Entries tagged with “tokenization”.


In 2012, the volume of mobile payments made globally was $163.1 billion. By 2017, this number is forecasted to grow to $21.4 billion. Consumers are starting to use the “bank in their pocket” more often. As these numbers show, mobile payments are really coming into their own at the present – and will only get stronger in 2016 and 2017. Capture as many sales as possible, and compete in your niche, by using our 6 steps to optimize mobile payments.

1. Know your options – There are many ways that people can pay with a mobile device. To implement mobile payments in an effective manner, you must know what options your customers want. It may help to see what other retailers near your business are offering for mobile payments as they have identified what their customers want (or use), then look for a mobile payment facilitator that supports preferred payment methods.

2. Understand how mobile payments work – Whether you want to make a mobile payment yourself or educate your staff on “how it all works,” it’s important to know the details. There is a misconception that a customer’s credit card number is transferred each time he or she makes a mobile payment. As a result, people may be afraid to make mobile payments for fear of being hacked. This is not true. Payment systems use a tokenized payment process and never transmit a credit card number as a result. Our ProtectPay® service also encrypts customer data, adding another layer of protection.

3. Invest in the portable technology – Mobile payments are ideal for “anytime, anywhere” purchases where consumers might not have their wallets or cash on hand. If you plan to attend craft fairs, festivals, or markets, then you need a mobile payment processor that can travel with you. ProPay’s portable technology helps you do this easily.

4. Advertise it – Once you are up to speed on mobile payments, have all the tools you need to get started, train staff on how to use the mobile payment system and advertise it in the store. Print out signs for all cash registers that say you take mobile payments and state what types of payments you accept. When customers know you accept mobile payments, they will be more likely to pay this way.

5. Incorporate loyalty and gift cards – If you have a business loyalty card, you can incorporate it into the mobile payment system so customers do not have to bring their physical card. You can also add gift cards so that customers can pay with their mobile device. By embracing mobile payments, you cut the cord between needing your wallet and making a payment. Adding loyalty cards ensures that your customers can complete the transaction without needing to get their wallet.

6. Don’t forget about reporting – Your mobile payment facilitator should have a variety of reporting functions that help you incorporate mobile payment sales data into your reporting. Make sure you get regular reports on mobile payments and integrate this data with your other reporting. Not only is it necessary to report this income at tax time, but it can help you analyze mobile payment sales, see what works, and increase your return on investment.

Mobile payments are here, and they’re only going to get more prevalent as customers enjoy the convenience of a faster checkout. ProPay can help you get started with mobile payments right now, so you stay ahead of the game.

More than ever, it seems that individuals have either had their credit card information stolen or knows someone who has had their credit card information stolen. It is vital that you protect your credit card information and identity in today’s technology-based marketplace.

Pitfalls of Old Security Methods

For many credit and debit card users, it wouldn’t be reaching to guess they have been using the same cards for years. And, while their credit cards are remaining unchanged, hackers are using technology to find more advanced methods for stealing private information from consumers.

It isn’t just the credit cards which remain the same, security measures have been inconsistent, outdated, and faulty, putting card users at risk of having the information stolen. We have seen the consequences of faulty security measures in retail security breaches, which have left many with the responsibility of trying the mend the damage done to their credit.

Implementation of New Methods

New security methods are currently in place or just around the corner, with big changes expected as soon as 2020. What can we expect with the impending credit card security transformation?

  • Tokenization: In the future, all credit cards with use a smart chip instead of the traditional magnetic strip. This chip uses tokenization, meaning the chip creates a one-time transaction code for each payment. Tokenization removes the account number from the equation, and chip-enabled cards are expected to be much more secure.
  • PIN as standard: Debit cards require the use of a PIN for transactions already, and new credit cards are beginning to require consumers to use a PIN to make a payment as well. It is believed that use of a PIN will quickly become a global standard for debit and credit cards alike.
  • One card for multiple accounts: With time it will become common to use one card to manage multiple accounts. This change is expected to reduce risks of loss, theft and fraud. Additionally, it will simplify card management for users and reduce costs for credit card companies.

How You Can Prepare with EnsureBill

With so many changes to credit card security in the not-so-distant future, it is important that individuals and businesses are prepared to protect credit card information. The use of a payment facilitator through ProPay, which takes advantage of the advances these credit card security trends have made, is an excellent way to make sure credit card information remains secure. Payment facilitators are used to compiling credit card information on a secure server, which will prevent this information from falling into the wrong hands.

ProPay uses point-to-point encryption and tokenization to guarantee that credit card information is safely transmitted from the merchant to the payment facilitator. Point-to-point encryption simply means that credit card information is immediately encrypted at the point of input and is not decrypted until the payment facilitator processes it. Tokenization replaces sensitive data with non-sensitive data, so that only those who have token access can gain access to sensitive information.

EnsureBill is a service provided by ProPay to companies with customers who make automatic payments. EnsureBill is a secure and streamlined system for storing customer credit card information for recurring payments. Use of EnsureBill is shown to reduce declined transactions by maintaining customer credit card information.

Conclusion

There may never be a guaranteed way to keep credit card information safe 100% of the time, but payment facilitators have multiple credit card security measures in place which keep customer credit and debit card information secure. As credit card security measures are transforming over the next few years, make sure you choose a company that makes keeping your or your customer’s information secure its top priority.

“The times are tough now, just getting tougher  - This old world is rough, it’s just getting rougher - Cover me, come on baby, cover me” – Bruce Springsteen 1984

Businesses work very hard to build their brand.   Small businesses are no different.  Establishing trust and loyalty among the customer base is essential to the longevity of any business.  Many companies focus on marketing and sales relationships to ensure that connection between customer and company continues to grow.  Social media, direct mailings, radio and tv advertising, print advertising, and data security and privacy policies all contribute to the growth of brand trust.  What a minute!  Did I say data security and privacy policies?  You betcha!  This is what I like to refer to as “brand security.”  Businesses spend an inordinate amount of time and money on establishing a brand that customers trust.  One of the fastest ways to lose that trust is to suffer a data security breach or to violate customer privacy.  For that reason, I often refer to data security and privacy programs as “brand cover.”

I’m going to borrow heavily, and probably poorly, from law enforcement and military actions here.  When you go into action, you generally have a forward team and then you have a team that provides “cover.”  This team keeps an eye out for threats that may not be visible or apparent to the forward team, but pose significant risk.  In the business world, one can think of your sales and marketing efforts as the forward team, while data security and privacy programs provide the cover.  You marketing and sales efforts move the company forward and increase awareness.  Your data security and privacy programs help to mitigate unseen, and sometimes unknown, risks to your brand’s integrity.  In fact, some larger organizations, particularly not-for-profits, are more concerned about brand damage in the event of a security or privacy compromise, than they are the fines that may be associated.

For small businesses, implementing and enforcing data security and privacy policies can seem daunting.  The Better Business Bureau, though, has put together a primer for businesses to help them develop these programs.  If you accept debit and credit card transactions, you can look for services to help minimize how much of that sensitive payment data your business stores.  You can also undertake an inventory to see just what data you are collecting and storing and how you are protecting it.  You can also evaluate the partners that you use and how you share data with them. Understanding your data can ultimately serve as a very effective means of protecting your company, your brand, and your customers.

When we talk about the protection of data, particularly sensitive personal information like credit card or social security numbers, we often focus on “digital data.”  By digital data, I mean that data that is stored in our networks and computers, our POS systems and other “networked” appliances.  It’s easy to lose sight of the fact that copiers, printers, and fax machines are often “networked appliances,” complete with memory.  That means that it is conceivable that when you send a fax or make a copy, that appliance could retain that data in its memory.  As a result, that appliance now represents a point of vulnerability for the network.

The ability of these devices to store data should also be a consideration with looking to lease or buy previously used equipment, particularly when buying or leasing used POS equipment.  You may be introducing someone else’s liability into your secure environment.  This is where having proper policies and procedures becomes vitally important.  Merchants should have a process for evaluating security options on the device or equipment (does it allow for overwriting or encrypting the data in memory?); security procedures should also be in place to ensure that the device memory is regularly overwritten to avoid data leakage.

The PCI DSS specifically requires that companies “Protect Stored Cardholder Data Wherever it is Stored.”  Unfortunately, as our businesses grow, that often means that our cardholder data environment grows along with it.  Information security policies and processes become more and more important.  It can also be helpful to find strategies for limiting the size of the cardholder data environment.

“When good people…cease their vigilance and struggle, then evil men prevail.” - Pearl S. Buck

When I was learning to ride a motorcycle my instructor gave me one piece of advice that always stayed with me.  He said “keep your head on a swivel.”  In other words, while I had to make sure that I was doing everything I should be doing, I also had to make sure that I was constantly looking out for what other people may be doing.  That way I could correct my course, or at least take some action to ensure that what the other people were doing wouldn’t put me in danger.  While this is certainly good advice for riding motorcycles, it is also good advice for data security.  It may seem like a stretch, but bear with me.

In securing our customers’ payment data, we have a guideline (actually a set of fairly stringent requirements) in the form of the Payment Card Industry Data Security Standards (PCI DSS).  To learn more about these standards visit this site.  Following these guidelines ensures that we are doing what we “should” in terms of protecting the data.  But that doesn’t mean that others won’t be taking action to put you (and your data) in danger – in the form of data compromise.  That means that you have to stay vigilant for what others might be doing – “keep your head on a swivel” –  to ensure that you are addressing newly identified risks and vulnerabilities that may not be addressed by the guidelines.

Recent trends indicate that small merchants are increasingly becoming targets of data thieves.  In a recent interview, Vantiv Vice President David Mattei stated, “…now we’re seeing an increase in the number of breaches in which smaller numbers of cards are compromised. Small, independent merchants are being targeted because of the ease with which fraudsters can compromise those payment systems.” That means that as small merchants, even if we are PCI DSS compliant, we must remain vigilant against potential attack.  One way to foil the fraudsters in this case is with the use of a P2P Encryption and tokenization solution. In this instance, the data is removed from the merchant system and replaced with “tokens,” or abstract representations of the cardholder data.  While merchants can still use the data to run reports, issue refunds or fight chargebacks, data thieves would find the tokens to be worthless.

The lesson in all of this is that we must remain on guard against new threats, even if we are doing everything “by the book.”  Leveraging secure technologies like tokenization can help ease the burden of compliance and render you and your customers more secure in the long run.