Bitcoin Answers Payment Questions
By R.J. Carver, Corporate Development Associate, Plug and Play Tech Center
With major credit card breaches recently confirmed at a number of America's largest retailers, payment security has become a serious problem almost overnight. Target, P.F. Chang's, Home Depot, and multiple other household names have been added to the growing list of compromised operations. The root of the problem is the complex and outmoded process by which credit card transactions are completed at the point-of-sale, and there are a number of emerging financial technologies that have the potential to account for this inherent vulnerability.
To complete a credit transaction, a given merchant must communicate with an acquiring bank in order to confirm that the user has sufficient credit on a valid card. Doing so requires the vendor to store card owners' personal data, which is then sent to the bank electronically.
Modern retailers use what is known as a point-of-sale (POS) system, which expedites the process by extracting information from a chip or magnetic stripe on the credit card to be communicated via a direct link to an acquiring bank. POS systems have been in use for the past few decades, and retailers are slow to replace ones that are already functioning. The storage and movement of card owners' valuable personal data is often done using outdated software on machines that are decades old, making merchants easy targets for hackers that want to commit credit fraud.
This issue is compounded by the fact that said outmoded POS platforms are also often remotely administered with simple password protected accounts.
The most recent breach occurred with the nationwide sandwich chain Jimmy John's, where the personal information of each customer that swiped a credit card at one of 216 stores was compromised. A press release posted on the company's website explains the method by which hackers used the point-of-sale terminals, installed by vendor Security Systems Inc., to access customers' information.
According to their website: "It appears that customers' credit and debit card data was compromised after an intruder stole log-in credentials from Jimmy John's point-of-sale-vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations."
The announcement of this breach comes almost immediately following news of a similar operation that affected Goodwill Industries International over the course of 18 months. Goodwill's POS technology vendor C&K Systems confirmed that their terminals had been exploited by the same form of malware that compromised 40 million credit cards at Target and 56 million at Home Depot. The malware employed in the attack was designed to extract the data stored on the magnetic strip of each card, enabling hackers to manufacture counterfeit versions for their own use.
In the Chips
With all of the negative media coverage surrounding the credit card breaches just discussed, the question of payment security has been on the American nation's mind. Recent trends in financial technology indicate a desire to move away from traditional banking and payment systems. Advancements such as the integration of Near Field Communication (NFC) chips in high-end smartphones, cloud computing, and the advent of digital currency have the potential to circumvent the complications that make vendors and their customers vulnerable to fraud.
NFC chips are a standard feature on Apple's iPhone 6, Samsung's Galaxy s5, and a few other top of the line smartphones. The NFC chips that are being implemented in today's smartphones are similar to the EMV (Europay, Mastercard, and Visa) or 'chip-and-pin' microchips being integrated into newer credit cards to reduce fraud. These chips employ radio waves to complete transactions using information that is encrypted on the user's cell-phone or card, making it more difficult for criminals to steal and use customers' information.
Pay By Phone
Using a smartphone rather than a credit card for payments is advantageous in terms of security for a few reasons. One of the most promising platforms in the NFC Payment space, Apple's ApplePay, stands as a great example. ApplePay was announced with the release of the iPhone 6, offering enhanced security by using an encrypted NFC chip in conjunction with Apple's Touch ID. A given user is required to supply a fingerprint prior to the completion of any transaction, which provides an extra layer of security through biometric validation.
Bitcoin Offers Unique Features
Cryptocurrencies have been a major topic of fintech discussion since the announcement of Paypal's decision to partner with Bitcoin payment processors BitPay, Coinbase, and GoCoin.
I sat down with Coindesk's contributing editor Daniel Cawrey, who stated: "In the Bitcoin space, payment security is critically important to success. BitPay in particular has long had the stance that credit cards were not built for the Internet, which I think is entirely accurate."
By using a system that is purely peer-to-peer, Bitcoin provides a way for users to make electronic payments directly to one another without the use of a financial institution as a trusted third party. Bitcoin transactions are also completed using an encrypted electronic wallet that cannot easily be traced to a specific owner. By providing users with a way to send payments directly to each other without the use of personal information, cryptocurrency offers a layer of security where POS systems have been vulnerable to attack.
Cloudwalk: Best of Both Worlds
Cloudwalk, a member of Plug and Play's Retail Accelerator, offers a one-stop open payment platform on the cloud. By providing a third party platform based on the cloud, Cloudwalk is able to manage the security of POS software for any type of terminal in the same place.
One of Cloudwalk's founding members, Behzad Malek explains: "Cloudwalk is an EMV platform that is on the cloud, so it is the best of both worlds. It has EMV security, so the latest and greatest in the market in terms of microchip cards, and at the other end the efficiency of the cloud."
By combining the EMV technology used in NFC enabled cell phones with cloud computing, Cloudwalk provides a scalable, efficient, and secure payment solution. They work with acquiring banks and merchant solution providers to give customers a way to manage all of their payment terminals in the same place with full visibility. They are working across a wide range of POS hardware to establish a secure link through which large corporations are able to update and manage their systems to effectively protect them against credit fraud.
With credit card fraud on the rise, there will be a serious push to move away from magnetic strips and traditional POS methods. As credit card companies work towards EMV Compliance, emerging technologies such those previously described bring with them the potential to change the way we think about traditional payment systems altogether. If credit breaches continue to gain national media exposure, the advent of NFC-enabled smartphones and digital currency may render physical wallets completely obsolete much sooner than we think.
Supervalu, Albertson’s hit by new breach
Eden Prairie, Minn. – Supervalu Inc., which reported an intrusion into the portion of its computer network that processes payment card transactions at some of its retail food stores on Aug. 14, is reporting the discovery of another breach. The company says that in what it believes to have been late August or early September 2014, an intruder installed different malware into the portion of its computer network that processes payment card transactions at some of its Shop ’n Save, Shoppers Food & Pharmacy and Cub Foods owned and franchised stores, including some of its associated stand-alone liquor stores.
Supervalu believes this is a separate attack from the one that previously occurred in June and July 2014. Upon recognition of this intrusion, the company took immediate steps to secure the affected part of its network and believes it has eradicated the malware. An investigation of this recently discovered incident is underway.
In addition, Supervalu says that enhanced protective technology significantly limited this recently discovered malware’s ability to capture data from payment cards where the malware was installed. Specifically, although the investigation is ongoing, Supervalu believes that this malware did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores in Minnesota, where implementation of the enhanced protective technology had not yet been completed. Supervalu is offering customers who used their payment cards at those four stores during the relevant time period 12 months of complimentary consumer identity protection services through AllClear ID.
Supervalu is cooperating with law enforcement and has notified the major payment card brands involved in the breach.
“We care greatly about our customers, and the safety of their personal information will continue to be a top priority for us,” said Supervalu president and CEO Sam Duncan. “We’ve taken measures to install enhanced protective technology that we believe significantly limited the ability of this malware to capture payment card data and we will continue to make these investments going forward.”
In addition, a possibly related breach occurred at Albertson’s, Acme Markets, Jewel-Osco, Shaw’s and Star Market stores operated by New Albertson’s Inc. in late August and early September. Supervalu, which provides third-party IT services to Albertson’s, notified Albertson’s of the breach.
The new malware may have captured account numbers, expiration date, other numerical information and/or the cardholder’s name. At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident. Measures have been taken to prevent further use of this new and different malware in the affected store locations. Albertson’s is also implementing additional measures to enhance the protection of customer payment card data. Supervalu is working with Albertson’s to investigate the breach but said it does not believe it would be responsible for any losses that result.
Walgreens swings to Q4 loss amid acquisition charge
Deerfield, Ill. – Walgreen Co. met Wall Street expectations for the fourth quarter of fiscal 2014 despite swinging to a loss. Walgreens posted a net loss of $239 million, largely driven by an accounting charge from its Alliance-Boots acquisition, compared to net earnings of $657 million in the same period a year earlier.
Walgreens recorded a non-cash loss of $866 million in the quarter that ended Aug. 31 because it decided to exercise early its option to buy the remaining stake of Alliance-Boots that it did not already own.
Net sales rose 6% to $19.06 billion, from $17.94 billion. Same-store sales increased 1.3%.
“Our fourth quarter performance was in line with our expectation, recognizing we have much more to do,” said Greg Wasson, president and CEO of Walgreens. “We closed the fiscal year by exercising the option for the second step of our strategic transaction with Alliance Boots, completing the transition of our pharmaceutical distribution to AmerisourceBergen and driving continued improvement in our daily living business that resulted in our largest year-over-year quarterly and fiscal-year sales increases in three years. We maintained solid expense control in the fourth quarter and are moving forward with the implementation of our previously announced cost-reduction initiative to achieve $1 billion in savings by the end of fiscal 2017.”
For the full fiscal year, net earnings dropped 24% to $1.9 billion from $2.5 billion, while net sales grew 6% to $76.39 billion from $72.22 billion. The combined synergies for Walgreens and its strategic partner, Alliance Boots, in fiscal 2014 were $491 million. The joint synergy program is estimated to deliver fiscal 2015 combined synergies of approximately $650 million
As of Aug. 31, Walgreens operated 8,309 locations with a presence in all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands. The company has 8,207 drug stores nationwide, a net gain of 91 compared with a year ago. Walgreens also operates infusion and respiratory services facilities, specialty pharmacies and mail service facilities, and manages more than 400 Healthcare Clinic and provider practice locations around the country.