Posted August 26, 2014 by FreedomPay

PCI Validated P2PE Gives Merchants Peace Of Mind

To help merchants manage the risk of a breach, and the time and cost of PCI DSS compliance,  PCI-validated point-to-point encryption (P2PE) provides the highest tier of payment security and removes the merchant’s POS and network 100% out of scope for compliance.

Only solutions listed on the PCI Website have met the standards required to offer these merchant benefits: https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_solutions.php

P2PE utilizes secure Point-of-Interaction hardware that converts credit card information into encrypted files from the moment the card is swiped or entered. The encrypted files are decrypted inside a hardware security module that protects personally identifiable information and original card numbers from all parties other than the credit card processor.

Only PCI-Validated P2PE reduces PCI DSS compliance requirements for merchants by removing the POS and network out of scope. This reduces the costs to operate a secure environment and significantly reduces the amount of controls the merchant must adopt to ensure PCI compliance.

The stakes are high, and there is a lot of myths and misinformation creating fear, uncertainty and doubt in the market.  Only PCI-Validated point-to-point encryption can deliver true merchant benefits, and only FreedomPay delivers EMV and NFC support out of the box, making a single capital investment deliver a lot more value to the merchant.

To earn PCI validation, FreedomPay worked with Ingenico and ScanSource to develop a comprehensive security envelope including the hardware, the software and the chain of custody of the devices.  This gives our partners the assurance that their devices have not been tampered with or handled by unauthorized personnel.

It took a lot of planning, collaboration and testing to make this solution a reality.  Merchants can now feel secure that their payments data is protected, and their compliance burden has been relieved.

We would love to show you how P2PE can work for you.  Email commerce@freedompay.com or contact us to speak with a payment security expert today.


Posted August 19, 2014 by FreedomPay

FreedomPay Announces Multi-Functional PCI-Certified Point-to-Point Encryption Commerce Platform

Platform Developed with Ingenico and ScanSource Offers EMV and NFC Capabilities

It’s been a long year filled with anticipation, as we ran the gauntlet through about 1,000 PCI DSS controls and audits to bring a new level of security to our commerce platform.

And following months of onerous work, today we are thrilled to announce that we are delivering a PCI certified point-to-point encryption (P2PE) payment platform with full EMV, NFC and PIN debit capabilities – a first of its kind solution in North America.

While we would love to shout it from the rooftops, you’re probably wondering what PCI certified P2PE technology means for the industry – and why it should matter to you.

In response to recent security breaches, more emphasis has been placed on merchant payment security than ever before. And while the pending EMV requirements will result in big changes, it’s not enough to completely protect the payment channel.

As the deadline for moving to EMV looms, replacing point-of-interaction (POI) devices will be a requirement. Fortunately for merchants, PCI certified P2PE combined with EMV creates a foolproof solution that secures valuable payment data and authenticates the card holder. Even better, they can be installed together – delivering a one-two punch to thwart hackers.

To make our fully-functional P2PE solution a reality, we’ve joined forces with Ingenico and ScanSourceto leverage best-of-breed technology from each partner.

Ingenico devices were integrated into our commerce platform to support point-to-point encryption, instantly reducing merchants’ scope for PCI DSS compliance and giving merchants options for future payment system expansion. Additionally, the POI devices are delivered through ScanSource’s secure distribution methods, which eliminate potential device tampering before installation.

Aside from world-class security, the FreedomPay Commerce Platform P2PE solution gives merchants the ability to expand their commerce ecosystem to include incentive and loyalty programs, which can be easily managed through an online portal, as well as adding mobile payments and Business Intelligence to drive revenue growth.

If you’re interested in learning more about our fully-functional PCI certified P2PE commerce platform, please contact us. We’d love to provide you with more information.

Posted August 19, 2014 by FreedomPay

Industry Misconceptions about PCI Certified Point-to-Point Encryption

Proper education in the payment industry is crucial in today’s world of transactions, yet many merchants have fallen prey to misinformation about the security of their payment solutions – resulting in disastrous hacking incidents.

In fact, disseminated solution security information is so inaccurate that merchants have been misled into believing their payment systems feature PCI certified point-to-point encryption (P2PE) when they do not.

How do you know if your payment system does indeed feature PCI certified P2PE?

Just check the PCI Security Standards Council website. The “Approved Companies and Providers”section lists every PCI certified P2PE provider.

To receive PCI certification for a P2PE solution, a vendor must satisfy three criteria in addition to passing a 1,000-point PCI DSS audit check. Below are the requirements that must be in place for a vendor to offer true PCI certified P2PE.

  • Use a hardware-to-hardware encryption and decryption process, along with a point-of-interaction (POI) device that has SRED (Secure Reading and Exchange of Data) listed an enabled function.
  • PCI-validated secure distribution channel, meaning the entire chain of custody of the POI devices follows strict controls regarding shipping, receiving, tamper-evident packaging and merchant installation.
  • Include merchant education in the form of a P2PE Instruction Manual (PIM). This guides the merchant on POI device use, storage, return for repairs and regular PCI reporting.

Without meeting all of these criteria, a vendor is likely providing a merchant with an un-certified tokenization or end-to-end encryption solution.

Why is that solution bad for business?

In short, it does not remove a merchant’s point of sale (POS) and network from the scope of PCI DSS compliance leaving systems vulnerable to attack. The result is that a merchant is still responsible for ensuring compliance with all 300 or so PCI DSS standards instead of the 19 required in a true P2PE solution.

A PCI certified P2PE solution puts a merchant’s POS and supporting infrastructure, including network, 100% out of scope for PCI DSS compliance by encrypting payment information from the moment of swipe all the way to the processor. This ensures that the payment data is never made available in clear-text, meaning it is never unencrypted in a merchant’s POS, network or memory.

Knowledge is power when investing in solutions that protect your brand and customers. Be sure to check that your payment provider offers PCI certified P2PE or be ready to pay the ultimate cost. And while you’re making this decision, keep in mind the pending EMV requirements too.

To learn more about the PCI certified FreedomPay Commerce Platform P2PE solution, feel free to contact us. We’d love to provide you with the latest information on payment channel security.

To learn more about payment security best practices and PCI certified P2PE, consider reading the following articles.

Posted August 18, 2014 by FreedomPay

How Merchants Benefit From Point-To-Point Encryption (P2PE)

PCI-Certified Point-To-Point Encryption (P2PE) is the industry’s most secure technology to protect merchants against a payment data breach, and the only solution that can reduce the merchant’s scope for PCI DSS compliance.

This informative webinar will explain what PCI-Certified P2PE really means, and why it is a critical security measure and business solution for merchants.

Join FreedomPay’s Chief Technology Officer and global security authority, Christopher Kronenthal, to learn how FreedomPay earned the coveted PCI validation for Point-To-Point Encryption, and how it can help merchants save money, save time, and gain unparalleled security over customer data.

Click Here To View FreedomPay P2PE Webinar Now (Recorded Aug 21, 2014)




Posted August 05, 2014 by FreedomPay

Building Loyalty Among Millennials: The Need For Mobile Incentive Programs

When you think of Millennials, what comes to mind first? If it’s a young person with their eyes glued to their smartphone, tapping out a tweet, a status update, a text or a search — you’re pretty close to the truth.

Millennials’ attachment to their devices creates a huge opportunity for retailers — especially in the form of incentive and loyalty programs that keep customers informed, engaged and most importantly, shopping.

Millennials (as well as many Generation Xers and even a few Baby Boomers) are increasingly using their mobile devices for just about everything. According to web content management company SDL, those 18- to 36-year-olds check their smartphones, on average, 43 times a day. And Forrester recently said that mobile devices will account for about 29% of online consumer purchases in 2014, which is up from 21% in 2013.

So, it makes sense for retailers to tap into increasingly mobile-centric behavior. Yet, retailers too often use their mobile apps merely as store locators when they can do so much more. One such way merchants can get better results and drive sales with apps is to tap into customer loyalty initiatives.

A recent study conducted by Thrive Analytics and Local Search Association found that U.S. smartphone users ages 18-29 were significantly more likely to interact with companies to receive deals and rewards than any other age group. And statistics from Punchtab noted that — if given incentives — 63% of Millennials would join a consumer loyalty program.

Perhaps the most telling data regarding Millennials’ affinity for mobile incentives programs was released by Bond Brand Loyalty. It noted that 68% of those ages 20-34 would change where they shopped if it meant getting more program rewards, and one third reported buying something they didn’t need or want just to earn points or increase membership status.

The mobile loyalty revolution is upon the retail industry, and now is the time for brands to build top-notch incentives programs to maximize the potential of their Millennial audiences.

While providing consumers with a mobile app version of the familiar loyalty “punch” cards is a great starting point, investing in a multi-functional incentive platform allows savvy retailers the ability to harness the power of geo-location and highly targeted analytics to deliver the right offer to the right consumer at the right time.

Merchants can build social and mobile-enabled loyalty and rewards programs that track customers’ identity, behavior, purchase history and favorite incentives — even across channels.

What’s more, segmentation and customization capabilities allow retailers to target incentives to key customers by spend, frequency, loyalty program score and even SKU. Existing marketing automation and analytics tools can be integrated into the platform for incentive targeting and sharing with third-party stakeholders, too.

The opportunity for merchants to build relationships with Millennials can lay the foundation for capturing a greater share of wallet as the generation ages and gains even greater buying power. Utilizing mobile to build loyalty with this burgeoning segment now is the key to keep them coming back.

*This blog originally appeared on the Retail TouchPoints blog. You can access it here