The PCI DSS is an important global security standard that’s been helping to safeguard retailers and their customers for over a decade. Covering all channels – online, in-store, mobile or MOTO – it ensures that the right controls are in place to safely store, transmit and process customers’ sensitive payment data.

Failing to comply can expose merchants to extra card charges and potential fines and make them easier prey for fraudsters.

Unsurprisingly, most European businesses are now either PCI compliant, or in the process of gaining compliance. Smart merchants will have managed to reduce their scope, using PCI point to point encryption (P2PE) and tokenization, or have successfully shifted the responsibility to others by outsourcing to a PCI approved ‘payments as a service’ provider.

PCI Compliance is more than a box tick
For many merchants, however, there’s still lots of confusion about what PCI compliance means for their business and what they have to do in order to ensure their systems remain secure.

Often approached as an annual ‘box-ticking’ exercise, PCI compliance can become a huge and onerous task, causing disruption and a drain on resources. Unread documentation, poor systems and bad implementation can lead to a frenzy of activity when the audit is due or QSA representatives are expected.

PCI compliance is not a once a year activity. It has to be a living breathing part of daily/weekly/monthly operations and actions, which are not only adopted but monitored and updated regularly (not just prior to a PCI audit).

Everyone involved in maintaining the data chain needs to understand their role, their actions and their reporting process. And checks must be in place to make sure that they adhere to them.

Making it easier

Automation can take much of the pain out of managing this process – as does reducing scope using PCI P2PE and tokenization. Software tools can help monitor, analyze, record and event-flag systems, and control information flows and access. Just like people, these tools need TLC and may need to be configured and tweaked on an on-going basis, as threats evolve, and standards tighten.

Some merchants may even choose to outsource eCommerce, using end-to-end solutions to remove their IT and compliance burden by shifting responsibility to the provider. In this case, they must make sure their payments partners are PCI compliant and seek assurance that they are monitoring and maintaining their payment environment effectively.

Keeping security front of mind

It goes without saying that being PCI compliant (or out of scope) doesn’t make a merchant invincible. Additional anti-fraud solutions and security processes may be required to keep data protected. It’s always a good idea to undergo regular vulnerability scans to spot any issues before they become a problem.

At the end of the day, the PCI DSS is not fixed but is constantly evolving – as are security threats and vulnerabilities.  PCI compliance is not a destination, it’s a journey.  Retailers should understand this and work with their internal teams and external solution providers and partners to make sure their payment systems are constantly up to standard.

The past few years have seen the wholesale transformation of America’s checkouts. The introduction of EMV in 2015, followed by a shift in liability card rules, has driven vigorous investment in point of sale (POS) infrastructure – dramatically changing the ‘commerce’ landscape and heralding an explosion of innovation at the POS.

This is driving richer services and opening up new lucrative revenue streams for merchants.  So, how are merchants exploiting this to attract, convert and retain more customers?

Exploiting POS Potential

Firstly, they are realizing that replacing their POS is not simply a ‘like-for-like’ decision. Technology has moved on significantly since their last upgrade. Modern POS devices are not dumb like their predecessors. They are powerful and smart with more memory, more processing power and more functionality than ever before.

They can take payments from all cards (including EMV), by contactless, by phone, from mobile wallets and, in some cases, accept crypto-currencies. They’re different on the outside too – often with full-color touch screens and multimedia capability.

Importantly, POS devices now come complete with their own software platforms and can be connected via the cloud to powerful payment gateways that can drive more than just acceptance.  POS software is now a big US market with marketplaces and downloadable apps popping up regularly. These can be back-end facing – helping to make retailers more efficient through stock management or integrated order processing – or customer-facing, facilitating exciting new checkout services like e-loyalty and personalized promotions.

Increasingly, POS devices are portable, fully mobile or integrated with tablets and smartphones to bring a whole new world of acceptance and digital service straight to the consumer, instore and out.

Show me the money!
Armed with all this potential, where are North America’s merchants finding the biggest returns?

Attracting and Activating Buyers
With so much functionality, retailers are using the POS to encourage referral and uplift with apps and add-ons that boost AOV and loyalty.  Point of sale marketing is now a key part of the marketing mix and is being used hand-in-hand with other marketing materials to remind customers of the product as well as offering incentives to buy. They are making full use of POS displays to engage and persuade new customers to spend.

Busting lines
Faster checkouts mean more throughput and higher sales. 88% of US consumers want their retail experience to be faster and US merchants are responding with self-service, kiosks and mobile POS. Contactless also has huge potential here. While just 3% of US transactions are currently contactless, its anticipated that this will rise as banks roll out contactless cards. By 2020, 56% of all US cards are expected to be contactless.

Consultative ‘smart’ selling
Personal interaction by ‘Savvy’ sales associates at key decision times pays dividends. That’s why US stores are arming staff with sales enabling tools such as integrated tablet/smartphone POS.  Boosting sales through consultative ‘digital’ selling, this is also raising productivity with ‘at a glance’ stock management and sourcing.

Turning data to dollars
Actionable data collected by smart POS systems is the new gold rush for US merchants. They’re using real-time POS reports to mine better insight on their operations (making them more efficient), on their customers (using tokenization to track their journeys and preferences) and on their marketing effectiveness (delivering more targeted promotions and incentives.)

Flexible payments

According to the US Census Bureau, Millennials now represent over 83 million people, (around a quarter of the U.S. population).  But Only 33% of US millennials own a credit card. To tap into these segments, US merchants are offering new instant finance and payment solutions at the POS e.g. Klarna, AfterPay and AliPay.

Rewards that count

Increasing customer retention by just 5% is shown to boost profits by 25-95%.  US merchants are shifting loyalty programs from simple points-based or voucher systems to targeted marketing campaigns that push out mobile coupons or offers based on specific customer behavior.

Customized checkouts

Gone are the days of one POS fits all. US merchants are exploiting over-the-cloud updates and payment gateways, to customize POS functionality so they can deliver better experiences and higher service profitability. Restaurants, for example, are using the POS to split checks, search menu items, track server performance, process online and tableside orders, report trends, void or comp items, track what menu items are selling well, and even train new employees.

It’s easy to see that the POS is not just about acceptance but also about delivering great sales ‘experiences’ that lead to higher revenue for the retailer.

As US merchants strive to make their goods more attractive and easier to buy, they’re increasing demand for open integrated commerce solutions from payment partners like FreedomPay, who can help them find new ways to inspire, educate and inform customers at the POS.

There’s lots of hype around platforms these days. It used to mean a technical base – like a computer and operating system from which to run software and processes or develop other technologies.

Today, it means much more than that. Fueled by cloud computing, the internet, and algorithms, modern platforms can push out real-time, on demand services, support digital frameworks, and empower new ecosystems and economies.

Flexible foundations
Platforms are structures that allow multiple products to be built within the same technical framework. Companies invest in platforms in the hope that future products can be developed faster and cheaper, than if they built them stand-alone.

Platforms can:

• support other platforms e.g. Apple iOS, Google Android,
• provide digital tools for the creation of market places. e.g. Shopify and Magento
• facilitate their own retail markets e.g. Amazon and eBay
• deliver services e.g. Uber and Airbnb

Integral to payments

If you want to enable transactions, either from a physical location or a webstore, then you’ll need a payment platform.  This provides the core systems and technology that allow you to accept a sale. It can be contained in a POS, a mobile app or an ecommerce system.

Depending on your business, it can be simple (based on standard processes and templates) or complex with high degrees of customization including hardware and software integrations to enhance the customer-facing UX or to streamline back office processes.

If a platform is “open”, it will work with apps from third-parties and may support their development through Open APIs and software toolkits. Online payment platforms normally incorporate a processing gateway and some form of security software or process (e.g. point to point encryption and tokenization).

So, what are the benefits?
Apart from empowering organizations to do specific jobs, modern platforms using open-source software, cloud storage and computing provide the scale required to cut cost.

They grant immediate access to vast computing resources, and information and communication technology tools, lowering barriers to usage and opening opportunities to do much more with less resource and effort.  

For example, in the past five years or so, we have seen the rise of ‘payment as a service’ platforms where merchants can outsource or rent commerce capability rather than having to own or build entire computing systems. This makes payments an operational rather than a capital expense and reduces the burden of compliance (e.g. minimizing PCI DSS scope).

Creating new ecosystems
As businesses shift from traditional to digital models, services are becoming faster, cheaper and more accessible through apps and over the cloud. For example, video rentals have been replaced by the likes of Netflix, vacation rental and taxi businesses have been superseded by Airbnb, Uber and Lyft.

Increasingly, platforms are becoming economic tools with software layers added to facilitate apps that exploit data over the internet, creating new extended ecosystems. It’s likely we will see the emergence of more digital marketplaces as synergistic businesses collaborate and connect using central platforms to support new gamechangers such as IoT, blockchain and cryptocurrencies.

The result will be an explosion of service choice for users and many new revenue generating opportunities for merchants. Welcome to the platform economy!

Whether you’re accepting payments online, in-store, or both, all merchants need a payment gateway.  It’s a secure way for customers to enter their payment information, including credit and debit card details, on a website or at a point of sale (POS). 

What is a payment gateway?
A payment gateway is a software program that sits between the merchant and customer, often supplied and hosted by a third-party provider. It offers a secure pathway that requests and manages payment in order to take money from the customer and pass it into the merchant’s bank account.  It’s often described as ‘an electronic cash register for the virtual world’.

What does it do?
It has three essential roles – encryption, authorization and settlement.  First, it encrypts payment data, so it can move safely between the seller and the buyer. It then sends payment requests to the payment processor for authorization via the credit card or financial institution allowing the website/POS to move to the next action in the sales journey (confirmation, receipt, etc)…  Finally, it assists in settling the payment, completing the transaction and allowing for the transfer of funds between the buyer and seller. Some payment gateways also provide dashboards, analysis and reports on transaction status and payment performance.

How does it help?
A well performing gateway is good for customers. It helps ensure a seamless customer experience by enabling secure acceptance to happen in a matter of seconds. It’s good for merchants too. The payment gateway ensures smooth and accurate authorization.  If the payment is valid, the value will be exchanged.  If not, payment will be declined, which helps merchants avoid unnecessary chargeback fees.

What about PCI compliance?
Using a third-party, PCI compliant, payment gateway means that merchants never have to deal with sensitive credit card data. The gateway provider assumes responsibility for data traveling through the payment chain, thereby relieving merchants of PCI obligations and transactional security risks. (Learn more about payment data security here)

What else does it do?
As well as facilitating e-payment acceptance, the payment gateway can perform many other important functions. For example, order screening and tax calculation. It can also be used for geolocation services, providing a pathway to manage location-specific actions. Some advanced gateways can facilitate more than payments and can be used to manage and deploy value-added services directly to the POS.  Enriching point of sale with extra capabilities such as personalized customer and loyalty services and alternative payment options.

Aren’t gateways the same as processors?
There are many similarities but also some important differences. The gateway represents a system, whereas the processor is a ‘step’ in the payment chain. Processors analyze and transmit transaction data to the relevant issuing parties, a gateway does this too, but it also assists in the settlement process to facilitate the transfer of funds between buyer and seller.

Payment gateways and online payments

In order to accept online payments, organizers need access to a payment gateway and to hold a merchant account (or aggregator). The payment gateway has to be compatible with the shopping cart and needs to be integrated with the merchant account. Sometimes this means it can only be set-up after these are in place. Aggregators often offer a gateway in tandem with their merchant account e.g. PayPal.  Sometimes the same gateway can be used for in-store POS as well as for online and mobile transactions.

A powerful commerce investment

Payment gateways can help merchants to streamline processes and transactions, connect multiple channels and capture more than just payment data. It can seamlessly enable many additional commerce capabilities and offer in-depth analysis and at-a-glance reporting via useful transaction dashboards. Experienced payment partners, like FreedomPay, can help you discover new ways that payment gateways can empower your sales operation.