News

Going Global: Top Tips for Implementing Mobile Point-of-Sale Systems on a Global Scale

BY CSA STAFF

By Pascale Juan, I Love Velvet

As the payments industry moves at lightning speed and technology changes rapidly, it can be a challenge to keep pace with the security payments and standards of the mobile payments industry. In addition, one of the most frustrating areas of mobile security is the challenge of navigating global security requirements. As a global brand, using mobile point-of-sale (MPOS) requires compliance with the differing security certifications and methods in various countries.

When considering global security requirements for MPOS hardware, the most obvious difference in preferred security standard lies between the U.S. and Europe – the biggest difference of which is the use of “chip and pin” technology. Chip and pin is the colloquial name for the rollout of the EMV smart card payment system for credit, debit and ATM cards, and has become extremely popular overseas as a payment method. (While “Chip” refers to the computer chip embedded in the smartcard, the “Pin” represents the personal ID number assigned for use by the customer.)

When it comes to payment, the popularity of “chip and pin” abroad highlights one of the bigger cultural differences between the U.S. and Europe. While U.S. consumers are content to hand over their credit card at a restaurant, this practice is unheard of in Europe. Instead, a reader is typically brought to the guest and they then enter their credit card pin code. It’s a subtle difference that many American companies have yet to realize, making it difficult for U.S. brands when they expand internationally. In fact, European customers will often chase down associates who take their credit cards for processing!

The other concern for global mobile payment security is EMV certification (EMV stands for Euro Mastercard Visa), a global security certification for chip-based debit and credit cards. Unlike in the U.S., when using a MPOS system in Europe, most European banks and brands will immediately ask for EMV certification. Notably, there are two types of certification: EMV 1 and EMV 2, each of which pertain to the different dollar amounts of transactions that each level supports. Because chip and pin cards are slated to roll out in the U.S. within the next few years, chain stores considering MPOS technology must look for systems that are EMV certification compliant.

In the U.S., retailers have always been more concerned with the Payment Card Industry Data Security Standard (PCI DSS) certification. Designed to prevent credit card fraud, PCI DSS is an industry-wide security certification for major debit, credit, prepaid, ATM and POS cards. As such, all MPOS hardware in the U.S. has typically been tailored to meet the PCI DSS standard. Perhaps a signal of what’s to come, the standards were recently updated to include ‘chip and pin’ terminology. While this is a step towards creating a truly global security standard, for global brands, it will be critical to be aware of both changes to and requirements for the PCI DSS standard, as well as EMV standards.

It’s important to note that some technologies that have gained popularity in recent years with U.S. retailers — including Square — are not chip and pin enabled. Square, which uses a simple dongle, could not support this type of payment, and adding a key pad would violate security standards. So while the allure of a quick and easy solution for MPOS is understandable, the cost of failing to adhere to global security standards — or worse, the leak of customer payment details — is much higher. As such, MPOS should have chip and pin enabled and go a step further with EMV 1, EMV 2 and PCI DSS certification.

The next level of global security certification for MPOS is encryption. It’s a basic level of security, but important nonetheless. The potential landmine issue here is making sure that both the MPOS device (terminal or reader) and the associated software is encrypted. Many retailers assume that if the device is protected, the software must be too, which isn’t always the case. Since MPOS systems often involve software that is rich with customer or store details (i.e CRM software or inventory management), both the device and software should be equally protected.

Further, provisions should be made to ensure that store associates only have access to the CRM program or inventory program if they are connected to the companies’ Visual Private Network (VPN). And, if a store associate tries to remove a device from the store, administrators must ably and remotely block the device via an online portal. Devices should also be assigned “store numbers”, where, for example, a mobile reader or iPad terminal can only be used in Store A, and if you bring the device to Store B, it will essentially become a paperweight.

In addition, the highest level of encryption is via a Secure Access Model (SAM) chip. These can be inserted into mobile POS readers, providing extra levels of encryption. SAM technology can be used for cryptographic computation and secure authentication against smart cards or contactless cards, heightening the security of each transaction. “Master keys” for the card are held by the bank issuing the credit card, making it impossible for an in-store associate to access the payment details. Some of our customers have even designed custom SAM chips for their network.

Lastly, regardless of which country you operate in, the most critical piece of security standards globally requires that no information is ever saved on a mobile POS device. The risk of losing a device or having a device stolen by a customer or store associate is simply too great in brick-and-mortar stores. If a store associate walks away with a device, then they shouldn’t walk away with all of your customer’s credit card details as well. Nothing should ever be stored on the device during a credit card swipe, and on the flip side, store associates shouldn’t be able to use the device to swipe credit cards at home. By implementing sensors within the POS device, retailers can ensure that even if an iPad, Android device or iTouch terminal is cracked open, the device will wipe itself and require a firmware re-installation.

It may seem like a lengthy list of ‘must haves’ when it comes to implementing global security standards for a store’s new MPOS system, but the risks associated with a customer’s payment or personal details are far too great. Companies who are truly forward-looking will act now to make sure their MPOS standards are up to code not just in their headquartered country, but also globally.

Pascale Juan is the COO of I Love Velvet.


More Web Exclusives/Guest Commentaries

keyboard_arrow_downCOMMENTS

Leave a Reply

S.Williams says:
Dec-03-2013 08:55 am

Its always good to learn tips like you share for blog posting.I think your suggestion would be helpful for us. I will let you know if its work for me too. Accept Credit Cards with Phone

S.Williams says:
Dec-03-2013 08:55 am

Its always good to learn tips like you share for blog posting.I think your suggestion would be helpful for us. I will let you know if its work for me too. Accept Credit Cards with Phone

B.Johnson says:
Oct-11-2013 06:25 am

In the U.S., retailers have always been more concerned with the Payment Card Industry Data Security Standard (PCI DSS) certification.The next level of global security certification for MPOS is encryption. It’s a basic level of security, but important nonetheless.Quick Transcription is provide Audios & Videos transcription service and they are provide transcription of Business also.more information http://www.quicktranscriptionservice.com/Business-Transcription-Services.html

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

Former Amazon exec fills McDigital role

BY CSA STAFF

Atif Rafiq was named to the newly created position of chief digital officer at McDonald’s after previously serving as general manager of Kindle Direct Publishing at Amazon.

In his new role, Rafiq will lead McDonald’s global digital strategy focusing on future growth in e-commerce, modernizing the restaurant experience and engaging with consumers across the digital landscape. Rafiq will report to chief brand officer Steve Easterbrook.

"Consumers visit and interact with our brand in multiple ways — and digital continues to grow increasingly important to them," said Easterbrook. "Atif will lead a more coordinated and comprehensive digital strategy for our global organization as we deepen our connection with our customers. His cutting-edge thinking, background and expertise will help us drive even greater innovation in this arena."

Rafiq has nearly 20 years of financial and tech industry experience. As general manager of Kindle Direct Publishing at Amazon.com, he oversaw global product management, marketing, design and development. Before that, he led the Y! Local Division as general manager, and global product strategy for the Y! News Division at Yahoo.com!

"Bringing Atif onto our leadership team represents a tremendous opportunity for McDonald’s to elevate our restaurant experience and strengthen the bond we share with our customers in new ways," said McDonald’s president and CEO Don Thompson.

"I am excited to join this iconic brand," said Rafiq. "I look forward to building on the strong foundation in place and creating even more relevant opportunities to engage with the millions of customers who interact with McDonald’s every day around the world."

Prior to his time at Amazon and Yahoo!, Rafiq was CEO of a venture capital backed company, and held prior positions with AOL and Goldman Sachs. Rafiq has built a strong network across Silicon Valley and has advised dozens of startups throughout his career in spaces such as mobile commerce, social media, online communities and projects with a hyper-local neighborhood focus.

Rafiq earned a bachelor’s degree in mathematics and economics from Wesleyan University and holds a master’s degree in finance and marketing from the University of Chicago.

McDonald’s operates more than 34,500 locations. It serves more than 69 million customers in more than 100 countries each day.

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...
News

TeleBrands shows Moxie and Pocket Hose prevails

BY CSA STAFF

Leading “As Seen on TV” product producer TeleBrands took Marketer of the Year honors at the recent Electronic Retailing Association’s annual Moxie Awards.
In addition to top marketer accolades, the company’s Pocket Hose product was recognized as Best Short Form Infomercial.
"We are proud to be recognized as marketer of the year, especially on the occasion of the 30th Anniversary of TeleBrands. From the advancements we’ve made in our industry to move once middle-of-the-night only infomercial products into mainstream retail establishments across the globe to perfecting the short-form infomercial, our team works tirelessly to bring problem-solving consumer products to market with the goal of reaching mass audiences," said AJ Khubani, president and CEO of TeleBrands.
The 2013 Electronic Retailing Association’s D2C Convention brought together the DRTV industry’s top innovators, manufacturers and marketers to highlight the hottest trends in the direct-to-consumer marketplace. The 22nd annual ERA Moxie Awards recognizes the best in the space. In addition to winning "Marketer of the Year" and "Best Short Form Infomercial," TV pitchwoman Forbes Riley won the "Best Female Presenter" award for TeleBrands’ Natural Solutions to Things that Bug You long-form infomercial.
Some of TeleBrands current products include Stone Wave, Perfect Polly, Light Angel, Kansas Railroad Pocket Watch, Olde Brooklyn Lantern, Flip Jack Pancake Pan and PedEgg.

keyboard_arrow_downCOMMENTS

Leave a Reply

No comments found

TRENDING STORIES

Polls

Are you hiring seasonal employees this year?

View Results

Loading ... Loading ...