X
Posted May 11, 2022 by FreedomPay

How the Convergence of Payments and Tech is Leading to Connected Commerce Models

By: Peter Georgopulos, VP of Sales, Omni-Channel Payments at FreedomPay

It’s 2022, and once again consumer behavior has changed due to circumstances outside the control of your organization. Geopolitical events, pandemics, inflation & social media noise have all influenced consumer behavior while retailers have been in a tailspin for the last decade trying to keep up with new competitive pressures from major online providers, ever increasing compliance regulations, and the daily threat of a data breach.

In many cases, technology investments have been made to solve for these types of challenges with the promise that they would also enable omni-channel sales experiences. When the crisis de jour arrived, many organizations could only respond with broad tactical payment solutions. Alternative payments, BNPL (Buy Now Pay Later) payments, and Contactless payments were the typical response. This “one-size fits all” approach provided some benefit, yet did little to enhance the relationship customers had with their favorite store or restaurant.

Indeed, many retailers soon figured out that their investments provided a multi-channel payment solution, not an omnichannel one for the customer. Multi-channel solutions focus primarily on being able to take a payment at various sales channels, tokenize it, and securely transmit it to the processor/acquirer of your choice. Simply put – these abilities are table-stakes in today’s digital world. A true omnichannel payments approach puts the customer at the center of it’s strategy.

Knowing, quite literally, “who” is buying, “what” they are buying, “when” they are buying, and “where” they are buying can be a burdensome task for many companies, but it is critical in today’s world. The challenge providing this solution often lies in legacy technology silos within the payments ecosystem (be it your own, or your solution provider’s). Due to the rapid pace of retail and ever evolving changes in the payments industry, many companies have had to boot strap legacy technology silos together to meet near term market demands.

In-Store payments often will use one platform, eCommerce transactions another, and loyalty & incentive programs yet another. Integration between these disparate systems never ends as new payment types and sales channels continue to emerge. So much time, energy and budget are spent on simply enabling data to pass from one system to another that there is no time to focus on the actual customer generating the revenue.

Retailers must be able leverage data from their loyalty systems, POS payment system, mobile App/wallet, as well as their website. Artificial Intelligence driven business data platforms can then provide powerful insights about your business. For example, by juxtaposing customer provided profile data with historical transaction activity retailers can gain deep insights into the needs of the consumer, and subsequently craft unique experiences/offers that align with these needs.

In summary, an omnichannel payments approach puts the customer first. It recognizes that mobile and social media platforms have enabled customers to use channels simultaneously and a coordinated approach to influence this behavior is required. Understanding your customers historical shopping patterns AND providing individualized incentives to influence their behavior is the key to staying relevant in today’s digital economy. Do all of this while providing a frictionless payment checkout and you will indeed have an omnichannel strategy that delights your customers and grows your revenue!

SHARE NOW
Posted April 25, 2022 by FreedomPay

Does Apple’s Point of Sale Software Mark a New Dawn for Retail Payments?

By: Paul Snelling, Director of Platform Solutions at FreedomPay

Working in Payments — while very rewarding — isn’t exactly showbiz. However, Apple — world leader in ultimate cool tech — could be about to change this by shaking up how we pay. Could my job become a crowd-pleaser?

Apple has a long, substantive history of adopting new technologies and product designs. It hasn’t always developed emerging tech. Instead, pioneering easily adoptable tech and driving it to a mass market, global audience has positioned Apple among the world’s largest and most profitable companies. Apple recently announced its upcoming software update, Tap to Pay, enables iPhones to serve as a card payment terminal, demonstrating the multinational’s latest pioneering, technological focus on the Payments industry.

Could the Tap to Pay iPhone software update become a viable, mainstream alternative to the traditional payment terminal? Will consumer devices and SoftPoS (Software Point of Sale) replace merchants’ in-store hardware?

In my opinion, Apple entering the Payments market is very positive. The move will validate the use case for enabling contactless card payments using consumer devices as payment terminals. FreedomPay customers and partners are lining up to get on board, asking when FreedomPay will enable Apple Tap to Pay. Until Apple’s announcement, I’d considered myself ahead of the curve in my personal approach to SoftPoS: advocating turning Android devices into payment terminals. I’m excited that this vision is a step closer to reality. Nevertheless, the development presents many more questions than answers for the Payments Industry.


Does Tap to Pay mean that Apple will penetrate Merchant Services?
No. Or at least, not yet. Apple has announced partnerships with payment goliaths such as Stripe and Shopify. Apple will retain consumer control through Apple Pay, and merchant control through Tap to Pay.

However, there is nothing to prevent the tech giant cutting out the traditional acquirers and processors if they acquire a merchant services license. Akin to the recent acquisition of Credit Kudos, a British company which enters Apple into the world of Open Banking and replacing the need for a partnership like it’s one with Goldman Sachs in the US, to be able to offer device financing.

It seems that Tap to Pay could financially benefit merchants by reducing the costs associated with accepting payments.

Merchants highly value a straightforward, seamless payment experience for their customers and team. They tend to care less about the players involved in the transaction ecosystem than about receiving timely, secure payment into their account for goods or services provided.

If SoftPoS providers can simplify and reduce the cost of customer-present payment acceptance, mass adoption is a distinct possibility.


Is SoftPoS Secure?
Handling of consumer payment data using traditional payment terminals must comply with P2PE, a secure strict standard set by the Payment Card Industry Council. A P2PE-approved solution is table stakes for a provider to bid to sell or rent payment terminals to merchants. This requirement becomes even more stringent with sizeable merchants.

P2PE does not apply to SoftPoS. The PCI Council recently defined new standards for the secure capture of card details and authentication credentials, such as PIN numbers. The measures are under review by a limited industry audience, with an aim to make them visible to all industry stakeholders towards the end of 2022.

Defining standards to protect our data across devices within an open ecosystem like Android can be an arduous and complex task. Apple’s closed ecosystem has a distinct security advantage. But as it is not regulated by an independent body, what risk could Tap to Pay pose to consumer data?


Will SoftPoS replace traditional payment terminals?
An industry shift towards SoftPoS won’t happen overnight. Major merchants utilize integrated solutions across thousands of PoS and PMS. On the other hand, many SMEs do not own their payment terminals.

Payment terminals typically cost $200-$800 to buy or $15-$40 a month to rent. Whether a merchant owns or rents a number of devices impacts heavily on the cost of changing to a SoftPoS.

Configuring an iOS or Android device with an NFC reader into a secure payment terminal may reduce costs associated with payment processing and impact a merchants’ bottom line.

At technology evolves, merchants may eventually be forced to replace their terminals, just as we’ve swapped our Nokia 3210s for smartphones.

Disruption is rife throughout the payments industry. Options that challenge the use of scheme branded cards to settle transactions at a Point of Sale are emerging. Companies like FreedomPay, with its agnostic approach, are set to benefit greatly. Additionally, Biometric technology and QR Codes remove the need for NFC readers and can offer consumers secure payment solutions.

From a consumer perspective, there are huge disparities in the readiness of consumers to embrace payment technologies such as contactless payments, digital wallets, and SoftPoS. This can vary by geographic region or demographic. Tapping our cards against smartphones and other consumer devices could become commonplace over the next 5 to 10 years. Or will a wave of alternative payment methods drown out the SoftPoS revolution entirely?

FreedomPay was the first to market with a P2PE approved EMV solution for North America, as well as the first QR code-based BNPL in-store solution in the US. FreedomPay is closely following the PCI Council’s assessment of the MPoC security standards. This industry standard for SoftPoS is scheduled for release later in 2022, after which FreedomPay will be ready to add this proposition to our Next Level Commerce Platform.

As an industry, we must approach technological changes with positivity and collectiveness. With any industry, change is inevitable, but it’s not the change that matters. It is how we adapt and embrace it that will ultimately determine how the future of payments unfolds.

SHARE NOW
Posted January 20, 2020 by FreedomPay

Top 5 Payment Security Trends in 2020

Fraud is on the rise. With deep pockets and creative minds, fraudsters and cybercriminals are becoming increasingly organized, sophisticated, and focused on the low hanging fruit that exists within the retail space.

The security playbook has widened, and now includes EMV, PCI DSS, and point-to-point encryption (P2PE), with new regulations such as PSD2’S SCA tightening up vulnerabilities. In addition, robust anti-fraud solutions are now part of most card acceptance POS and payment gateways.

As the data protection battle continues, there are some strong security patterns emerging:

• CNP payment fraud will continue to rise and fraudsters will get increasingly sophisticated

Squeezed out of the traditional payment chain, criminals are increasingly targeting remote Customer Not Present (CNP) transactions where shoppers’ data is especially vulnerable.
According to Juniper Research, online payment fraud will top $22 billion this year—and could reach $48 billion by 2023. Fraudulent attacks are becoming more sophisticated using tactics such as phishing, ID theft, pagejacking, wire scams, and merchant ID fraud. In 2020, watch out for ‘imposter bots’ that exploit the growth of AI-driven chatbots for online customer support to draw out payment details and other sensitive information from established retail websites.

• Tokenization will become more widespread as merchants seek to secure the payment chain while delivering more personalized and connected services (including IoT)

Tokenization replaces sensitive payment data with a randomly generated token that lets their transaction be tracked and their ‘footprint’ remembered making it ideal for CRM, loyalty and personalized promotions. The merchant does not touch, or store payment data and fraudsters can’t reverse the token to access account details. By 2020 it’s expected that there will be 20 billion IoT devices, a proportion of these will no doubt facilitate transactions too, creating a whole new window of opportunity for fraudsters. Tokens can be used across all channels and can even facilitate transactions between devices in IoT environments.

 

 

• New forms of authentication will emerge fueled by PSD2’s SCA requirement which comes into effect in 2019 (EU) and 2020 (UK)

Strong Customer Authentication (SCA) will soon become essential for retailers in order to ensure compliance with PSD2. Each transaction will require two different types of authentication taken from three criteria (something you own, something you know and something unique to you). With a physical card and a PIN, EMV already meets the criteria. However, for CNP and online transactions, it’s not so easy, with extra passwords and registrations increasing friction and possibly dropped sales at the checkout. To prevent this, merchants may turn to ‘customer-familiar’ smartphones and biometrics to ease the process. They will be supported by the likes of MasterCard, who are already championing biometric authentication.

• Anti-fraud solutions will deliver better security decisions with less friction for legitimate buyers

Advanced, risk-based decision-making for e-commerce will help to reduce CNP fraud using updated standards from EMV 3D-Secure. Examining 10 times more risk factors than before to help decide whether step-up authentication is required. In addition, companies that facilitate digital payments will likely layer 3D-Secure with other advanced analytics technologies like artificial intelligence, to help analyze for fraud. Across retail, self-learning neural models will be used to automatically spot patterns much more swiftly. They will also enable closer rules setting and customization – essential for peak periods such as Black Friday – to minimize false declines and reduce the incidence of chargebacks.

• Merchants will have to tighten up their processes – whether mandated or not

It’s not possible for technology alone to fully eliminate retail fraud, especially for online stores. Like all hi-tech environments, people, and processes are often the source of inadvertent breaches. Retailers will have to continually update network security systems including firewalls and antivirus software, train staff and maintain audits to keep their defences high and information safe. Expect to see more security specialists employed full-time, even within smaller merchant organizations.

• Security will become a core differentiator for selecting a payment service provider

Businesses will be more proactive in their cybersecurity strategies when it comes to protecting the consumer. As senior execs and boards are increasingly held accountable, security is moving beyond a simple compliance tick-box towards a real corporate imperative supported by organisational wide procedural frameworks. Reflecting on this, security will become a critical differentiator ahead of reliability and costs for merchants seeking payment partners and providers.

While there are a plethora of security add-ons and antifraud software available, merchants shouldn’t forget the basics. This includes maintaining awareness of the latest fraud regulation and ensuring systems (and those of providers) are verified and compliant with all the latest standards; specifying PCI point-to-point encryption (P2PE) and tokenization for all payment platforms.

With GDPR necessitating clear policies for storing and handling ‘all’ customer data and the reporting of data breaches, retailers must make sure the right processes and training are in place to support these too.

If in doubt, payment partners such as FreedomPay, are often first to spot new security trends and can provide practical support and guidance to help keep businesses and their customers safe.

 

 

SHARE NOW
Posted August 23, 2019 by Bernard Clary

Stop Hackers Finding Gold in Your Data: A Quick Guide to P2PE

With so many touchpoints in the customer sales journey, it’s getting harder to lock-down retail payment chains against fraudsters (losses on UK-issued cards totalled £671.4 million in 2018). For many physical retailers, PCI compliance alone is no longer enough to ensure data security, protect customers and safeguard their business and reputation. That’s where point-to-point encryption (P2PE) comes in.

Why is P2PE important?

P2PE provides merchants with one of the most significant ways to minimize the risk of criminals stealing their cardholders’ data during in-store, face-to-face, card-present transactions.

What does it do?

P2PE protects credit card data from the point of sale (POS) as it travels through a merchant’s local network and across the internet before it reaches the payment processing system at the acquirer’s end.

How does it work?

It does this by encrypting data immediately upon entry from a payment terminal connected to the POS device to the third party secure environment where it is decrypted before authorization – from the starting point to the end point – hence its name. This encryption method utilizes complex encryption keys controlled by a P2PE solution provider, ensuring the merchant, or any third party, has no means of accessing the data traversing the network.

Why does this help?

Encrypting card data in this manner, means that even if a fraudster manages to capture it, they are unable to access the user’s ID or card data, without the relevant encryption/decryption keys. So, sensitive payment data can be safely sent through the entire payment chain without risk of compromise.

What about PCI Compliance?

P2PE is like a booster for PCI DSS – it goes further, is more exacting and safer than PCI DSS alone. And it makes achieving PCI compliance much simpler and less expensive too! That’s because it effectively takes the POS system and payment platform out of PCI scope, reducing time, effort and cost of compliance (but only if you use a PCI approved P2PE solution and provider, and follow the correct operational procedures).

Will it stop retail fraud?

No, it doesn’t prevent fraud using lost or stolen cards, but it does prevent criminals from accessing card data at the point of sale or while the cardholder data is in-transmission from the POS device to the payment processor.

Does it stop merchants using transaction data?

Not if you use it in tandem with a tokenization solution such as FreedomPay CardStorTM . This replaces the cardholder’s primary account number (PAN) with a ‘token’. Retailers can use tokens to identify the customer – for loyalty programs or automated form filling – and to supply transaction-based information to CRM systems and for business intelligence.

Is it hard or expensive to implement?

It can normally be integrated easily as part of your payment solution or platform using a PCI P2PE toolkit to provide the relevant encryption keys/pathways. If in doubt speak to your authorized payment provider. Any additional costs can often be quickly offset against time, effort and cost savings from PCI scope and audit reduction.

Still need to be convinced?

Here’s a quick summary of the benefits:

1. Simplifies PCI DSS compliance, reduces scope and cost
2. Extra data security without compromising customer experience
3. Minimizes risk of fraud, data breaches and subsequent fines, loss of custom and reputation
4. Data protection that keeps payment services simple
5. Used with tokenization, won’t affect loyalty programs or other commerce platforms
6. Software-based, easy to integrate – especially with FreedomPay.

Read more about payment security here.

SHARE NOW
Posted April 17, 2019 by FreedomPay

The Advanced Payment Platform for the Entire Commerce System [Q&A]

The modern world of commerce places the consumer first. Today, there are unified commerce platforms that serve in all major sectors of the economy. A commerce platform is basically a single, centralized platform that offers customer engagement in real-time. We have with us FreedomPay- a leading global commerce platform serving leaders in retail, hospitality, gaming, education, healthcare, financial services, and the US government, serving over 20 federal agencies.
Let’s hear more about the success of FreedomPay from the founder and CEO, Tom Durovsik.

What motivated you to start FreedomPay?

In 1995, I was a very successful business executive driving global growth across consumer products and direct marketing. I was intrigued by the new medium “internet” and all forms of emerging technology. I felt a strong desire to get involved in technologies that had the potential to change the world. I founded my first internet startup in 1996 and since then have been involved in SaaS, Cloud Computing, Big Data, Security, Mobility and other technologies that are powering global business and commerce.
How do your products and services contribute to your company’s excellence?

FreedomPay is unmatched across the world as a Unified Commerce Platform providing payment, loyalty and security solutions that enable customers to have a “frictionless” experience. We built the FreedomPay Commerce Platform from the ground up to meet the demands of consumers and merchants on a global scale. The industry is struggling with how to merge legacy technologies that are not prepared to support global commerce- and new emerging Fintech services including technologies outside mainstream commerce. FreedomPay is the platform that unites a growing array of technologies across the world to deliver a single seamless experience.

Commerce is the lifeline for all of our customers. The ability to transact and fulfill the customers’ expectations is job #1. Our Platform must be bulletproof and requires we invest in the finest Software Development and Network Infrastructure assets to support rapidly growing business globally.

What distinguishes you from your competitors and how do you utilize this to your advantage?

Our technology stack is what separates FreedomPay. We employ a continual reinvestment strategy into technology and as a result, our solutions keep getting better. Our technology is disruptive to the status quo; what banks, processors and legacy point-of-sales providers can deliver is simply inadequate. Our global customers are using the FreedomPay Commerce Platform as a competitive advantage and we deliver our solution to companies like MGM Resorts International, Citibank, and HMS Host, who are leaders in commerce technology.

Tell us about your corporate culture. What role does it play in interactions with your clients?

Our team is not taught to “sell” but to “solve.” We bring solutions to our customers that will fuel their business, on a global scale. There is no other company in the world who can deliver on this promise. As a result, we become trusted partners with our customers and it’s ingrained in our corporate culture. Did I mention we have not had an Enterprise Customer leave our platform in over a decade? This is unheard of in the industry and something our entire team acknowledges with pride!

How do you bring in a strong workplace culture?

Every employee shares in the company’s success and profitability. Our culture values customers and winning! We invest in our team members with events, celebrations and a strong focus on community service. We empower team members to do their jobs. We hire people that bring knowledge, experience and who can drive innovation and continually add to our capabilities and subject matter expertise.

What are your goals for improving customer experience?

Continued innovation and reinvestment in emerging technologies. We see Mobility, Shared Networks and Platforms, Big Data and Identity as areas to focus in the future.

How do you motivate your employees to enhance productivity?

As a hyper-growth company growing +70% CAGR for the past 5 years, it is important to 1) hire the right people and be selective; 2) train the team and build skill sets essential for growing careers and customer successes; and 3) keep the workplace an exciting environment with constant innovation and technical prowess. We do not rest on our past successes.

What is your memorable moment in business career?

In the 1990’s I ran a global conglomerate with 5,000 employees across 70 countries. Thinking back, we did not have the benefit of the internet or mobile phones. Imagine the changes in productivity, efficiency and communication these technologies have brought! This was the pivot that’s most memorable in my business career and informs my view and vision of the FreedomPay Commerce Platform “to have a similar transformational effect on the future of commerce.”

What developments or changes do you see having the biggest impact on your business and industry over the coming year?

Stay tuned, we will be announcing developments later in 2019 that will change commerce as we know it today!

This article first appeared in CIO Bulletin.

Tom Durovsik, Founder & CEO
A marketing and new product development executive, Tom has held leadership positions with some of the world’s most recognized consumer brands, followed by a string of highly successful startups focused on emerging technologies including; Internet, SaaS, Cloud Computing, Big Data, Security and Mobility. Tom has built a strong reputation in the business community as a focused leader, a strong hands-on operator, new products visionary and a successful entrepreneur capable of scaling growth globally.
In 1995 Tom founded Intelihealth in partnership with US Healthcare and Johns Hopkins University becoming the first company to provide branded healthcare information to all forms of electronic media globally. Aetna, Inc. acquired Intelihealth in 1999. Tom and his wife are founding members of the Cancer Support Community, a global nonprofit that provides emotional support, education and hope to cancer patients and their families.
“FreedomPay is the engine inside the world’s expanding yet interconnected ecosystem of commerce.”
“We make payments smarter. And utopian commerce possible.”

SHARE NOW
Posted April 17, 2019 by FreedomPay

Where Has it Gone Wrong for the Brick and Mortar Retailers?

It is always sad to see an iconic British high street name like Debenhams fall by the wayside as several have done in the last few years. While there could still be hope for Debenhams, the latest in this sorry roll call, with a number of players vying to take control and turn it around, it has sent yet another warning message to other high street stores hoping to ride out brick and mortar’s decline.

It is abundantly clear that the brick and mortar model has been struggling for a number of years. Shrewd merchants have been adapting their strategy to compete with e-commerce and align with the ever-changing retail landscape, and those who haven’t adapted fast enough have felt the hit.
The convenience and speed at which online purchases can be made have been key factors in the migration of large chunks of market share from high street to online. Enormous overheads from rising rents (£4.3bn in operating lease commitments in Debenhams’ case) and the need for high numbers of staff, equates to high (and rising) costs with decreasing sales – a formula that even the best chief executives might struggle to work with.

While it would be foolish to say that all brick and mortar businesses are doomed, it is imperative for decision makers to review their strategy even if, so far, it has been working for the last 50 years; consumer needs and wants are rapidly evolving and loyalty programs need to keep pace with their expectations.
FreedomPay believes that connected commerce and customer centricity are the pillars of retail and loyalty programs today and tomorrow.

The importance of personalization and digital data

In order to entice the customer, one has to understand the identity of each person. For example, a vegan may not buy into 50% off sausage rolls. This can be done by analyzing the spending habits on an individual basis, for example, using your systems data to identify who your top-spending customers are and rewarding them. Not only that but by crunching the data to see what they buy from you and when, you can reward them in a way that they will actually value highly, perhaps by offering discounts on the products they buy most often and not the ones they aren’t buying, i.e. the sausage rolls.

The megalithic online retailers understand the mantra and place the customer at the centre of their business operations. For brick and mortars, the ‘shopping experience’ is an asset they will always have to trump online retailers and should be utilized to assert an advantage. Aesthetically pleasing interiors and helpful employees are simple but effective examples. The experience is complemented by the ability to earn discounts, free samples, exclusive treatment and VIP access to entertainment. A loyalty card can drive repeat purchases and incentivize shoppers to come to stores and the website alike. Loyalty programs have proven to be a powerful experience for customers but it should be evolving to better please customers and retailers need to invest in modern data architecture that helps build a new personalized, customer centric loyalty model.

Find out more about customer centric models, by downloading the whitepaper: Personalization and Digital Identity: The Keys To Unlock Loyalty.

SHARE NOW
Posted February 07, 2017 by FreedomPay

Listed vs. Non-Listed P2PE Solutions: What You Need to Know

The PCI Security Standards Council (PCI-SSC) recently released an assessment methodology for merchants using Point-to-Point Encryption (P2PE) solutions that have not yet been listed on the council’s website. The addition of the Non-Listed Encryption Solution Assessment (NESA) and the accompanying audit process provides merchants an expanded pool of encryption solutions beyond the current list of validated providers, allowing for a wider range of security offerings. Before deciding between a listed or a non-listed solution, however, it important to understand the assessment requirements of each as it relates to the solution provider as well as the merchant.

The process for becoming a listed solution with the PCI-SSC begins with an audit performed by an independent, third party, Qualified Security Assessor (QSA) who has been certified for P2PE assessments. During this assessment, the P2PE QSA will evaluate the solution against the relevant controls outlined in the following six P2PE Domains:

  • Domain 1: Encryption Device and Application Management
  • Domain 2: Application Security
  • Domain 3: P2PE Solution Management
  • Domain 4: Merchant Managed Solutions (not applicable to 3rd party solution providers)
  • Domain 5: Decryption Environment
  • Domain 6: P2PE Cryptographic Key Operations and Device Management

For each applicable control, the P2PE QSA will collect evidence from the solution environment, and observe all required procedures to ensure compliance with the standard. The results of the assessment are then documented using the P2PE Report on Validation (P-ROV) template which is submitted directly to the PCI-SSC for final review. Once a representative of the PCI-SSC has approved and signed the submitted P-ROV, the solution will receive an official listing on the PCI website.

Since the PCI-P2PE standard is still relatively new, and the process of implementing and validating a new or existing solution can be quite lengthy, the NESA process gives solution providers the ability to provide a degree of security assurance to customers, along with limited scope reduction, while they work towards a validated listing. Much like the process for becoming a listed solution, non-listed solution providers need to engage a P2PE QSA to perform an assessment of their solution. The requirements for this type of assessment, however, have been relaxed in that a non-listed solution assessment can be completed without meeting the requirements for P2PE Domains 1, 2, or 3, but must meet all applicable requirements of Domains 5 and 6. Though the QSA will still complete a P-ROV for informational purposes, the end result of this assessment will also include a set of documents (referred to as the NESA documentation) which will include:

  • A description of the solution
  • A summary of the application’s full compliance, partial compliance, or non-compliance with Domains 1,2, and 3
  • A statement of compliance confirming the applicable requirements of Domains 5 and 6 are met
  • The assessing P2PE QSA’s recommendation as to how the solution impacts the merchants PCI scope

This set of documents serves the same purpose as a listed solution’s P-ROV or Attestation of Validation (AOV), without being submitted to the PCI Council or the Payment Brands, and will be used by PCI QSA’s when assessing the PCI compliance of a merchant utilizing the non-listed solution. As with standard PCI certification documentation, this NESA documentation should be distributed to clients on an annual basis, and whenever there are significant changes to the system.

At the merchant level, the difference between implementing a listed versus a non-listed solution becomes apparent during the annual PCI-DSS re-certification. A merchant using a listed solution in accordance with the solution providers P2PE Instruction Manual (PIM) and the pre-requisites of the SAQ P2PE automatically qualifies for a drastic reduction in PCI scope when assessing their environment, because the security and isolation of credit card data has been verified by a representative of the PCI-SSC. This same level of scope reduction is not guaranteed with a non-listed solution, and will depend on what is permitted by the merchant’s acquirer as well as the payment brands. In some cases, the acquirer or payment brands may require the aid of a PCI QSA to review the solution provider’s NESA documentation and the merchant’s implementation of the solution to determine what PCI-DSS requirements are covered, and to what degree. The results of this secondary solution assessment will determine which areas of the merchant environment are in scope of PCI, but will not qualify the merchant to utilize the SAQ P2PE.

Now that the door has been opened for the use of non-listed solutions that can still provide a measure of client scope reduction, it’s up to the merchants to determine what they are comfortable with in terms of controls evaluated by the solution provider, and the effort required on their end to properly implement the solution and maintain compliance. Listed or Non-Listed, the choice is yours, but merchants using a non-listed solution need to know they may be subject to additional assessments which could result in additional long-term costs.

FreedomPay’s PCI-validated P2PE solution is a listed solution, and delivers merchants all the PCI-scope reducing benefits listed above. To learn more about FreedomPay’s payment security solutions visit here.

SHARE NOW