an interesting dilemma.  Privacy is important in the arena of commerce, and online identity and our government seeks to protect that privacy.  On the other hand, the government claims a need to protect the public good at the cost of private rights.  How is that balance achieved?  This debate is one that should be more present in the public dialogue on privacy.  As a citizen, we should take steps to be informed on the uses of our private information and we should be able to demand that the information be used judiciously.

Dr. Heather Mark, PhD.  SVP of Market Strategy

Tags: , , , ,

 

Dec 3 2010

What are the odds?

Posted by hmark
Privacy, Regulations and Laws
No Comments

A post in today’s Red Tape Chronicles puts the odds of someone else having your social security number at 1 in seven.  According to the article, this is something of an open secret among government agencies: “The IRS often knows when this happens, when the imposter pays taxes. The Social Security Administration knows, too, for the same reason. And the nation’s credit bureaus usually know, because the imposter often ends up applying for some form of credit.  Plenty of financial institutions also have access to this information.” In August, San Diego company ID Analytics reported that more than 20 million Americans have more than one social security number.  That article indicates that:

  • 6.1 percent of Americans have at least two SSNs
  • More than 100,000 Americans have five or more SSNs
  • More than 15 percent of SSNs are associated with two or more people
  • More than 140,000 SSNs are associated with five or more people
  • More than 27,000 SSNs are associated with 10 or more people

These statistics likely come as  a shock to many people, who naturally assumed that social security numbers are  used to uniquely identify a particular individual.  These statistics, coupled with the court cases referenced in an earlier post seem to paint a picture in which the social security number is not nearly as “private” or as “protected” as had been widely believed.

In our industry, we tend to focus on the responsibility of the company or organization to protect personally identifiable information.  In that discussion, the individual tends to be exonerated of any culpability in the protection of data.  Certainly, the argument can and has been made that organizations that collect data have a fiduciary responsibility to protect that data.  The individual, though, has an increasing role in ensuring the protection of their own information, as well.  This is not to suggest that if someone’s SSN is misappropriated or misused that the individual is at fault.  What I mean to say is that, in the current climate in which SSNs are commonly misused and the courts have suggested that this is not always in contravention of the law, individuals must become hyper-vigilant in the protection of their own information.  A simple example – If I am filling out an application or dealing with a service provider that requests my social security number, I always ask why it is needed.  Sometimes companies request information because it is “nice to have,” not necessary.  One shouldn’t provide “nice to have” information.

The fact of the matter is that social security numbers currently serve a number of purposes for which it was never intended.  The SSN was intended merely to track an individual’s account within the Social Security Administration.  Over the years, this number has morphed into an all-encompassing identifier for almost every aspect of American life.  Since it was never intended to be as widespread as it is now, there were never any authentication measures built into the 75 year old system.  The fact of the matter remains that attempting to retro-fit privacy controls into an outmoded system is rarely successful.  Unless and until a new system is implemented, consumers will have to take measures to ensure that their SSN is not being misused.

Dr. Heather Mark, PhD. SVP of Market Strategy

Tags: , , , ,