Entries tagged with “merchant”.


New Harris Poll released last week led some insights into consumer views on mobile payments.  Among the highlights of the poll is that more than 60% of respondents believe that smartphone payments will eventually replace cash and card payments.  This number is very high when compared with the number of respondents that have actually made (4%), or even witnessed (8%), a smartphone payment.  What’s more, far fewer respondents believe that this transition will occur within the next five years.  Contrast this with the media “Year of Mobile” pronouncements (that have occurred for the last two years, at least) and one would rightly ask where the disconnect is.  Media keeps saying mobile payments are imminent, while consumers seem to be hesitant.

One of the major variables for most consumers in using smartphone payments is the question of security.  According to the Harris Poll, “Among those who indicate being either not very or not at all interested in being able to make smartphone payments, security is a clear, if predictable, factor: half (51%) say they don’t want to store sensitive information on their phone, and four in ten (40%) don’t want to transmit sensitive information to a merchant’s device.” (Here is should be noted that there are mobile payment products that allow payments to be made without (1) storing payment data on the consumers phone or (2) transmitting sensitive data to the merchant’s device.)  Another significant portion weren’t interested in making smartphone payments simply because they did not own a smartphone.

So I put it to you, reader.  What do you think about smartphone payments?  Have you made one? Would you make one?  What factors or criteria are necessary for you to adopt this new technology?  Or are you just waiting for it to reach critical mass  so that it’s available in places that you frequent?

Recent reports indicate that small businesses tend to overlook the threat of a data security breach.  Controlscan, a company that specializes in assisting small and medium sized businesses with PCI compliance issues, recently completed a study in cooperation with Merchant Warehouse.  The findings indicate that close to 80% of the surveyed merchants felt that they had little to no risk of a breach.  What’s more, according to ControlScan’s CEO Joan Herbig, close to half of the merchants surveyed hadn’t even heard of the PCI DSS.  These findings indicate a serious lack of communication between ISOs and Acquirers and their small merchants.

Since 2006, all organizations that store, process, or transmit cardholder data have been required to comply with the data security requirements contained within the Payment Card Industry Data Security Standard.  In fact, the Payment Card Industry Security Standards Council has even created a microsite dedicated to educating small merchants on the PCI DSS and their obligations under that standard.  The ramifications of non-compliance are many and can be overwhelming even for large merchants.  Should a breach occur, the fines, fees, and penalties can quickly add up and in many cases have put companies out of business.

This post could easily take on an alarmist tone.  Some might say that it already has.  Regardless, though, small merchants must comply with the same set of standards to which large companies are beholden.  How can one do that with comparatively limited resources?  By trying to limit the places in the merchant system that store, process, and transmit cardholder data.  Using a solution that processes payment card transactions using point to point encryption (P2PE) and tokenization can serve two objectives – making the data more secure, and reducing the burden of complying with the PCI DSS.

If you are a small merchant and you haven’t heard about PCI DSS or aren’t sure what you should do, reach out to your ISO or Acquirer.  They can explain what the standard requires and how you can achieve compliance.

I saw a blog post yesterday that reminded me of complexity and confusion surrounding the relationship between PCI DSS compliance and fraud prevention.  The details of the story are less important than the central idea that the author was communicating –  the notion that merchants should rely on PCI DSS compliance for the prevention of fraud.  The idea behind PCI DSS is of course to reduce the amount of fraud by helping to protect payment data from unauthorized disclosure and use, but it should be noted that the standard is not a fraud prevention program.  It is a data security compliance program.  Understanding the difference between fraud prevention and data security will help to clarify the relationship between the PCI DSS and fraud.

Fraud is the intentional deception for personal gain.  This is a broad definition that includes social engineering as well as the misuse of financial data.  Fraud prevention, then, must be a very broad set of practices and procedures that are put in place to prohibit people from being able to misuse (in this case) payment card data.   All of the major card brands have suggestions and best practices for preventing fraud at the merchant level.  MasterCard Worldwide provides a quick reference guide to help merchants educate their staff on fraud prevention techniques.  Among the suggestions is the notion that staff should be familiar with what a card is supposed to look like.  Valid cards have a number of fraud prevention mechanisms, including embossed numbers and holograms.    (Each of the card brands can also provide a sort of “anatomy of a card” that will keep merchants and their employees current with new card designs and security mechanisms.

Data security is a subset of fraud prevention tools.  Ensuring that the data is adequately protected from unauthorized disclosure (data compromise) helps mitigate the risk of fraudulent transactions.  All of the major card brands require compliance with the PCI DSS with any entity that stores, processes, or transmits cardholder data.  This helps to prevent data thieves from perpetrating fraudulent transactions on a large scale.  Merchants should not rely on the PCI DSS to protect them from fraud schemes.  PCI DSS is designed to help companies protect payment data from thieves, not to protect merchants from fraud schemes.

Dr. Heather Mark, PhD. ; SVP, Market Strategy

The season is upon us.  Analysts and media have made their predictions for what the holiday shopping season will bring.  Not surprisingly, most surveys reveal that consumers plan to be “careful” with their spending this holiday season.  They are looking for the best value, with many respondents indicating that they’d like to be able to buy more, but spend less.  A neat trick if you can manage it.  Given the nature of consumer spending in general, and particularly over the holidays, how can merchants manage these trends to their benefit?

A variety of consumer spending surveys released over the last few months, reveal a few tips for merchants to help their consumers realize value during this harried holiday season.  Among their advice for businesses was:

1) Free Shipping - This is a theme that is played out in a variety of sources and has been extremely prevalent over the last three years or so.  Consumers are searching for value and becoming more savvy about the “cost” of purchasing.  If a buyer can get an item for $5 less online than in the store, they are more likely to do so.  However, that savings  can be erased by adding a shipping charge.  Buyers would then be incented to go to their local store and purchase the at the higher price.

2) Highlighting Value – Help shoppers find the product and the price that they are looking for.  Online retailers can accomplish this by featuring sale items and specials on their home pages.   The GfK survey finds that online shoppers are using more and more resources to find the best deals available.  Leverage the platforms that these customers are usings – social media, blogs, review sites, etc.

3) Gift Idea Lists - According to the NRF’s Holiday Spending Research, the largest proportion of spend will be on family.  That is probably not a surprise to most businesses.  However, retailers and online merchants might consider capitalizing on that by helping shoppers find gifts for family. Organizing items by “Gifts for Dad,” or “Gifts for Girls,” or similar categories, can help shoppers locate what they’re looking for faster.

4) Online Shopping ExperienceConsumer Reports tells us that online shopping increased significantly last year, with almost 34% of respondents purchasing gifts online.  To leverage this trend, online merchants may want to “user test” their websites.  Ensuring that the site is easy to use and appealing can help increase conversion.

Certainly, this is not a comprehensive list of the trends that are facing merchants this holiday season, but it does give a sense of the constraints facing shoppers, and therefore the merchant as well.  Understanding and responding to consumer needs is an excellent way to build trust and loyalty any time of year.

Dr. Heather Mark, PhD; SVP Market Strategy

It’s that time of year again.  International Fraud Awareness Week, sponsored by the Association of Certified Fraud Examiners (ACFE).  The intent is to raise awareness of fraud in general, as well as trends and emerging schemes.  Payment card fraud alone is estimated to cost the United States $8.6 billion per year.  And that is a 2010 number.  Estimates for 2011 are likely to grow.  Fraud is an interesting animal.  It’s said that the only crime that costs the US economy more money is tax evasion.  While that’s probably open for debate, what is still surprising is the low level of awareness that many small business owners have regarding fraud and fraudulent schemes.  The objective of International Fraud Awareness Week is to educate all organziations, whether small entrepreneurial endeavors to large enterprises, about fraud and how it can be prevented.

Some fraud prevention resources can be found here, including somethings that many organizations may not have considered, such as a fraud policy.  The ACFE publishes an annual Report to the Nations on fraud.  In 2010, some of the highlights (or lowlights depending on your perspective) included the following:

  • “Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud.”  To put that into a global perspective, the ACFE estimates that to cost the world economy almost $2.9 trillion annually.
  • “Small organizations are disproportionately victimized by occupational fraud. These organizations are typically lacking in anti-fraud controls compared to their larger counterparts, which makes them particularly vulnerable to fraud.”  This statement is critically important, because many small companies think that they are “flying under the radar” when in fact, they are easy prey to professional fraudsters.
  • “Anti-fraud controls appear to help reduce the cost and duration of occupational fraud schemes.”  The implementation of fraud awareness training can be an important preventative factor in reducing losses associated with fraud.

Unfortunately, fraud is a fact of life for most businesses.  As technology has evolved, so have the manners and methods by which criminals can perpetrate fraud.  Awareness is one of the most critical prevention tools and that awareness must be an organizational thing.  Having one person or one department responsible for the prevention of fraud is a good step, but education and awareness of the entire workforce will be critical in helping to mitigate the damage.

Dr. Heather Mark, PhD; SVP Market Strategy