docweekly Oct. 9, 2014 orries GOP Volume 10, No. 37
download 
Report Transcription
weekly Oct. 9, 2014 orries GOP Volume 10, No. 37
Oct. 9, 2014 Volume 10, No. 37 weekly Tips, Tactics and Strategy For POS And ATM Sales Success SECURITY EMV-Chip Technology Won’t Scare Hackers By By David Heun The recent exploits of Signature Systems terminals, used by Jimmy John’s restaurants and other clients, shows that the point of sale remains a key target for hackers. And the addition of EMV-chip technology won’t frighten them away. A stark reminder of that threat came at the Black Hat conference in Las Vegas in August, when researchers at U.K.based MWR InfoSecurity demonstrated how to breach an EMV mobile card reader to steal account data and the cardholder’s PIN. That would allow hackers to create a cloned card that they could use for magnetic-stripe transactions at terminals UNAFRAID Continued on page 19 Market Trends Guest Column p3 p9 Guest Column p 11 News Briefs p 13 News Briefs p 15 People p 17 Appointment Book p 23 Ad Index p 23 SUBSCRIBE Choke Point Worries GOP Reps By Kevin Wack The House Oversight Committee, which earlier this year admonished the Department of Justice for its tactics for combating fraud in the payments system, has turned its focus to the role of the Federal Trade Commission in the ongoing crackdown. The Republican-led committee is reviewing documents that the FTC provided in response to a panel inquir y, according to a source familiar with the matter. The committee’s chairman, Rep. Darrell Issa, R-Calif., requested the documents in a letter sent in late June. Issa’s letter, which was also signed by GOP Rep. Jim Jordan of Ohio, chairman of the regulatory affairs subcommittee, focused on the FTC’s interest in companies that process payments for merchants suspected of defrauding consumers. Specifically, Issa expressed concern that authorities are punishing payment processors instead of the businesses committing the crime. “The Committee is concerned that Operation Choke Point and corresponding initiatives by collaborating agencies impose wholly unreasonable burdens on banks and payment processors, efCHOKE Continued on page 17 VALUE-ADDED Vendors Seeking ISOs To Promote Services By Ed McKinley Inside isoandagent.com | REGULATION follow us ISOs and agents are perpetually seeking of prepaid rechargeable cards, is using a new value-added products and services few ISOs for distribution and may take on that can generate profit and foster differenmore, says Ben Katz, the company’s CEO. tiation, and three possibilities have come “We’re certainly interto light recently. ested in the opportunity to Verifi wants more Bluetooth To The Rescue get to know more ISOs-ISOs to promote its CardOf Multi-Account Cards Until now, the cards have been and particularly moreholder Dispute Resolua product in search of a market. upscale ISOs,” Katz said. tion Network; Forte is Page 7 The ISOs that are searching for more ISOs promoting the company’s to sell its automated wares to merchants approached the comclearing house and card services; and pany about handling its products, he noted. CARD.com may soon take on more ISOs He would prefer to add ISOs to the to promote its prepaid cards . CARD.com, a three-year-old provider VENDERS Continued on page 21 Sign up for your FREE subscription today and receive: ➽ 47 Electronic PDF issues via Email ➽ 7 Print issues ➽ Annual Buyer’s Guide ➽ Online Archives 2 ISO&AGENT OCTOBER 9, 2014 At TSYS we’ve developed our products and services around what matters most - the people that use them. Our authorization & capture and clearing & settlement platforms provide reliable and safe transaction processing as well as extensive reporting capabilities. Along with payment processing, we offer ancillary services that provide tailored solutions - scalable, yet cost effective. TSYS’ industry-leading Chargeback and Dispute Processing service enables you to lower risk, optimize retrieval revenue, reduce costs and enhance merchant relationships. And, if you are looking for a full service processing relationship, our Wholesale ISO Program includes an assigned, unique BIN that gives you increased control and ownership of your merchant portfolio. For more than 30 years, we’ve provided ISOs and Acquirers with unmatched service and unwavering dedication. Get to know us +1.480.333.7799 [email protected] www.tsys.com/acquiring © 2014 Total System Services, Inc.® All rights reserved worldwide. TSYS® is a federally registered service mark of Total System Services, Inc. ISO&AGENT OCTOBER 9, 2014 3 Market Trends Capital One’s New Wallet Works With Apple Devices FIS Completes Purchase Of Processor Clear2Pay Wells Fargo Joins The List Of Amex OptBlue Acquirers Capital One’s new Capital One Wallet is a cardholder app for Apple’s devices that uses an Android-like pattern-recognition feature for authentication. The card issuer launched the app on iOS in September and plans an Android version “soon,” according to the bank’s website. The app will give consumers information on Apple Pay transactions, according to TechCrunch. The app also shows balances, rewards and contact info for businesses. Users unlock the wallet through SureSwipe, which mimics the pattern-tracing login method used on Android phones, and doesn’t require users to key in information. To use SureSwipe, consumers establish patterns with the institution, and pre-existing patterns used for Capital One’s primary mobile app work with the wallet. ■ Banking and payment technology provider FIS has completed its acquisition of payment processor Clear2Pay, a transaction it started early last month. The purchase brings FIS new high-value and cross-currency corporate payments and managed services, the vendor said. “This acquisition is another example of FIS’ commitment to delivering a truly modern payments environment to our clients, particularly large and global financial institutions,” said Gary Norcross, FIS president and chief operating officer, in a release. Speculation about a potential sale of Clear2Pay began late last year when Acquiline Holdings LLC made public its intention to sell the company. StreetInsider.com reported that FIS was paid 375 million euros (U.S. $473 million). ■ Wells Fargo Bank NA has joined a growing list of acquirers using an American Express program designed to help smaller merchants accept Amex cards. The OptBlue program enables acquirers to establish competitive pricing for merchants with a projected Amex charge volume of less than $1 million per year. After months of testing, Amex introduced the program in May, landing JetPay Payment Services as an early acquirer. That month, Amex also brought Vantiv, Global Payments, Heartland Payment Systems, Worldpay and Transfirst into the OptBlue fold. Wells Fargo can now provide the benefits of a single statement, one settlement process, and one contact for all the card brands to its merchants, Amex said. ■ 4 ISO&AGENT OCTOBER 9, 2014 ISO&AGENT OCTOBER 9, 2014 LOYALTY Kids’ Financial Literacy Schemes Move Offline Payment companies are building mobile loyalty and financial literacy programs for today’s digitally-savvy kids, but they’re discovering they still need a physical presence for redemption. “FamDoo meets kids were they live today—on their mobile devices—creating a way to bring families together through technology,” said Mark Lacek, CEO of FamDoo LLC. FamDoo, which was launched in January and has several thousand users, is a web and mobile app that enables parents to add a chore, track their child’s completion of the chore and then reward their child with FamDoo Points. After using the app to track chores, kids can use the points they earn to make an online purchase with the company’s retail partners, including iTunes, Best Buy, Target and Amazon. They can alsodonate points to donate to charity. While FamDoo users can only redeem points for online purchases, the company is starting to see that kids want options to redeem at brick and mortar locations,” Lacek said. FamDoo users are requesting a reloadable debit card that kids can use to redeem their cash-value points offline. Eighty-six percent of kids would choose to redeem FamDoo points onto a reloadable debit card, according to a study the company performed last year. Several large banks have approached the company about developing the debit card product, Lacek said. Parents can purchase FamDoo Points with a credit or debit card and can also convert airline miles into points. The company has worked with U.S. Bank to enable parents that are part of the bank’s FlexPerks loyalty program to transfer their FlexPoints to their children’s FamDoo ac- 5 count. Five thousand FlexPoints equal $50. Some parents purchase large amounts of points up-front, while others purchase points when their children ask to redeem. The average transaction is $30, said Lacek. “We see a range of creative partnerships with the FamDoo platform,” he said, “to provide rewarding experiences for both parents and kids; partnerships for new redemption options like a reloadable debit card, additional loyalty program partners to exchange loyalty currencies to fund FamDoo points, as well as content partners to bring even more enriching educational content to our platform.” Allowance Manager, another allowance app, started with a Web-based digital cash ledger but has also received requests to expand into the physical world by offering a prepaid debit product. Allowance Manager has about 200,000 users. “There is definitely an adult trend to use digital tools to increase personal productivity,” said Lacek. ■ 6 ISO&AGENT OCTOBER 9, 2014 ISO&AGENT OCTOBER 9, 2014 TECHNOLOGY Bluetooth May Boost Multi-Account Cards Hamstrung by low consumer and merchant adoption, multi-account cards remain a product in search of a market. But Stratos Inc. believes Bluetooth technology could become the tonic that will lure users. The Ann Arbor, Mich.-based company plans a nationwide launch of a branded Stratos plastic card that will connect to an app in consumers’ mobile phones through Bluetooth low energy. Consumers will be able to download all of the plastic payment and loyalty cards in their wallets onto the Stratos card. Stratos, which just received a $5.8 million funding boost from venture capital investors, “feels good about its position” because the Stratos card will not require changes in the payments infrastructure, said Thiago Olson, CEO of Stratos. Cardholders will swipe cards through a point-of-sale terminal reader or put them into ATMs in the same manner as today’s mag-stripe cards, Olson said. Card Has Commanded Attention Stratos will enter the market with a product that has already gained attention through companies like Coin and Dynamics Interactive. But the attention hasn’t translated into significant consumer or merchant adoption as of yet. Coin announced a similar multi-account reprogrammable payment card in the past year but was facing shipping delays and technology changes as product delivery pushed into next year. Dynamics Interactive and NXT-ID’s Wocket wallet seek a similar consumer experience. Dynamics features a button on the card that enables consumers to switch between loyalty and payment cards, while the Wocket wallet is a standalone hardware device that can store multiple payment accounts. Getting the product in front of consumers is only part of the problem for multi-account plastic cards, said Richard Oglesby, senior analyst at Double Diamond Payments Research. “A lot of the challenge associated with this type of solution is monetization, generating an income stream,” Oglesby said. “Consumers generally aren’t willing to pay for the card or monthly fees for using a wallet.” As such, a value proposition to support card issuers paying for this is lacking, Oglesby maintained. “Because there is a mobile app involved, it’s possible that this could be monetized by interfacing the app to merchants, allowing merchants to try to influence consumer purchase and payment decisions through the app,” Oglesby said. Such a move would likely place Stratos in direct competition with Apple and Passbook, making it a value proposition that only works with scale, Oglesby said. Because the Stratos card does not call for the merchant to make changes at the point of sale, or for a consumer to change the habit of swiping a payment card through a reader, Olson feels his company will operate from a position of strength. “We really don’t view Apple, or Apple Pay, as a competitor,” Olson said of Apple’s 7 new mobile wallet system. “The standard pitfall of a lot of the mobile wallets out there is that they are not backwards compatible with the infrastructure that is out there, whereas our new card certainly is.” Between Mobile And Wearable Stratos views itself as right between the booming industries of mobile payments and connected, wearable devices such as smart watches, Olson said. “Apple has already validated the use of a connected device for payments with the Apple Watch, and we just happen to be in the card form factor.” The company plans to develop a chip-andPIN feature for the card as EMV takes hold in the U.S., Olson said. “The transition to EMV is an important issue, but we also have our sights set on something even more ambitious than that for top-tier security.” Stratos would be open to discussions about partnerships with mobile wallet providers but is currently focused on developing the multi-card approach, Olson said. “The card form factor is a key for us,” he said. “We are going to have cards with us for a while, and it is something we are all used to carr ying around.” ■ 8 ISO&AGENT OCTOBER 9, 2014 Meet us at the WSAA October 15-16, 2014 Next Day Funding 11 p.m. Cut-Off Time Many processors claim to offer next day funding, but not all programs are created equal. Partner with a true processor and give your merchants an 11:00 p.m. ET cut off time, one of the latest in the industry. Call now to help your merchants get their money faster. 866-205-4721 • clearent.com/isos Accurate, On-Time Residuals • Innovative Reporting Tools • Co-Branded Marketing Support © 2014 Clearent, LLC, a Member Service Provider for First National Bank of St. Louis. ISO&AGENT OCTOBER 9, 2014 9 Guest Column By Greg Weed Apple Pay Is Upsetting the Cart, But Plastic Cards Will Survive The debut of Apple Pay has far-reaching implications for the future of the U.S. payments system and has cast a bright light onto murky mobile wallet payments. Some may even wonder if Apple Pay is poised to eclipse plastic card payments. As the digital payment card era unfolds, we can take a moment to look at the preApple Pay world—as measured in an August 2013 survey of 4,200 households by Phoenix Marketing International. There are several reasons why the end of plastic payment cards is nowhere in sight. First, only a small percentage of merchant terminals (estimated at no more than 5%) currently accept near-field communication payments, in which two devices placed at close range perform transactions via a wireless connection. Moreover, a significant portion of consumers are wary about the security of NFC transactions. Twenty-two percent of smartphone owners who have not used a mobile payments app said that “tapping a phone against a merchant terminal” was a major security concern. While smartphones are on the rise, they are not yet ubiquitous: 65% of households currently own one. That leaves more than a third of households for whom mobile wallets, in general, are currently not an option. Apple Pay’s impact will also be limited by the fact that Android phones are more prevalent; less than half of smartphone owners have an iPhone. And nearly half of smartphone owners say they are unlikely to use a smartphone application for instore payments. Among users who have yet to use a mobile payment app, 48% said that they were uninterested in using one, 38% were neutral, and just 14% said that they would be likely to adopt it. Lastly, while Apple enjoys a strong reputation, some Americans may not be willing to trust them to facilitate their transactions. Last year, 22% of smartphone owners indicated they would consider a mobile payment from Apple. A similar number (17%) said they would go with Google, but banks (72%) and PayPal (41%) were far more popular picks. The Apple Pay announcement heralds the likelihood of substantial increases in NFC-ready terminals. Because it coincides with current merchant investments in EMV-compatible terminals, merchants are more likely to make sure the upgrades include NFC compatibility. And Apple Pay’s fingerprint identification and tokenization technology will help reduce consumer NFC security concerns. Nevertheless, there is still a long way to go before it achieves scale. Apple Pay brings credibility to NFC and demonstrates NFC’s viability. That leaves the door open for other NFC wallets, such We Are as Softcard and Google—and for entrants to increase the competition. But note that NFC technology is 20 years old. It may be deemphasized in favor of newer technology. History suggests that plastic payment cards will remain viable for a long time, even as use of digital cards escalates over the next decade or two. Look at the bill payments industry: while the incidence of online bill pay is high, research shows that it will never reach 100%. And a high percentage of people who pay bills online still pay some of them using paper checks. When it comes to payments, old habits die hard. ■ Greg Weed is director of card per formance research for Phoenix Marketing International. Processing Network The everywhereProcessingNetworkSM More Than Your Payment Gateway... We’re Your Trusted Partner For close to two decades, eProcessing Network has carefully established a reputation for developing payment industry software and tools for online, brick & mortar and mobile merchants and developers in a variety of industries. ePN attributes its longevity and strong reputation among Resellers to anticipating trends within the payments industry, but more importantly, developing strategic partnerships to help you attain and retain new merchants. (800) 296-4810 eProcessingNetwork.com Cloud-Enabling Payments Everywhere Smart Phones 3 Mobile plans & pricing strategies allow Resellers to offer affordable, yet competitive solutions. Earn 100% residuals above the buy rate. POS Bill Pay Customer Data Manager Accounting Recurring 123 123 Tablets 123 Websites Inventory In-Store Computers 10 ISO&AGENT OCTOBER 9, 2014 Build your business with enterprise level solutions for all merchants. Go DIRECT. Go CPAY. • Free CPAY mobile (with every • Central Station (agent portal), a robust and comprehensive back-end office to help you manage your team • Customized pay plans for ISA's and ISO's tailored to meet your financial needs • Office capital investment program • Aggressive revenue • Proactive, ongoing support with experienced relationship managers • Statement analysis/proposal turn around in 30 minutes • Merchant account activation assistance (residual) buyback program • Customer Service/Technical Support 24/7/365 account and no additional costs) • Free terminal programs (EMV/NFC capable), POS, stand-alone, wireless, mobile, tablet and virtual solutions • Exclusive to CPAY: SpotOn Digital loyalty & marketing platform • Electronic applications with e-signatures (tablet merchant app) • Next Day Funding with late settlement time and Amex One Point All-inclusive hardware and software bundle with simple for NEW: FREE POS setup immediate processing and 24/7 Technical Support. Call Jason Chan, Director of Recruiting, today. www.cpay.com www.facebook.com/centralpayment 5 Consecutive Years – 2010-2014 Central Payment is a Registered ISO/MSP of First National Bank of Omaha, Omaha, NE 2 Consecutive Years – 2012-2013 ISO&AGENT OCTOBER 9, 2014 11 Guest Column By Bill Nichols Cloud Technology Offers The Best Protection for Acquiring Industry Apple’s headlong dive into mobile commerce was universally embraced by many of us in the industry. At first glance, some of the steps Apple is taking seem like bold affirmations of recent innovation in the market. For example, its decision to integrate NFC chips into its Apple Pay services— which are embedded in the iPhone 6 and Apple Watch devices—as a way to facilitate ‘tap-and-go’ payments may just be the impetus needed to propel that technology to greater mass adoption among merchants. In addition, Apple announced it would support EMV in Apple Pay. While not as glitzy or visually appealing as NFC tapand-go payments, the integration of EMV into Apple Pay indicates that the inevitable may be upon us shortly. After years of conjecture, speculation and prognostication, the rollout of EMV in the U.S. is steadily moving forward. The card brands have not only implied it, they have said outright that EMV is coming— and to be ready. Apple’s move reinforces that belief, so the time has come for acquirers to ensure their infrastructure and business practices facilitate the transition to EMV and support NFC as well. From a business standpoint, there’s little doubt that it makes sense for providers to follow Apple’s lead and support these technologies. The challenge is how to do that in a non-disruptive manner, in ways that preserve the flexibility to support multiple—and even future—standards, and with minimal cost. Merchants hesitate to disrupt operations or jeopardize sales and efficiency in order to adopt new technology. Furthermore, payment service providers must overcome the inertia imposed by the legacy way of doing things, such as relying on a network of made-for-purpose terminals that would most likely inhibit the adoption of new technology. Merchants will absolutely need to update endpoint capabilities, and there are readily available options to make it happen. One such method to carry merchants forward is to rely on cloud-based architecture to handle the complexities of different payment presentation methods, acceptance options, and processor requirements. Through these offerings, providers are finding benefits that include better security and reliability, superior flexibility, and ease of delivering new features and services. For providers and merchants facing the introduction of NFC and EMV—and its potential for disruption—the prospect of using new technology to ease the integration could not come at a better time. In the cloud, merchants and acquirers can comply with industry standards and adopt new technology. The superiority of a cloud architecture for payments is predicated on a reliable and flexible gateway that can act as intermediary between thousands upon thousands of terminals and data centers that manage authentication and processing. Cloud-based services and the cloud itself have matured in stability, reliability and security. That’s particularly true in the payments and mobile commerce markets where the control and security of sensitive financial and transactional data are paramount. The cloud provides universal access to the best technology, not only for processing payments but also for securing transactions. Gateways can virtually exist anywhere—and everywhere—through the sophisticated diversity and replication practices of cloud platform providers. That virtual existence delivers reliability and security that is difficult, if not impossible, to attain in dedicated on-premise gateways. Cloud-based payment gateways deliver a cost-effective and flexible alternative. A good gateway can support virtually any type of payment acceptance endpoint, including all types and makes of legacy made-for-purpose dial, IP, and wireless terminals, smartphones, and even browserbased endpoints such as flip phones, and of course, computer terminals for e-commerce based transactions. An effective gateway should process multiple transaction types, including EMV chip-and-pin and chip-and-signature payments—depending on the geography, NFC payments, QR codes, and card swipe, which can originate from legacy terminals or through magnetic stripe readers connected to audio jacks on smartphones and tablets. Cloud-based architecture generally lends itself to open and flexible models, but that flexibility has to remain within the bounds of security. Responsibility for endpoint security and compliance is shared between terminal providers and merchants, but security of sensitive data in flight is provided by the gateway. Hosting the gateway in the cloud provides the reliability and flexibility to deliver effective and secure transactions. All data, including card numbers and personal details, are encrypted and secure. While a flexible and secure gateway is critical, all the system intelligence actually resides in the cloud—or the secure data center that serves as the brains of the operations. Cloud environments exceed PCI security mandates and seamlessly manage EMV and NFC. The cloud offers state-of the-art security, and has been certified by regulatory agencies and financial institutions. Using the cloud, acquirers and merchants can comply with industry standards and adopt new technology whenever it makes business sense. ■ Bill Nichols is president and CEO of AnywhereCommerce. 12 ISO&AGENT OCTOBER 9, 2014 ISO&AGENT OCTOBER 9, 2014 13 News Briefs PayPal’s Split From eBay Makes Sense, Icahn Says Investor Carl Icahn, who earlier this year pushed eBay to make PayPal a separate company, says he is pleased with eBay’s decision to do so. “We are happy that eBay’s board and management have acted responsibly concerning the separation—perhaps a little later than they should have, but earlier than we expected,” Icahn posted in Shareholders Square Table, a site affiliated with the investor. “As I have said in the past and have continued to maintain, it is almost a ‘no brainer’ that these companies should be separated.” When Icahn pushed for eBay to split with PayPal, which it acquired in 2002. eBay CEO John Donahoe pushed back, and most payment experts were bearish on the spinoff. But eBay changed course, citing its diminishing importance as part of PayPal’s business. PayPal will become a separate company by 2015. Icahn is now pushing for consolidation among payments companies, led by PayPal.He wrote on his website that he would use his status as an eBay shareholder to lobby Donahoe, who is expected to leave his post as eBay CEO but remain a board member at eBay and PayPal when the divestiture is complete. ■ Global Payments Division Rebranded As ‘OpenEdge’ Global Payments Inc. now calls its integrated solutions division OpenEdge. The OpenEdge supports new technologies and improves software applications for developers and their customers, according to a company press release. OpenEdge serves more than 2,000 technology partners in 60 industries in the United States and Canada. The platform supports out-of-scope payments, EMV, encryption and tokenization. “Software developers integrating our payments technology into their applications will see an agile organization with the full worldwide support of Global Payments,” Eddie Myers, president of the OpenEdge division, said in the release. “We, too, are technology developers and are deploying secure solutions for a rapidly changing payments environment.” The integrated solutions division was formed after Global Payments acquired PayPros in March and combined it with Accelerated Payment Technologies, which Global Payments purchased in 2012. ■ ITS Buys Eagle Processing; Plans To Expand Business ITS Equity Group LLC, a Smithtown, N.Y.based private financial services holding group, has acquired Eagle Processing Systems of Dallas. Eagle, a 16-year-old company started by Bill) McClellan, uses proprietary in-house software and systems to provide payment and fleet card processing services, ACH services, risk management software and other payment-related products and services to the merchant, banking and financial services markets, a press release from the two companies said. “Over the years, the ownership team of Eagle has built one of the finest processing entities in the niche markets it serves,” said John T. Black, CEO of ITS, in the release. “We intend to carry on with that level of quality product and service offerings and expand business throughout the country and marketplace.” Black said in the release that Eagle management has built the company’s foundation and positioned it for growth. “Eagle is a firmly established, wellknown and respected organization within the niche industries it services,” he said. “Its products and service offerings will complement ITS’ overall strategic plans allowing the continued growth and positioning of ITS Equity Group in the Merchant Services and Financial Services space”. ■ MasterCard’s SafetyNet Guards Against Hackers MasterCard now offers an anti-fraud tool called SafetyNet, designed to protect banks and payment processors against hackers. SafetyNet uses MasterCard’s global network to identify potential attacks before they start and in some cases before the bank or processor is even aware. MasterCard is using a multi-layered defense to protect the data of issuers, acquirers, retailers and consumers. The anti-fraud tool monitors different channels and geographies. “With SafetyNet we are really fast-tracking the next generation of security solutions, which are designed to stop fraud or attacks before many of our partners have even noticed it is happening,” Ajay Bhalla, president of enterprise security solutions for MasterCard, said in a news release. ■ Cardtronics Buys Welch To Create Synergy In ATMs Cardtronics Inc., the Houston-based ATM owner and operator, has completed its acquisition of Welch ATM, a retail ATM services company. The combined company supports a global portfolio of 111,150 ATMs, including 93,350 retail ATMs in the United States, a press release said. The acquisition brings together complementary customer bases and sales teams, positioning Cardtronics to accelerate revenue growth, achieve cost savings and deliver greater profitability. Welch ATM CEO Jeff Hewitt has joined the Cardtronics leadership team as executive vice president, financial institution and retail sales and relationship management. “We’re looking forward to integrating the two companies and delivering greater value to our customers tsolutions, and to our shareholders, Steve Rathgaber, Cardtronics CEO, said in the release. ■ 14 ISO&AGENT OCTOBER 9, 2014 ISO&AGENT OCTOBER 9, 2014 15 News Briefs Powa Joins With DataCap To Ease Mobile Transitio Mobile payment provider Powa is working with DataCap Systems to shorten the time it takes merchants to deploy mobile point of sale applications, a move the companies hope will provide differentiation in a crowded marketplace. Powa’s tablet-based point of sale system will link to DataCap’s IPTranLT and PaymentsDrawer product lines, which will provide independent software vendors access to almost all payment processors in North America via a single interface. “The partnership with Datacap is the latest significant step toward our goals to accelerate adoption of next generation tablet-based POS and reduce the integration time that has in the past often put off resellers looking to equip merchant clients,” said Jeff Dumbrell, CEO of PowaPOS, in a press release. “By creating this single interface with PowaPOS’ SDK, Datacap’s ISV partners will not only have instant access to our advanced POS platform, but also to up-to-date security and features, so that they can focus on developing innovative software, and avoid the costs and hassles of ongoing assessments and certifications.” Powa, which has been adding services through partnerships to aid the U.S. EMV transition has also enhanced its mobile point of sale offering by adding EMV service and bundled merchant services. ■ Chase Working With Apple On Developer Webinars Chase is working with Apple to vet potential developers and merchants after more than 500 people attended and responded to Chase’s two live web seminars about its three Apple Pay developer labs in Columbus, Ohio, Tampa, Fla., and San Francisco. More than 10 merchants are already building Apple Pay applications through access from Chase’s API in the developer labs. Apple plans to make an Apple Pay update available to the public on the iPhone 6 sometime in October. “I know it’s working well at restaurants where there’s tipping transactions,” said Russ Mahy, executive director of technology at Chase. Approved merchants receive prereleased Apple devices with Apple Pay already in the operating system and can access the open programming tools to build payment apps. Chase employees working at the developer labs have also received pre-released devices. “Chase employees...have these devices for testing functionality specifically,” Mahy said. “We’re not to go into the McDonald’s here and wave the phone around and say, ‘Hey, look how cool I am’ ” using the iPhone to pay. Early merchants include a deli in Tampa that has integrated Apple Pay through the Chase Paymentech POS device. ■ Small Business Workbench Adding Another Function Small businesses can be hard to reach with new payments technology, so the Small Business Payments Co. (SBPC) is incrementally adding functions in an attempt to ease automation. Its next play is a prepaid-driven consumer incentive program that was slated for release this month. The program’s linked to SBPC’s Small Business WorkBench, a platform that has been gradually been updated with new merchant services since its release last year. “Our job is to build bite-sized apps, or apps that are easy for small businesses to implement,” said David Kurrasch, the vice president and general manager of the SBPC, the U.S. subsidiary of Acxsys, a Canadian company that offers debit cards and is the architect of Interac, Canada’s national debit scheme. ■ GoDaddy And Stripe Speed Up Acceptance GoDaddy is working with online payments provider Stripe to entice small businesses to embrace e-commerce by adding faster credit approval and card acceptance. The partnership is designed to eliminate the numerous steps and long waiting periods small businesses endure when attempting to accept credit card payments online, the Scottsdale, Ariz.-based GoDaddy said in a press release. The GoDaddy Online Store with Stripe will launch this fall for customers in the U.S., U.K., Ireland, Australia and Canada. Stripe will determine instant credit approval for businesses using the GoDaddy Online Store. “You shouldn’t have to be a large enterprise to have a sophisticated payment infrastructure,” Stripe president John Collison said in the release. “We’re excited to be working with GoDaddy to deliver an elegant and simple way for small businesses to accept payments instantly.” ■ Gas Stations Ponder EMV After Feeling Sticker Shock Gasoline retailers have three years to upgrade their pumps to accept EMV chipbased payment cards, but most are having a difficult time convincing themselves the cost to do so will be worth it. The card brands have set October 2015 as the EMV liability shift date for retail merchants, but fuel companies have two extra years during a smartcard migration to convert the numerous pumps involved. Two years ago, the National Association of Convenience Stores reported the average card fraud costs at fuel pumps at each store was about $700 a year, but their Payment Card Industry security standards costs were going up to about $2,000 a year. A 2013 report tallies fraud costs for the industry at about $250 million a year. ■ 16 ISO&AGENT OCTOBER 9, 2014 UP TAB TM SALON TRULY FOCUSEDTM • Booth Rental • Multi-location Management • Integrated FlexGift® Program for Gift & Loyalty Cards • Custom E-Coupon Capability • Convenient Appointment Management www.upsolution.com/isoagent ISO&AGENT OCTOBER 9, 2014 CHOKE Continued from page 1 fectively punishing them in lieu of the actual perpetrators of fraud,” wrote Issa and Jordan. The two lawmakers said that “any FTC policies derived from Operation Choke Point will have a chilling effect on honest and legitimate businesses.” The FTC’s efforts dovetail with Operation Choke Point, a Justice Department-led probe into the role that both banks and payment processors may have played in enabling fraud. “It never has been the processor’s role to serve as a backstop for consumers.” Jason Oxman, Electronic Transactions Association The probe has led to pushback from the industr y, including acquirers and trade groups. A spokeswoman for the House Oversight Committee did not respond to requests for comment. Peter Kaplan, an FTC spokesman, declined to comment. The FTC has responded in writing to some concerns raised by House Republicans. FTC Chair woman Edith Ramirez said in a Sept. 3 letter to Rep. Lee Terr y, R-Neb., that her agency’s efforts have focused on processors where there is evidence of misconduct, and not on the payment processing industr y as a whole. Issa’s letter to the FTC echoes concerns raised by people in the payment processing industr y, who are particularly worried about a new FTC tactic that opens them to substantial financial exposure. In a lawsuit filed July 30, the FTC is seeking to recover more than $26 million from the payment processing firm Cardflex. That’s the total amount of unauthorized charges made by Cardflex’s former client, Utah-based iWorks, which is accused of selling bogus Internet services to consumers, according to the FTC. Cardflex is accused of helping iWorks by advising the company on how to employ numerous tactics designed to evade Visa and MasterCard fraud monitoring programs. Cardflex and other defendants in the case have filed a motion to dismiss the suit. The FTC’s effort to recover unauthorized charges from Cardflex contrasts with the approach taken by the Justice Department in a suit against Four Oaks Bank. In that case, which was part of Operation Choke Point, Four Oaks paid a $1.2 million penalty, rather than the amount charged to consumers by alleged fraudsters, a sum that might have been substantially higher. Jason Oxman, chief executive officer of the Electronic Transactions Association, decried the FTC’s effort to extract from payment processors money that was collected by merchants. “It’s absurd because payment processors don’t actually keep the money that they process,” he said. “And it’s not the processor’s role—it never has been the processor’s role—to ser ve as a backstop for consumers.” The line between the DOJ’s Operation Choke Point and the FTC’s enforcement 17 actions is unclear. The Justice Department’s probe has largely focused on the role of banks, but it has also resulted in subpoenas of payment processors. Meanwhile, the FTC’s efforts seem focused on payment processors, but have also dragged in banks, according to Jeffrey Knowles, a partner at Venable. “While they’re actively bringing enforcement actions against non-bank payment processors,” Knowles said, referring to the FTC, “they’re also using their subpoena powers to gather information from banks.” In May, the House Oversight Committee, after collecting hundreds of pages of documents from the Justice Department about Operation Choke Point, released a report that called for the probe’s dismantling. “If the administration believes some businesses should be out of business, they should prosecute them before a judge and jur y,” Issa said in a news release at the time. “By forcibly conscripting banks to do their bidding, the Justice Department has avoided any review and any check on their power.” Many players in the nation’s financial industr y hoped the congressional pressure would lead to Operation Choke Point’s demise. But as one industr y lawyer said of the regulator y gambit, “Ever yone’s predicted its death, and it’s sur vived.” ■ People & Promotions PayPal has hired Dan Schulman as president and eventual CEO. Larry Drury is joining Vantiv Inc. as chief marketing officer. First Data Corp. has appointed two of its current executives to new roles: Barry McCarthy will lead four strategic businesses, including the STAR Network, and Sanjiv Das will head First Data’s international business. The company also has hired Andrew Gelb to lead the Financial Services business and Adam Rosman as general counsel. Ben Johnston has joined Strategic Funding Source Inc. as head of strategy and corporate development. Merchant Warehouse has hired Ken Paull as chief revenue officer. 18 ISO&AGENT OCTOBER 9, 2014 WHAT’S YOUR TWO PARAMOUNT PLATFORMS UNDER ONE POWERHOUSE PROCESSOR ISO/AGENT MERCHANT ™ ACH DATA ANALYTICS VISIT US AT WSAA IN SAN DIEGO, CA BOOTH 83 OCTOBER 15-16, 2014 WWW.PRIORITYPAYEMENTSYSTEMS.COM (844) 714-8687 MX MERCHANT, MX ACH, MX NAVIGATOR AND VIMAS ARE TRADEMARKS AND SERVICE MARKS OF PRIORITY PAYMENT SYSTEMS LLC, WHICH DISCLAIMS ANY AFFILIATION, SPONSORSHIP OR ENDORSEMENT OF ANY KIND WITH ANY OTHER ENTITY USING MX OR ANY VARIATION THEREOF IN CONNECTION WITH BANK CARD, CREDIT CARD, OR TRANSACTION TECHNOLOGY, PROCESSING SERVICES AND MERCHANT SERVICES. ISO&AGENT OCTOBER 9, 2014 TECHNOLOGY invoicing and payroll type services.” Digital checks have been a ripe space for startups to innovators, as the big technology companies such as Amazon, Apple and PayPal work on their own mobile wallets. Consumers still send billions of dollars via check, and checks remain inportant for business-to-business payments. Businesses with large invoices don’t want to accept a credit card because of the transaction fees, said Almond. With a 3% interchange fee, the recipient would be charged $300 on a $10,000 payment, which is high compared to fees for an e-check or automated clearing house payment. Virtual-currency technology is also getting attention. PayStand is seeing enterprise and loyalty companies building on top of Bitcoin’s blockchain system, said Almond. PayStand’s API enables merchants “to move money in with the e-check rail, pay with card networks and store loyalty on the Bitcoin network,” Almond said. Before joining the summer’s tests, one billing company was “building out its work flow but didn’t want to take on payments because of the regulatory issues and contracting the banking,” he said. “But we provide the core nucleus of everything they needed.” PayStand also worked with micropayment and mobile gaming companies during the tests. PayStand deals with PCI concerns and tokenizes card data so tmerchants have a reduced PCI burden. And because PayStand has partnerships with the top ten banks in the world, businesses working with PayStand aren’t actually transferring the money themselves and thus it isn’t necessary for them to comply with money transmitter requirements. A basic PayStand package with access to the API costs $299. The company has packages with var ying prices for startups and large enterprises. ■ digital data will have vulnerabilities, said Julie Conroy, senior analyst and fraud expert with Boston-based Aite Group. However, fraudsters have not put much energy into the type of exploit the researchers demonstrated, Conroy said. “We’ve haven’t seen a big incentive for criminals to spend the time and effort to try to break EMV because the U.S. remains such a rich and easy target as long as it depends on mag stripe,” Conroy maintained. The methods revealed at Black Hat capitalized on vulnerabilities in the device that the industr y could address with a security patch, Conroy said. “It will be important for merchants to be diligent in uploading these patches to all of their devices that touch payment card data,” she said. Reports of weaknesses in EMV hardware should not discourage U.S. merchants from preparations for adopting the technology, said Jacob A. Ansari, a Payment Card Industr y forensic investigator at 403 Labs, the security and compliance division for Sikich LLP. “There are a handful of attacks that focus on EMV transactions or the infrastructure that supports EMV, but it’s hardly all doom and gloom,” Ansari said. “There may be imperfections or security vulnerabilities, but using EMV would probably drastically reduce card-present fraud in the U.S.” Acquirers and merchants must remember that using an EMV card does not mean all card data is protected from interception, said Al Pascual, security and fraud senior analyst for Javelin Strategy & Research. “It only means that the EMV card itself cannot be cloned and used to commit fraud at an EMV terminal,” Pascual said. Hackers cannot emulate the dynamic data used for authenticating chip-card transactions, Pascual said, but any static data can be reproduced on mag-stripe cards. That said, as EMV spreads in the U.S., locations where only mag-stripe cards can be used will become few and far between, Pascual said, adding that. “Card breaches at the POS will become less relevant of a threat.” ■ Paystand Supports Card, E-Checks, Bitcoin PayStand, an e-commerce gateway for alternative and established forms of payment, is opening up its application programming interface (API) to support payments with credit cards, e-checks and Bitcoin. The API will enable developers of mobile and e-commerce sites to “re-imagine financial systems,” said Jeremy Almond, CEO of PayStand. “Developers can access [tool sets] from traditional players pretty easily…but maybe not so much for alternative forms of payment.” The year-old company has been running tests with developers all summer, building apps on top of its API to support different payment networks and types, with the goal of making payments more efficient and cheaper for merchants. “More and more developers are flocking to the e-check rails,” Almond said. “Developers are building new billing, UNAFRAID Continued from page 1 that do not require EMV. EMV-chip cards are meant to resist counterfeiting, but they typically include a magnetic stripe to remain compatible with older payment systems. The United States is making the transition to EMV cards, and the card networks have set a deadline of October 2015 for most companies. Under the new method of attack, however, hackers use rogue EMV cards to install malware on the device, enabling them to copy details of ever y card it processes. The attacker would return later with another card to extract the information, the researchers said. Researchers at Black Hat noted that, to date, no one has hacked EMV devices. But if researchers could do it, so could hackers, they reasoned. Any payment system that includes 19 20 ISO&AGENT OCTOBER 9, 2014 NOVEMBER 2-5, 2014 ARIA, LAS VEGAS Enabling Payments & Financial Services Innovation for Connected Commerce at the Intersection of Mobile • Retail • Marketing Services • Data • Technology ISO&AGENT OCTOBER 9, 2014 VENDORS Continued from page 1 mix gradually as his company learns the acquiring channel. Larger ISOs would make the most attractive partners, Katz said. He’s also seeking mobile-oriented ISOs because 86% of the CARD.com signups come through smartphones. As for customers, small retail or restaurant chains might have more potential than single-location businesses, he maintained. In some cases the company could set up electronic tablets at the point of sale for shoppers to use to order the prepaid cards. Thus far, the company has sold cards online and through a mobile app, relying on word-of-mouth, promotions by cobranding partners and paid ads on Google and Facebook. The cards often bear the like likeness of charismatic figures such as James Dean, Elvis Presley and Big Bird. Some of CARD.com’s business comes from payroll cards, Katz said. “We want to service the 90 million Americans right in the middle of the economy,” he said of the company’s overall business. Its customers, who earn annual income of $30,000 to $75,000, aren’t rich enough to qualify for free checking and might occasionally bounce a check. CARD.com calls them “the unhappily banked,” to distinguish them from the less-affluent underbanked. Forte Seeks More ISOs and Agents Forte Payment Systems, which got its start in 1998 as ACH Direct, has a small sales staff to handle inbound business and to concentrate on its specialty verticals, like governmental bodies and agencies, but most of its merchants sign on through ISOs and software companies, said Jeff Thorness, the company’s CEO. He started the firm as an ACH tech company, and performs almost all functions on that side of the business, including authorization, settlement and funding. On the credit card side, it operates a gateway and does its own underwriting but relies on processors for front-end authorization of transactions. It’s looking for additional ISOs and can handle ACH and cards for them, Thorness said. “We love ISOs, and we love to partner with people,” Thorness said. Because the company has relationships with most of the major processors, ISOs would not need to ad processors to do business through Forte, he noted. Since changing its name to Forte in March of last year, the company has been upgrading its virtual terminal, reporting and analytics, and APIs, he said. Its new approach to tokenization, called Forte.js, works for cards and ACH while complying with Payment Card Industry data security standards and minimizing PCI scope because the merchant never touches unencrypted data, Thorness said “We love ISOs, and we love to partner with people.” Jeff Thorness, Forte At the same time, developers control the look and feel of their application, he noted. Forte Checkout, another offering, works with or without a wallet, either retaining and tokenizing data or calling upon consumers to re-enter information on subsequent visits to the site. It’s for cards and ACH, Thorness said. The company overlays such products onto merchants’ sites, and thus does not need to redirect visitors to other sites, he said. A new version of its approach to bill payment could become available early next year. A “Kickstarter” promotion is offering new developers or merchants free processing worth $100,000, Thorness said. Verifi Wants More Distribution Verifi, which was launched nine years ago, began working with ISOs and other resellers two years ago to promote one 21 of its products, the Cardholder Dispute Resolution Network, or CDRN, said Tony Wootton, senior vice president and chief revenue officer. “Our focus is managing chargebacks, and our flagship product is focused on mitigating chargeback risk,” Wootton said. Chargebacks, the name for refunding a consumer’s funds when he or she disagrees with a credit card charge, reduce merchants’ revenue and can damage customer relationships, he noted. Disgruntled consumers contact the card issuer about 86% of the time when they want their funds back, Wootton said. They seldom approach the merchant, he added. That phone call or online chat sends an automated impulse to Verifi, which then alerts the merchant to the problem by posting them to a computer portal. That gives the merchant the opportunity to refund the customer directly or allow the chargeback to go through the system and fight it later. Merchants can have the system customized to fall in line with rules they specify, such as return the funds if for disputes of under a certain dollar amount. ISOs can use their familiarity with their merchants to “pre-qualify” accounts, Wootton said. ISOs mark up the alert fee that Verifi charges merchants each time a potential chargeback occurs. The company charges a range of fees per alert, depending upon volume and other factors. Fees typically come to about $40 per alert. “We’re seeing exponential growth in the channel because ISOs talk to ISOs,” he said. The Cardholder Dispute Resolution Network works for large and small merchants, Wootton noted. Merchants can integrate the ser vice with their IT systems or choose a portalbased approach that doesn’t require integration, he said. The alerts are virtually all accurate because they’re not initiated unless a consumer complains, Wootton noted. The process kicks in immediately when the dispute arises, giving merchants as much time as possible to react. ■ 22 ISO&AGENT OCTOBER 9, 2014 Published seven times a year, ISO&Agent is the merchant acquiring industry’s leading publication, combining timely news and articles on ways to boost revenue with insightful and relevant analysis of long-term trends shaping the industry. ISO&Agent’s unique position is its ability to deliver information via a print magazine and a weekly PDF eNewsletter. For more than nine years, thousands of industry professionals have turned to ISO&Agent for its comprehensive coverage of the industry—Invest in a brand your audience trusts. ISO&AGENT OCTOBER 9, 2014 23 Advertiser Index TSYS.............................................................2 Harbortouch................................................3 CashCall......................................................4 USA ePay..................................................... 5 @Pay............................................................6 PCI Compliance.......................................... 7 Clearent, LLC ..............................................8 eProcessing Network, LLC.........................9 Central Payment....................................... 10 Electronic Merchant Systems.................. 12 PAX............................................................. 14 United Merchant Services........................ 16 Priority Payment Systems....................... 18 Money20/20.............................................20 ISO&Agent................................................22 ISOandAgent.com....................................24 Editor: Ed McKinley 312-777-1380 (office), 773-562-9492 (cell) [email protected] Art Director: Kyung Yoo-Pursell Group Editorial Director, Banking: Richard Melville [email protected] Director of Research: Dana Jackson National Sales Manager, Advertising: Hope Lerman 312-475-0649 [email protected] Group Creative Director: Hope Fitch-Mickiewicz The Appointment Book 2014 WSAA Annual Conference Oct. 15-16 Marriott Marquis San Diego, CA http://www.westernstatesacquirers.comnews.php?ref=14 Northeast Acquirers Association 2015 Conference & Trade Show Jan. 20-22, 2015 The Westin Boston Waterfront Boston, MA http://www.northeastacquirers.com Money20/20 Nov. 2-6 Aria Resort & Casino Las Vegas, NV www.money2020.com TRANSACT 15: Powered by ETA March 31-April 2, 2015 Moscone Center San Francisco, CA http://www.electran.org/conferencesevents/transact15/ NAC2014 Conference and Expo Nov. 18-20 Tropicana Las Vegas, NV www.natmc.org/conferences General Manager, Digital Content: Paul Vogel Production Manager: Jason Tebaldi [email protected] Customer Service: 800-221-1809 [email protected] ISO&AGENT EDITORIAL ADVISORY BOARD Xavier Ayala, Consultant Tom Della Badia, Cynergy Data Paul Coppinger, Consultant Matt Clyne, Direct Connect Stacey Finley Tappin, Apriva Mark Dunn, Field Guide Enterprises Steve Eazell, Secure Payment Systems Donna Embry, Payment Alliance International Glenn Goldman, Capital Access Network Dennis Hamilton, TransFirst Charles Hogan, Tranzlogic Rod Hometh, Ingenico Matt Johanson, Discover Network Kevin Jones, Anovia Payments Rod Katzfey, Credorax Abe Maghaguian, Atlantic-Pacific Processing Mike McCormack, Palma Advisors LLC Tim McWeeney, VeriFone Tim Munto, TSYS Joe Natoli, NPC Linda Perry, Consultant Jon Perry, DFW Card Services James Taylor, Trustwave John Priore, Priority Payment Systems Paul Rianda, Rianda Law Linda Rossetti, Bluestone Payments Mike Fox, Group ISO Lisa Shipley, First Data Corp. Don Singer, EZCheck SourceMedia: CEO: Douglas J. Manoni; CFO: Rebecca Knoop; Chief Marketing & Digital Officer Minna Rhee; EVP & Chief Content Officer: David Longobardi; EVP and Managing Director, Banking & Capital Markets Group: Karl Elken; EVP & Marketing Director, Professional Services Group: Adam Reinebach; SVP, Conferences: John DelMauro; SVP, Human Resources and Office Management: Ying Wong Please send meeting and conference news to [email protected] SUBSCRIBE ISO&Agent is published weekly by SourceMedia, Inc. One State Street Plaza, 27th Floor New York, NY 10004. Subscriptions are free. For subscriptions, renewals, address changes or delivery service issues contact 800-221-1809. For reprints, call Damian Nash, 212-803-8365; fax, 212-8439624. Direct editorial inquires to ISO&Agent, 550 West Van Buren Street, Suite 1110, Chicago, IL 60607; phone, 312777-1380. The contents of ISO&Agent are, and remain, the property of SourceMedia, Inc. © 2014 SourceMedia Inc., and ISO&Agent. All rights reserved. Sign up for your FREE subscription today and receive: ➽ 47 Electronic PDF issues via Email ➽ 7 Print issues ➽ Annual Buyer’s Guide ➽ Online Archives 24 ISO&AGENT OCTOBER 9, 2014
