Future-Proofing Payments With Point-to-Point-Encryption
By Ralf Gladis, co-founder and CEO, Computop
Any retailer that takes payments at the point-of-sale (POS) in a brick-and-mortar store will most likely recognize the term EMV, which stands for Europay, MasterCard and Visa. It is a global standard for credit cards with chips and card capable POS terminals providing checkout devices with a secure payment scheme.
EMV is currently the standard that is used, industry wide, for authenticating and processing credit and debit card transactions. So if it is a standard, then that’s cool. Right? Not necessarily. It might be the right strategy for now; however, if you’re currently investing in POS technology and you’re hoping it will last a good way into the future, you’d do well to think again.
EMV provides security around forged cards, but it doesn’t provide secure processing. An EMV compliant POS device typically uses the EMV chip on cards to authenticate the cardholder through his PIN, and it collects the required card data from the chip. However, when payment data is forwarded to the payment processor the message includes plain card data. Therefore, a secure PCI compliant infrastructure at the merchant is required (e.g., encrypted data bases, log servers, firewall procedures, etc.) in order to provide safety and avoid a data breach. However, there is still a risk of hackers intruding a merchant’s infrastructure in order to steal card data.
This is why Visa and MasterCard introduced the Point-to-Point-Encryption (P2PE) standard for secure payment processing and, as you’d expect, the payment industry is now migrating towards it. P2PE standards were released in April 2012, and P2PE is already mandatory in certain market sectors including mPOS. It is just a matter of time until it becomes a compliance requirement.
Only the P2PE standard provides true secure processing because it is designed to allow secure payment processing through insecure networks. Although it is a new security standard, it is already very popular in the U.K., and Germany, because it lifts the PCI burden from a merchant and therefore reduces costs and efforts significantly. In summary, what P2PE does is build a secure channel around EMV payment transactions, just like a VPN does.
A very sophisticated hardware-based encryption method (DUKPT) ensures that the payment data is encrypted on the device. It is extremely secure because each transaction gets a new password. This encryption provides safety while the transaction is travelling to the payment processor even through insecure systems because only the payment processor is able to decrypt the P2PE message that includes the EMV payment data. But then, instead of providing real card data, a payment processor could just feed back tokens and masked card numbers to the merchant. With P2PE merchants never have to store or forward real card data again which reduces costs and efforts for PCI to nearly zero.
Another advantage of P2PE is the level of security that protects a merchant’s payment processes. A P2PE compliant solution will not only manage the encryption of data but also will track all payments hardware across the retail estate throughout its life cycle. Should payment problems occur P2PE means that they are much easier to pinpoint and manage.
Retailers who are re-thinking your POS investment over the next year should choose wisely. Given that U.S. merchants already have to make big investments in EMV compliant POS infrastructure, my recommendation is to invest in P2PE ready or P2PE compliant hardware. P2PE POS devices are already available from a variety of payment device manufacturers.
Adopting P2PE from the outset will reduce PCI cost and efforts immediately, and it will give merchants significant advantage when P2PE compliance becomes mandatory. Preparation shouldn’t be complex, and the first step I’d recommend a merchant to take is simply checking with their payment services provider to see if they are working towards delivering their services in a P2PE compliant way. It is a simple question and one that could start the process of future proofing their payment strategy by cutting the cost and effort involved with compliance.
Ralf Gladis is the co-founder and CEO of Computop www.computop.com., a leading global payment service provider. Contact him at [email protected].
Stein Mart marks ninth consecutive quarter of positive sales
Stein Mart is marking its ninth consecutive quarter of positive sales. The company reported total sales of $75.3 million for July, a 0.9% increase from $74.6 in the prior year.
The company has generated $298.1 million in total sales for the second quarter so far, a 2.5% increase from $290.9 in the year-ago period. Comparable-store sales have increased 1.3%.
Geographically, California had the strongest sales in July, while the Northeast and Midwest faced some challenges. For the second quarter so far, home and ladies’ apparel have posted the strongest sales, while men’s and accessories have performed lower than the chain. The company operated 265 stores at the end of July this year compared to 262 stores last year.
"Our 1.3% comparable store sales increase for the second quarter marks our ninth consecutive quarter of positive sales," CEO Jay Stein said. "July sales trended higher in the second half of the month driven by early fall receipts. We continue to have a positive outlook for 2014 as the underlying fundamentals of our business and growth strategies remain in place."
The company will report full second-quarter results Thursday, August 21.
Getting to know Greg Foran
The retail industry and many of those who work at Walmart are going to get a double shot of Greg Foran next week. The former international executive assumes his new role as CEO of the Walmart U.S. division as the retailer prepares to release second quarter results and host a major U.S. manufacturing summit.
Both events occur on Thursday, August 14 and Foran is expected to play a key role. In conjunction with the release of its results on August 14, Walmart makes available a pre-recorded message in which top executives and division chiefs share their thoughts on the company’s performance. While some analysts and investors may know Foran from the less than three years he spent with Walmart in Asia, for many it will be a first opportunity to hear him comment.
What he has to say regarding the U.S. division’s performance could be noteworthy, but also potentially uneventful. Foran has no prior experience with Walmart’s U.S. operations and very limited exposure to the business to form an opinion on measures to restore sales growth. Walmart’s second quarter ended June 30 and Foran’s first day as U.S. CEO is August 9, six days before the company releases financial results on August 14.
A few hours after those results are released, Foran and his predecessor Bill Simon and Wal-Mart Stores, Inc., president and CEO Doug McMillon are scheduled to participate in the company’s second annual U.S. Manufacturer Summit. The event is being held in Denver and Walmart plans a two hour Webcast, affording an opportunity to both hear and see a top Walmart executive making his American debut.