Building a brand takes time, money, and talent. Consumers generally do not recognize a brand image over-night. In fact, studies suggest that consumers require at least three impressions of a print advertisement before they even remember the company name.  A major concern is building a brand that is recognizable, but does not become annoying. When it comes to building your brand online, in the social media platform, what are consumers saying? What is the reach?

An article entitled “How Younger Adults React to Brands on Social Networks” stated that the millennial generation enjoys viewing brands through social media such as Facebook and Twitter and the “older adult generation” is not far behind. These millennial consumers are more likely to “Like” a brand through social media and interact with the content created from that brand; although, they [millennials] do not want to be annoyed with too many posts or tweets. So how often should a brand post relevant material?

The frequency at which brands should post depends on the medium through which they want to send it their consumers. This can be one post a day to multiple postings through a variety of social channels in a single day. Consumers want to know what is going on in their community. For example, if a brand is sponsoring an event, they should tweet or post about the event.  Same thing if there are promotions, coupons, contests, etc. As long as the content is relevant to that industry, posting multiple times daily will help increase brand equity.

The trend of social media and the payment space has rapidly become a hot topic. Such technologies as NFC (Near Field Communication) and Geo-location have been integrated into several apps in the marketplace waiting to for consumers to make use of the technology. Consumers being able to tag a storefront, “Like” it, write a review, and make payment at the store all from the same device is powerful for brand equity.  

ProPay offers a new mobile payment technology that allows Smartphones to be used, not only as a payment device, but also as a social technology allowing merchants and consumers to create dialogue with each other in real time. ProPay Link allows merchants to set up and push to consumer’s events and promotions to their device. ProPay offers several types of mobile solutions, please read about each through this post.

Travis Allen | Marketing Manager

A recent article on MSNBC detailed a “security issue” at two major banks.  The vulnerability in question related specifically to the use of the banks’ phone system.  Generally, when a caller uses the automated account system via telephone, the system verifies the number from which the person is calling.  If the number matches the number on the account, the verification process is streamlined.  That means that instead of entering an entire account number, the caller can simply enter the last four digits of the number.  They would then be able to access the limited information available through the automated phone system.  Typically, that would include information such as credit limit, account balance, date and amount of the last payment and similar information.  The caller would not be able to access other accounts or to retrieve the account number.  The article expressed concern that someone could easily obtain a consumers phone number and the last four digits of the card number.  By “spoofing” the consumer’s number and entering the last four digits, an ill-intentioned individual could “hack” the system.

The author expresses outrage that such a vulnerability could exist.  Other banks, he insists, require that users enter a complete account number.  He makes no argument about the increased security that may offer to the transaction.  The article goes on to detail exactly how one could hack the system, then call the consumer posing as the bank to use that ill-gotten information to coax more information out of the user that could be used to facilitate identity theft, or even to blackmail users based on their transaction history.

Data security and privacy should be top priorities for any companies that deal with consumer information.  However, those businesses must also maintain operations.  Convenience and security will always be at odds and companies are tasked with striking just the right balance – making their services easy to access while still protecting consumers and their data.  Most companies seek to achieve this balance with the judicious use of risk analyses.  During the risk analysis, the company identifies the potential vulnerability and analyzes what the impact would be if that vulnerability were exploited.  High impact events, whether that impact is in terms of frequency or in monetary damage, are addressed and steps taken to mitigate the risk.  While this author has no direct knowledge of the businesses practices of the banks in questions, it is unlikely that the bank would have adopted such a practice if the impact to its customers or to the bank was intolerable.

In security, one must balance the theoretical with the practical.  In theory, data is never safe.  There is no way to categorically prevent data theft.  The risk can be transferred (as with insurance policies or third-party service providers) or it can be mitigated by implementing increasingly strong protections, but it cannot be entirely removed.  Security professionals must be able to recognize when a theoretical threat becomes a real one and how to most efficiently allocate resources to address the nature of threat.

Dr. Heather Mark, PhD; SVP of Market Strategy

Last week, an article was published on CNN that indicated that online security was a bit (okay – more than a bit) of a misnomer.  In fact, the article said that the notion of cybersecurity was a myth.  The article states that “attackers will find a way in one way or another even if you integrate security in a product from the outset.”  The news of the past several months seems only to reinforce this notion.  Organized groups of ideological hackers, sometimes referred to as “hacktivists,”  have taken aim at some very high profile targets.  (A list of recent high-profile breaches can be found here.)

Not to be a scaremonger, but data thefts have become a fact of business over the past several years.   So how does a company, and a small company at that, operate in this threat environment while balancing the potential for data theft?  I’ve long told anyone that would listen,  “if  you don’ t need the data, don’t store it.”   This is especially true of businesses that use sensitive payment data in their daily operations.  There is a tendency to fall into the “just in case” trap – the idea that while I may not need the data right now, I might one day so it’s a good idea to just hang onto it.  Fortunately, there is a way to 1) protect your business from data theft while 2) hanging on to that data “just in case.”  Then answer – tokenization.

Tokenization is a method of data replacement in which sensitive data is “anonymized.”  For example, payment data may be replaced with a token, or abstract representation of the data in question.  In this way, the merchant can still process payments, conduct reporting and analytics and perform other related functions without replicating sensitive data throughout their environment.  The merchant never stores, processes, or transmits cardholder data thereby reducing the risk attendant with data compromise. The data is instead stored with a trusted third party.  If the merchant is compromised, there is no data for hackers to steal.

In an era when even data security professionals are beginning to express doubts as to the level of protection that can be afforded to sensitive data, businesses are well-served to investigate methods of mitigating their risk.  As  Richard Thieme, speaker at the Black Hat Conference 2011, stated “Only when companies and agencies begin to speak truthfully about their limitations — both internally and externally — can they start to address the real-life challenges that face them.”

Dr. Heather Mark, PhD; SVP Market Strategy

This post may seem familiar to regular readers.  Current events, however,  bring it to mind again and the topic seems to be worth repeating.  The news has been rife with stories of major media outlets hacking the Smartphones of private citizens and government officials alike.  The objective of this hacking was news – voicemails from crime victims, and information on important government representatives.  There have even been stories of journalists hacking into the phones of victims of the terrorist attacks of September 11, 2001.  This begs at least one question.  (Actually, it begs many, many questions, but for the purposes of this post, we’ll stick with one.)  How safe is your Smartphone?

The answer to the first question relies on the individual.  Many smartphone users, while marveling at all of the functionality at their fingertips, forget that it’s actually a miniature computer.  Email, web-browsing, cameras, social networking sites all contain personal information. On our home and work computers we install anti-virus protection, firewalls, and similar protective software.  These types of protections are available for Smartphones, but many users are either unaware or unconcerned about the dangers of Smartphone hacking.

There are some simple things that users can do to help protect themselves and their data.

1)      Be careful when downloading third party applications – the majority of applications are not malicious in nature.  However, at least one major application marketplace did experience an “infestation” of infected applications.  Be sure that you know and trust the developer of the application.

2)      Know how your data is being shared – some free applications sustain themselves by sharing or selling data to partners.  Most applications will disclose this in their terms and conditions.  While it is tempting to just hit “agree” in order to get to the application, users should take the time to read their privacy and data sharing portions of those agreements.

3)      Native Security Features -   Most Smartphones have some security features built-in.  For example, entering a code to unlock the screen helps in the event that the phone is lost or stolen.  Some have the ability to erase all data on the phone if the code is entered incorrectly too many times.

4)      Security Software – many companies are now offering security suites for Smartphones that are very similar to the software available for PCs and Macs.  Top Ten Review has put together a comparison of security software for Smartphones.

Dr. Heather Mark, Ph.D.;  SVP Market Strategy

On June 29^th the Federal Reserve Board issued its final debit card regulations.  Thank goodness it’s over! Two months after they were due under the Dodd-Frank Act and about three weeks before they were supposed to go into effect, the Federal Reserve announced the final rules for regulating the debit card industry. Mercifully, the Fed staff will now get to take a well-deserved vacation having spent late nights and weekends presumably pouring over the 11,000 or so comments they got and figuring out what to do. Now everyone else is left to figure out the implications.

The Federal Reserve staff had recommended a cap on the amount of interchange or compensation that an issuer of a debt card could receive from a payment network at 12 cents or a 7 cent safe harbor (and effective cap for most transaction volume).  However, the Board agreed to a cap of 21 cents and .05% (5 basis points) on a debit card transaction.  This works out to approximately 23 cents on a $38 debit card transaction.  The Board also adopted an interim measure of 1 cent per transaction for fraud prevention.  However, this extra allowable cost cannot be paid to issuers until the Fed determines, at some later date, what fraud prevention measures an issuer must implement in order to be entitled to the 1 cent kicker.

So, as a merchant will you win or lose?  This regulation which was to be effective July 21^st has been delayed until October 1, 2011, so until then you will see no change in debit card interchange.  Now for reality!  The regulation has caped what portion of the interchange on a debit card transaction an issuer can receive from a payment network (i.e. Visa or MasterCard).  The regulations also specifically exempt three-party networks such an American Express.  Acquiring banks, those providing you as a merchant with a merchant account, typically mark up the interchange paid to a payment network and charge the merchant a discount rate and transaction fee.  There is no regulation by the Fed of the discount rate that your acquiring bank can charge a merchant on a debit card transaction.

The initial result will be that after October 1^st your acquiring bank will retain a larger portion of the interchange paid to a payment network on a debit card transaction with no requirement to lower the discount rate you pay to the acquiring bank as a merchant.  What would drive the acquiring bank to share this additional revenue with its merchants?  There are three possibilities.  One, the merchant has negotiated a cost plus discount rate with it’s acquirer and the payment networks lower interchange on debt card transactions.  Two, the merchant, due to its debit card processing volume could threaten to leave it’s acquirer and move its account to an acquirer offering a lower discount rate unless the acquirer lowers it’s discount rate to the merchant.  Three, over time, due to competition between acquiring banks for merchant volume, acquirers decide to compete on price and thus lower their discount rate.  Unless, one of these apply to you as a merchant there will be no change in the amount you pay on a debit card transaction.

As one commentator has written, “Congress and the political process is a big loser in all of this. The Board of Governors for all intents and purposes unanimously said that they were forced to implement a flawed law. One refused to vote for the proposal altogether, but four Governors qualified their votes by saying, more or less, that the staff proposal was the least bad thing they could do given the language of the Durbin Amendment. The Governors were variously worried about the impact on small banks and credit unions, on consumers, on innovation and on the unintended consequences of imposing price regulation.”

Tony Allen