Posted November 13, 2019 by Bernard Clary

Recapturing Hospitality’s Magic Moments

There’s a magical moment in every really good hospitality experience where a customer thinks “these guys really get me”. The winning formula for anyone involved in the customer experience is that instant connection that not only seals the deal or purchase but leads to unquestionable loyalty.

The personal experience

Everyone appreciates the personal touch. Whether it’s a local barista remembering your regular order, a restaurant that knows you by name and your favorite table, or a hotel concierge that opens the door on arrival.

Replicating these small, highly personal moments, takes more than a responsive website, a cool app or an e-loyalty program. It takes a deep understanding of the individuals experience and their likes and dislikes.

In the face-to-face world this involves a two-way dialogue, personal interaction and engaging conversations. In the digital world, this is harder to achieve.

Combatting disconnect
The so called ‘uberization’ of the hospitality business (via remote, automated systems, mobile and web services) is perhaps in danger of reducing some customer interaction to ‘dumb’ transactions that take hotels, F&B, entertainment  and travel operators even further away from delivering the unique experiences they need to compete effectively.

But all is not lost. By integrating a data-driven smart commerce platform to include secure switching, real-time data, tokenization, and marketing opportunities  solutions, hospitality companies of all sizes can recapture those highly personal and magical moments.

How to deliver the personalized service

A data-commerce platform can generate and store transactional ‘tokens’. These can be used to identify and follow the customer on their sales journeys, tracking their spending and allowing insights to be collected and reused by functions including CRM and logistics.  Basically, acting as an identity broker to track consumers across different technology assets.

This gives businesses a 3600 view of the customer across channels, locations and brands. It allows them to share that visibility, in order to connect-the-dots internally, so they can achieve the ultimate goal – turning transactions into relationships.

The customer journey

So, how does all of this translate into a better valued experience for the customer?  In the simplest of terms, with a data-commerce deployment model, customers could expect to hear “yes” much more often: “Like to pay by mobile? No problem!”, “Prefer to be charged in a local currency? “Of course!”, “Want to use your loyalty points to upgrade and pay in our restaurant? Sure!”.

As well as offering greater payment choice across all channels, a data-connected platform can transform value and loyalty programs by allowing rewards to be effortlessly collected and redeemed across any sales or service point (and those of partners) with ease. Even without a card or membership number.

And that’s only the beginning…

Want to capture the magic for yourself?

Download a copy of FreedomPay’s latest report “Hospitality 2020+The Reasons Why We Talk About Data-Driven Commerce” and discover more.

Posted November 13, 2019 by Bernard Clary

How To Ditch Tech-Complexity That’s Holding Your Hospitality Business Back

We all want to deliver great customer services but realistically it’s not always possible when so much of the back-end tech system is built on legacy applications, siloed operations, outdated and slow machinery  

We all know that nothing ruins the service mix more than complexity, silos and dead ends, but what can be done to simplify it without throwing the whole lot in the trash can and starting again?

The easiest and most efficient way is to integrate with a more intelligent platform; surround and expand what you already have by adding a unifying element that brings the whole IT-function together.

The magic

For most hospitality businesses (restaurants and bars, to hotels and airlines), the secret ingredient comes in the form of an integrated data-driven commerce platform across all channels.

A platform commerce strategy will help deliver a more personalized service while making it easier for those behind the scenes to use data to create the relevant and high value experiences that keep customers coming back for more.

 So, how does it work? 

A connected data-commerce platform really does what it says. It’s a single platform (or gateway), that accepts, manages and stores transaction data – all within a secure network.

It can operate across sales channels, franchises and brands, locations and even countries and the transactional data which flows through it, is rich in customer insight including what, when, how and where they buy.

Now here’s the clever part – unlike traditional payment gateways, a commerce platform doesn’t just connect the traditional payment chain, it can also connect other systems functions including SaaS and software platforms, via open, in-house or proprietary APIs (or in some cases SDK’s).

With the right architecture, non-sensitive transaction data can be instantly routed to other functions such as CRM and ERP systems. This overcomes issues associated with traditional federated systems (like data isolation and lags), allowing valuable real-time data to be shared quickly, seamlessly and without complexity.

From finance and logistics to marketing and stock control, all your hospitality departments can now benefit from instant access to accurate, timely data that helps them manage operations more effectively.

Businesses can go ‘a la carte’ and customize, architecture, pathways and reports, selecting what information they need, where and when, and then using the gateway to make sure it’s delivered exactly to their taste.

But even more importantly, a data-connected platform also helps make services more appealing to consumers. Using tokenization and encryption, it allows businesses to recognize individuals, their preferences and behaviors.

This helps them evolve highly personalized services, push communications, offers and rewards. More targeted initiatives ensure greater engagement and higher ROI for customer acquisition and retention campaigns.


Unlike a closed propriety solution, an open data-commerce platform won’t lock you into a single roadmap, technology path or service model. Instead, you’ll have the freedom to experiment, grow and evolve, whatever the future holds in store.

Want to get started and learn more?

Download FreedomPay’s latest report “Hospitality 2020+The Reasons Why We Talk About Data-Driven Commerce”.

Posted November 11, 2019 by Bernard Clary

Understanding Tokenization

More than a buzzword, ‘Tokenization’ has gone mainstream, protecting merchants against the perpetual threat of omni-channel payment fraud and delivering the seamless, personalized experiences modern consumers love.  Indeed, for anyone wanting to enrich their customer sales journeys, tokenization is now a must.

That said many businesses, particularly smaller merchants and those in hospitality and travel have still to take the plunge. If you’re still undecided, here’s a quick snapshot to explain what tokenization does and how it can help you.

What is tokenization?

Essentially, tokenization protects bank account and credit card numbers by replacing the buyer’s primary account number (PAN) with a randomly generated alphanumeric code or a ‘token’.  This is linked to the payment method but has no exploitable meaning or ‘value’ for criminals as it cannot be reverse engineered to access the payment details.

How are tokens used?
Tokens are kept in a secure ‘virtual vault’ and can be transmitted across wireless networks and shared without risk to the original payment data. They can also be processed at the point of sale without any personal bank details being revealed. It lets you keep any sensitive data separate from your business systems, while allowing any transactions connected to the card or payment method to be tracked across various locations and channels.

What benefits does it offer merchants?

As well as adding an additional layer of security, tokenization helps streamline processes that involve follow-on transactions or repeat purchases by allowing your systems to ‘recognize’ the customer e.g. for e-receipts, one-click purchasing or to autofill payment pages. It also allows you to build a profile of their spending patterns and to provide insights for CRM and marketing to deliver more targeted loyalty programs, promotions and rewards.

Does it impact PCI?

Tokenization is often used in conjunction with PCI compliant point-to-point encryption, to minimize PCI scope, effort and cost for retailers. If no sensitive card data touches their system, it minimizes their risk.

What happens at the POS?
The consumer presents their payment card to the POS device or enters their card number manually on a webstore. The credit card number passes to a token vault (usually a third-party gateway) which generates a token. The token is passed back to the merchant’s system which associates the token with the customer. The merchant can store the token to use in follow-on transactions, such as future sales, voids or returns. All of this takes place instantly and is invisible to the customer.

Are their different types of token?

There are two types:  Single and multiple use. Single use tokens are used purely for data security to safeguard a single transaction and are not stored or linked to further transactions.  Multi-use tokens, on the other hand, can be stored and associated permanently with the customer’s payment method and can be retrieved whenever a customer presents it. For multiple locations, one token vault should be used for each destination as incorrect mapping can lead to cross-token issues.

What do you need to tokenize?
For tokenization to work, a payment gateway is needed to store sensitive data and to generate the random token.

Does it cost?
In most instances there’s no additional charge for the actual token but some gateways may charge a minimal fee to process it and for token storage. All in all, it’s a very small price to pay considering the benefits gained from fraud reduction and experience optimization.

While it’s easy to get caught up in the what and how, at the end of the day the real benefit of tokenization is that its invisible to the user, removes value for fraudsters, and reduces risk while unlocking opportunity for the retailer.

If you’re really serious about taking your retail business to the Next Level, then you need to embrace tokenization – not just for security and compliance but as an important part of your customer-facing strategy. Understanding how it works is just the first step of the journey.

Posted November 11, 2019 by Bernard Clary

Delays And More Delays – What’s Happening With SCA?

Strong Customer Authentication (SCA) is a key part of the European PSD2 standard and is hotly anticipated to be one of the most important legislations affecting the financial and retail sectors.

Although scheduled for 14 September 2019, its implementation in the UK has been delayed by 18 months to give businesses more time to meet the new requirements. According to the UK’s Financial Conduct Authority (FCA), UK businesses now have until March 2021 to comply.

But reactions to the hold-ups have been mixed. With fraud rates on the rise, some players are frustrated at the delays to consumer security. Others are expressing relief that they now have more time to iron out potential technical issues before they go live.

Are businesses ready for SCA?

Under SCA, online transactions where both the business’s payment provider and the cardholder’s bank are located within the European Economic Area (EEA), at least two of the three following methods are required:

  • Knowledge: something only the user knows, such as a password.
  • Possession: something only the user possesses, such as a token or mobile phone.
  • Inherence: something the user is, such as a biometric element (e.g. fingerprint recognition).

It mainly impacts card payments made over the internet as customer present EMV transactions are already 2-factor authenticated – with a chipped card (possession) and with a PIN (knowledge).   There are also some SCA exemptions e.g. for transactions below €30, reoccurring subscriptions, whitelisting and corporate payments.

Although they’ve had nearly two years to prepare since the initial announcement, UK retailers have been kept busy dealing with other regulatory standards including GDPR, PCI and PSD2 – not to mention the distractions caused by uncertainty around Brexit. Without the SCA extension, many businesses would simply not have enough resource or investment available for the systems and processes required to facilitate multifactor authentication.

How does the market feel about SCA progress?

Given the rising incidence of fraud, many in the industry want to see enhanced, secure digital experiences fast-tracked. At the same time, some are feeling overwhelmed at the complexity and its impact on the customer experience.

To help accelerate SCA and reduce potential friction, lots of retailers are looking at mobile and biometric based authentication as a possible route to compliance. UK retailers will be able to use the delay as ‘breathing space’ to explore new authentication approaches more fully, to implement any technical fixes and minimize disruption – particularly in online transactions.

However, it’s vital that they are ready for the next deadline to fulfil the security promise of PSD2 and to prevent consumers from being disappointed.

Will SCA add drag to frictionless payments?

There is a fear that too much complexity at the checkout will drive sales conversion down.  Merchants are working with the industry and their providers to minimize SCA’s impact on the UX.   There may be some extra security steps for the consumers, but most will welcome this if it means they are better protected. It will also make them more confident particularly when making higher ticket spends online.

We believe that the focus in the next few months will be facilitating secure experience while ensuring the customer has a frictionless user journey, creating faster, better and more ‘seamless’ SCA technology. Having digital core processes and gateways is crucial to helping merchants adapt effectively and accelerate new innovations.

There is always the danger that, in super-fast one-click digital economies, SCA will turn some consumers off. The secret to overcoming this could be using the consumers own technology and familiar processes to ease the experience. Many are very comfortable with smartphone biometrics, for example, and regularly use their phones as part of the authentication process for banking, loyalty and retail apps. Done properly, SCA should become as intuitive to future shoppers as  chip and PIN is for many today.

Posted October 31, 2019 by Bernard Clary

GDPR – Why It’s Important And Why You Can’t Ignore It

It’s been well over a year since GDPR was introduced, and France, Greece, Romania, Sweden and the UK have all seen the first casualties of non-compliance.  As EU organizations struggle to come to grips with the new legislation, we take a closer look at GDPR, what it is and why merchants can’t afford to ignore it.

What is GDPR?
The General Data Protection Regulation (GDPR)  is an EU law that came into effect on May 25, 2018. GDPR applies to the handling of any personal data processed within the European Union and the European Economic Area. It was designed to protect consumers’ personal data in the modern digital world.  It gives them more say in what information companies keep on them and how it is used and shared – especially online.

GDPR requires businesses to get consent from the consumer before it stores their details. The introduction of GDPR was marked by a flurry of activity as organizations mailed customer contacts for permission to retain their existing data, while also allowing customers to opt out.

Secondly, GDPR protects consumers against data misuse. It stops organizations from collecting data for one activity and then using it for another e.g. saving an email to send a receipt and then using this to issue a newsletter or promotional offer.

Lastly, it sets out notification procedures that have to be followed in the event of a data breach, including informing customers and safeguarding their data from further harm. This includes a 72-hour breach notification requirement and process.

Why GDPR cannot be ignored
GDPR has the power to fine organizations that fail to comply.  Fines can be up to 4% of a company’s ‘global’ annual turnover.  If you are hit with a data breach, or other incident, how your organization responds can determine how severe the costs are, in terms of both public backlash and regulatory penalties.

It is best to always follow best practice in terms of consent, user and document management, security and response, to ensure you meet compliance guidelines and make sure you have a solid audit trail in place. That includes making sure any third-parties you outsource to are GDPR compliant too. If process and due diligence is not followed, then hefty fines are waiting. For example, the first big ‘headline’ fine was Google in France, who was charged €50 million ($56.8 million USD) for data misuse. Other smaller fines have been instigated across Europe, in many cases connected to data misuse. Interestingly if the Cambridge Analytics Scandal had occurred after GDPR was introduced, the fine they received would have been far more severe.

Why GDPR matters for businesses in the US
Although part of EU legislation, GDPR impacts businesses all over the world because it also covers the ‘transfer’ of personal data to countries outside the EU and EEA. This means GDPR doesn’t just affect European companies but any organization selling to, or holding information on EU consumers.

As momentum for similar consumer privacy regulations grows, other countries including Japan, Canada and Korea are looking to tighten data security. It’s likely that new standards will closely resemble GDPR. For example, we have already seen signs of this here in the US, with the California Consumer Privacy Act, which will come into effect next year.

At the end of the day, merchants should never put their brand at risk by ignoring regulations like the GDPR.  Make sure you review your data protection strategy regularly and, if there is no formal process, don’t delay in putting one in place.

Posted September 26, 2019 by Bernard Clary

What Does It Mean To Be PCI Compliant?

The PCI DSS is an important global security standard that’s been helping to safeguard retailers and their customers for over a decade. Covering all channels – online, in-store, mobile or MOTO – it ensures that the right controls are in place to safely store, transmit and process customers’ sensitive payment data.

Failing to comply can expose merchants to extra card charges and potential fines and make them easier prey for fraudsters.

Unsurprisingly, most European businesses are now either PCI compliant, or in the process of gaining compliance. Smart merchants will have managed to reduce their scope, using PCI point to point encryption (P2PE) and tokenization, or have successfully shifted the responsibility to others by outsourcing to a PCI approved ‘payments as a service’ provider.

PCI Compliance is more than a box tick
For many merchants, however, there’s still lots of confusion about what PCI compliance means for their business and what they have to do in order to ensure their systems remain secure.

Often approached as an annual ‘box-ticking’ exercise, PCI compliance can become a huge and onerous task, causing disruption and a drain on resources. Unread documentation, poor systems and bad implementation can lead to a frenzy of activity when the audit is due or QSA representatives are expected.

PCI compliance is not a once a year activity. It has to be a living breathing part of daily/weekly/monthly operations and actions, which are not only adopted but monitored and updated regularly (not just prior to a PCI audit).

Everyone involved in maintaining the data chain needs to understand their role, their actions and their reporting process. And checks must be in place to make sure that they adhere to them.

Making it easier

Automation can take much of the pain out of managing this process – as does reducing scope using PCI P2PE and tokenization. Software tools can help monitor, analyze, record and event-flag systems, and control information flows and access. Just like people, these tools need TLC and may need to be configured and tweaked on an on-going basis, as threats evolve, and standards tighten.

Some merchants may even choose to outsource eCommerce, using end-to-end solutions to remove their IT and compliance burden by shifting responsibility to the provider. In this case, they must make sure their payments partners are PCI compliant and seek assurance that they are monitoring and maintaining their payment environment effectively.

Keeping security front of mind

It goes without saying that being PCI compliant (or out of scope) doesn’t make a merchant invincible. Additional anti-fraud solutions and security processes may be required to keep data protected. It’s always a good idea to undergo regular vulnerability scans to spot any issues before they become a problem.

At the end of the day, the PCI DSS is not fixed but is constantly evolving – as are security threats and vulnerabilities.  PCI compliance is not a destination, it’s a journey.  Retailers should understand this and work with their internal teams and external solution providers and partners to make sure their payment systems are constantly up to standard.

Posted September 23, 2019 by Bernard Clary

How Payment Terminals Are Driving Revenue In North America

The past few years have seen the wholesale transformation of America’s checkouts. The introduction of EMV in 2015, followed by a shift in liability card rules, has driven vigorous investment in point of sale (POS) infrastructure – dramatically changing the ‘commerce’ landscape and heralding an explosion of innovation at the POS.

This is driving richer services and opening up new lucrative revenue streams for merchants.  So, how are merchants exploiting this to attract, convert and retain more customers?

Exploiting POS Potential

Firstly, they are realizing that replacing their POS is not simply a ‘like-for-like’ decision. Technology has moved on significantly since their last upgrade. Modern POS devices are not dumb like their predecessors. They are powerful and smart with more memory, more processing power and more functionality than ever before.

They can take payments from all cards (including EMV), by contactless, by phone, from mobile wallets and, in some cases, accept crypto-currencies. They’re different on the outside too – often with full-color touch screens and multimedia capability.

Importantly, POS devices now come complete with their own software platforms and can be connected via the cloud to powerful payment gateways that can drive more than just acceptance.  POS software is now a big US market with marketplaces and downloadable apps popping up regularly. These can be back-end facing – helping to make retailers more efficient through stock management or integrated order processing – or customer-facing, facilitating exciting new checkout services like e-loyalty and personalized promotions.

Increasingly, POS devices are portable, fully mobile or integrated with tablets and smartphones to bring a whole new world of acceptance and digital service straight to the consumer, instore and out.

Show me the money!
Armed with all this potential, where are North America’s merchants finding the biggest returns?

Attracting and Activating Buyers
With so much functionality, retailers are using the POS to encourage referral and uplift with apps and add-ons that boost AOV and loyalty.  Point of sale marketing is now a key part of the marketing mix and is being used hand-in-hand with other marketing materials to remind customers of the product as well as offering incentives to buy. They are making full use of POS displays to engage and persuade new customers to spend.

Busting lines
Faster checkouts mean more throughput and higher sales. 88% of US consumers want their retail experience to be faster and US merchants are responding with self-service, kiosks and mobile POS. Contactless also has huge potential here. While just 3% of US transactions are currently contactless, its anticipated that this will rise as banks roll out contactless cards. By 2020, 56% of all US cards are expected to be contactless.

Consultative ‘smart’ selling
Personal interaction by ‘Savvy’ sales associates at key decision times pays dividends. That’s why US stores are arming staff with sales enabling tools such as integrated tablet/smartphone POS.  Boosting sales through consultative ‘digital’ selling, this is also raising productivity with ‘at a glance’ stock management and sourcing.

Turning data to dollars
Actionable data collected by smart POS systems is the new gold rush for US merchants. They’re using real-time POS reports to mine better insight on their operations (making them more efficient), on their customers (using tokenization to track their journeys and preferences) and on their marketing effectiveness (delivering more targeted promotions and incentives.)

Flexible payments

According to the US Census Bureau, Millennials now represent over 83 million people, (around a quarter of the U.S. population).  But Only 33% of US millennials own a credit card. To tap into these segments, US merchants are offering new instant finance and payment solutions at the POS e.g. Klarna, AfterPay and AliPay.

Rewards that count

Increasing customer retention by just 5% is shown to boost profits by 25-95%.  US merchants are shifting loyalty programs from simple points-based or voucher systems to targeted marketing campaigns that push out mobile coupons or offers based on specific customer behavior.

Customized checkouts

Gone are the days of one POS fits all. US merchants are exploiting over-the-cloud updates and payment gateways, to customize POS functionality so they can deliver better experiences and higher service profitability. Restaurants, for example, are using the POS to split checks, search menu items, track server performance, process online and tableside orders, report trends, void or comp items, track what menu items are selling well, and even train new employees.

It’s easy to see that the POS is not just about acceptance but also about delivering great sales ‘experiences’ that lead to higher revenue for the retailer.

As US merchants strive to make their goods more attractive and easier to buy, they’re increasing demand for open integrated commerce solutions from payment partners like FreedomPay, who can help them find new ways to inspire, educate and inform customers at the POS.

Posted August 23, 2019 by Bernard Clary

Stop Hackers Finding Gold in Your Data: A Quick Guide to P2PE

With so many touchpoints in the customer sales journey, it’s getting harder to lock-down retail payment chains against fraudsters (losses on UK-issued cards totalled £671.4 million in 2018). For many physical retailers, PCI compliance alone is no longer enough to ensure data security, protect customers and safeguard their business and reputation. That’s where point-to-point encryption (P2PE) comes in.

Why is P2PE important?

P2PE provides merchants with one of the most significant ways to minimize the risk of criminals stealing their cardholders’ data during in-store, face-to-face, card-present transactions.

What does it do?

P2PE protects credit card data from the point of sale (POS) as it travels through a merchant’s local network and across the internet before it reaches the payment processing system at the acquirer’s end.

How does it work?

It does this by encrypting data immediately upon entry from a payment terminal connected to the POS device to the third party secure environment where it is decrypted before authorization – from the starting point to the end point – hence its name. This encryption method utilizes complex encryption keys controlled by a P2PE solution provider, ensuring the merchant, or any third party, has no means of accessing the data traversing the network.

Why does this help?

Encrypting card data in this manner, means that even if a fraudster manages to capture it, they are unable to access the user’s ID or card data, without the relevant encryption/decryption keys. So, sensitive payment data can be safely sent through the entire payment chain without risk of compromise.

What about PCI Compliance?

P2PE is like a booster for PCI DSS – it goes further, is more exacting and safer than PCI DSS alone. And it makes achieving PCI compliance much simpler and less expensive too! That’s because it effectively takes the POS system and payment platform out of PCI scope, reducing time, effort and cost of compliance (but only if you use a PCI approved P2PE solution and provider, and follow the correct operational procedures).

Will it stop retail fraud?

No, it doesn’t prevent fraud using lost or stolen cards, but it does prevent criminals from accessing card data at the point of sale or while the cardholder data is in-transmission from the POS device to the payment processor.

Does it stop merchants using transaction data?

Not if you use it in tandem with a tokenization solution such as FreedomPay CardStorTM . This replaces the cardholder’s primary account number (PAN) with a ‘token’. Retailers can use tokens to identify the customer – for loyalty programs or automated form filling – and to supply transaction-based information to CRM systems and for business intelligence.

Is it hard or expensive to implement?

It can normally be integrated easily as part of your payment solution or platform using a PCI P2PE toolkit to provide the relevant encryption keys/pathways. If in doubt speak to your authorized payment provider. Any additional costs can often be quickly offset against time, effort and cost savings from PCI scope and audit reduction.

Still need to be convinced?

Here’s a quick summary of the benefits:

1. Simplifies PCI DSS compliance, reduces scope and cost
2. Extra data security without compromising customer experience
3. Minimizes risk of fraud, data breaches and subsequent fines, loss of custom and reputation
4. Data protection that keeps payment services simple
5. Used with tokenization, won’t affect loyalty programs or other commerce platforms
6. Software-based, easy to integrate – especially with FreedomPay.

Read more about payment security here.