Tokenization – FreedomPay
X
Posted January 20, 2020 by FreedomPay

Top 5 Payment Security Trends in 2020

Fraud is on the rise. With deep pockets and creative minds, fraudsters and cybercriminals are becoming increasingly organized, sophisticated, and focused on the low hanging fruit that exists within the retail space.

The security playbook has widened, and now includes EMV, PCI DSS, and point-to-point encryption (P2PE), with new regulations such as PSD2’S SCA tightening up vulnerabilities. In addition, robust anti-fraud solutions are now part of most card acceptance POS and payment gateways.

As the data protection battle continues, there are some strong security patterns emerging:

• CNP payment fraud will continue to rise and fraudsters will get increasingly sophisticated

Squeezed out of the traditional payment chain, criminals are increasingly targeting remote Customer Not Present (CNP) transactions where shoppers’ data is especially vulnerable.
According to Juniper Research, online payment fraud will top $22 billion this year—and could reach $48 billion by 2023. Fraudulent attacks are becoming more sophisticated using tactics such as phishing, ID theft, pagejacking, wire scams, and merchant ID fraud. In 2020, watch out for ‘imposter bots’ that exploit the growth of AI-driven chatbots for online customer support to draw out payment details and other sensitive information from established retail websites.

• Tokenization will become more widespread as merchants seek to secure the payment chain while delivering more personalized and connected services (including IoT)

Tokenization replaces sensitive payment data with a randomly generated token that lets their transaction be tracked and their ‘footprint’ remembered making it ideal for CRM, loyalty and personalized promotions. The merchant does not touch, or store payment data and fraudsters can’t reverse the token to access account details. By 2020 it’s expected that there will be 20 billion IoT devices, a proportion of these will no doubt facilitate transactions too, creating a whole new window of opportunity for fraudsters. Tokens can be used across all channels and can even facilitate transactions between devices in IoT environments.

• New forms of authentication will emerge fueled by PSD2’s SCA requirement which comes into effect in 2019 (EU) and 2020 (UK)

Strong Customer Authentication (SCA) will soon become essential for retailers in order to ensure compliance with PSD2. Each transaction will require two different types of authentication taken from three criteria (something you own, something you know and something unique to you). With a physical card and a PIN, EMV already meets the criteria. However, for CNP and online transactions, it’s not so easy, with extra passwords and registrations increasing friction and possibly dropped sales at the checkout. To prevent this, merchants may turn to ‘customer-familiar’ smartphones and biometrics to ease the process. They will be supported by the likes of MasterCard, who are already championing biometric authentication.

• Anti-fraud solutions will deliver better security decisions with less friction for legitimate buyers

Advanced, risk-based decision-making for e-commerce will help to reduce CNP fraud using updated standards from EMV 3D-Secure. Examining 10 times more risk factors than before to help decide whether step-up authentication is required. In addition, companies that facilitate digital payments will likely layer 3D-Secure with other advanced analytics technologies like artificial intelligence, to help analyze for fraud. Across retail, self-learning neural models will be used to automatically spot patterns much more swiftly. They will also enable closer rules setting and customization – essential for peak periods such as Black Friday – to minimize false declines and reduce the incidence of chargebacks.

• Merchants will have to tighten up their processes – whether mandated or not

It’s not possible for technology alone to fully eliminate retail fraud, especially for online stores. Like all hi-tech environments, people, and processes are often the source of inadvertent breaches. Retailers will have to continually update network security systems including firewalls and antivirus software, train staff and maintain audits to keep their defences high and information safe. Expect to see more security specialists employed full-time, even within smaller merchant organizations.

• Security will become a core differentiator for selecting a payment service provider

Businesses will be more proactive in their cybersecurity strategies when it comes to protecting the consumer. As senior execs and boards are increasingly held accountable, security is moving beyond a simple compliance tick-box towards a real corporate imperative supported by organisational wide procedural frameworks. Reflecting on this, security will become a critical differentiator ahead of reliability and costs for merchants seeking payment partners and providers.

While there are a plethora of security add-ons and antifraud software available, merchants shouldn’t forget the basics. This includes maintaining awareness of the latest fraud regulation and ensuring systems (and those of providers) are verified and compliant with all the latest standards; specifying PCI point-to-point encryption (P2PE) and tokenization for all payment platforms.

With GDPR necessitating clear policies for storing and handling ‘all’ customer data and the reporting of data breaches, retailers must make sure the right processes and training are in place to support these too.

If in doubt, payment partners such as FreedomPay, are often first to spot new security trends and can provide practical support and guidance to help keep businesses and their customers safe.

 

person on their laptop holding their credit card with security icons and messaging icons with get in touch below the messaging icons

 

 

SHARE NOW
Posted August 23, 2019 by Bernard Clary

Stop Hackers Finding Gold in Your Data: A Quick Guide to P2PE

With so many touchpoints in the customer sales journey, it’s getting harder to lock-down retail payment chains against fraudsters (losses on UK-issued cards totalled £671.4 million in 2018). For many physical retailers, PCI compliance alone is no longer enough to ensure data security, protect customers and safeguard their business and reputation. That’s where point-to-point encryption (P2PE) comes in.

Why is P2PE important?

P2PE provides merchants with one of the most significant ways to minimize the risk of criminals stealing their cardholders’ data during in-store, face-to-face, card-present transactions.

What does it do?

P2PE protects credit card data from the point of sale (POS) as it travels through a merchant’s local network and across the internet before it reaches the payment processing system at the acquirer’s end.

How does it work?

It does this by encrypting data immediately upon entry from a payment terminal connected to the POS device to the third party secure environment where it is decrypted before authorization – from the starting point to the end point – hence its name. This encryption method utilizes complex encryption keys controlled by a P2PE solution provider, ensuring the merchant, or any third party, has no means of accessing the data traversing the network.

Why does this help?

Encrypting card data in this manner, means that even if a fraudster manages to capture it, they are unable to access the user’s ID or card data, without the relevant encryption/decryption keys. So, sensitive payment data can be safely sent through the entire payment chain without risk of compromise.

What about PCI Compliance?

P2PE is like a booster for PCI DSS – it goes further, is more exacting and safer than PCI DSS alone. And it makes achieving PCI compliance much simpler and less expensive too! That’s because it effectively takes the POS system and payment platform out of PCI scope, reducing time, effort and cost of compliance (but only if you use a PCI approved P2PE solution and provider, and follow the correct operational procedures).

Will it stop retail fraud?

No, it doesn’t prevent fraud using lost or stolen cards, but it does prevent criminals from accessing card data at the point of sale or while the cardholder data is in-transmission from the POS device to the payment processor.

Does it stop merchants using transaction data?

Not if you use it in tandem with a tokenization solution such as FreedomPay CardStorTM . This replaces the cardholder’s primary account number (PAN) with a ‘token’. Retailers can use tokens to identify the customer – for loyalty programs or automated form filling – and to supply transaction-based information to CRM systems and for business intelligence.

Is it hard or expensive to implement?

It can normally be integrated easily as part of your payment solution or platform using a PCI P2PE toolkit to provide the relevant encryption keys/pathways. If in doubt speak to your authorized payment provider. Any additional costs can often be quickly offset against time, effort and cost savings from PCI scope and audit reduction.

Still need to be convinced?

Here’s a quick summary of the benefits:

1. Simplifies PCI DSS compliance, reduces scope and cost
2. Extra data security without compromising customer experience
3. Minimizes risk of fraud, data breaches and subsequent fines, loss of custom and reputation
4. Data protection that keeps payment services simple
5. Used with tokenization, won’t affect loyalty programs or other commerce platforms
6. Software-based, easy to integrate – especially with FreedomPay.

Read more about payment security here.

SHARE NOW
Posted April 17, 2019 by FreedomPay

Where Has it Gone Wrong for the Brick and Mortar Retailers?

It is always sad to see an iconic British high street name like Debenhams fall by the wayside as several have done in the last few years. While there could still be hope for Debenhams, the latest in this sorry roll call, with a number of players vying to take control and turn it around, it has sent yet another warning message to other high street stores hoping to ride out brick and mortar’s decline.

It is abundantly clear that the brick and mortar model has been struggling for a number of years. Shrewd merchants have been adapting their strategy to compete with e-commerce and align with the ever-changing retail landscape, and those who haven’t adapted fast enough have felt the hit.
The convenience and speed at which online purchases can be made have been key factors in the migration of large chunks of market share from high street to online. Enormous overheads from rising rents (£4.3bn in operating lease commitments in Debenhams’ case) and the need for high numbers of staff, equates to high (and rising) costs with decreasing sales – a formula that even the best chief executives might struggle to work with.

While it would be foolish to say that all brick and mortar businesses are doomed, it is imperative for decision makers to review their strategy even if, so far, it has been working for the last 50 years; consumer needs and wants are rapidly evolving and loyalty programs need to keep pace with their expectations.
FreedomPay believes that connected commerce and customer centricity are the pillars of retail and loyalty programs today and tomorrow.

The importance of personalization and digital data

In order to entice the customer, one has to understand the identity of each person. For example, a vegan may not buy into 50% off sausage rolls. This can be done by analyzing the spending habits on an individual basis, for example, using your systems data to identify who your top-spending customers are and rewarding them. Not only that but by crunching the data to see what they buy from you and when, you can reward them in a way that they will actually value highly, perhaps by offering discounts on the products they buy most often and not the ones they aren’t buying, i.e. the sausage rolls.

The megalithic online retailers understand the mantra and place the customer at the centre of their business operations. For brick and mortars, the ‘shopping experience’ is an asset they will always have to trump online retailers and should be utilized to assert an advantage. Aesthetically pleasing interiors and helpful employees are simple but effective examples. The experience is complemented by the ability to earn discounts, free samples, exclusive treatment and VIP access to entertainment. A loyalty card can drive repeat purchases and incentivize shoppers to come to stores and the website alike. Loyalty programs have proven to be a powerful experience for customers but it should be evolving to better please customers and retailers need to invest in modern data architecture that helps build a new personalized, customer centric loyalty model.

Find out more about customer centric models, by downloading the whitepaper: Personalization and Digital Identity: The Keys To Unlock Loyalty.

SHARE NOW
Posted April 01, 2019 by FreedomPay

How to Keep and Grow Your ‘Happy’ Customer

We all know the importance of loyal customers.

However, loyal customers can be hard to earn in a noisy world where every business is trying to tempt them with new and exciting deals and offers. We often see a first flush of success and high sign-ups for rewards programs, then low usage, poor return on investment and questionable viability.

However, brands shouldn’t want to ditch loyalty as an asset because it’s far easier and cheaper to retain and grow existing customers than to acquire new ones. So, what’s the answer? It surely must be making loyalty easier to access, more relevant and easier to use; such as creating value that follows the customer across various points of sale.

One of the most effective ways of doing this is something called an analytical token. This is where tech comes in to create, via an algorithm, an identifier code or ‘token’ which is safely and securely linked to the customers payment details, or app, or card, etc.

Analytic Tokens in an omni-channel world

Analytic tokens work across all channels – physical, digital and mobile. With the right architecture, they can also be linked to Customer Relationship Management (CRM) and loyalty systems, to provide a 360-degree view of the customer – what they are buying, in which channels, when and how frequently.

Being able to link identity with transaction flow, opens the door to deeper richer and more valuable insight, allowing organisations to ‘follow’ customer journeys and deliver more personal loyalty experiences.

Businesses can track, monitor and remember tokens without compromising payment security. Effectively turning points and rewards into digital types of near money currencies that can be linked to a customer’s ID. This makes them transportable across platforms, channels and even between businesses and brands.

A token-based digital near-money currency

Loyalty schemes often fall flat because consumers find them too restrictive. In most cases they can only be used with an individual or small collective group of retailers with numerous conditions attached to their use. In addition, traditional voucher, code and coupon systems often have a poor shelf-life, with many users failing to redeem them before they run out.
Analytic token-based digital currency doesn’t have any of these limitations or customer pain points. It can be bought, sold, transferred, gifted, or turned into an ubiquitous currency. It can follow the user across a wider ecosystem, and it retains, and can even increase in value as the popularity of the loyalty scheme grows.

Virtual currencies combined with extended retail partner networks and new customer centric loyalty design schemes will redefine the way we all buy goods and services – breaking down usability barriers and making loyalty even more valuable to a merchant’s bottom line.

Find out how to build liquidity into your loyalty architecture by downloading the FreedomPay Report: Personalization and Digital Identity; the Keys to Unlock Loyalty.

SHARE NOW
Posted May 15, 2015 by FreedomPay

EMV, Point-to-Point Encryption and Tokenization On Capitol Hill

The House Financial Services Committee held a full committee hearing on data and cyber security, where the Members of Congress challenged payment industry experts on protecting consumer data in the era of computer hacking.

Brian Dodge of the Industry Leaders Association, Laura Moy of the New America Foundation, Stephen Orfei of the PCI Security Standards Council, Jason Oxman of the Electronic Transactions Association and Tim Pawlenty of the Financial Services Roundtable were called to speak before the Committee.

The panel covered a range of issues, from foreign cyber security threats, to malware at the point-of-sale, to card fraud and online fraud, to the costs of fraud on financial institutions, merchants and consumers.  Several Members debated ongoing legislation and the role that Federal and State regulators and law enforcement agencies should play in consumer breach protection.

In their opening statements, Mr. Oxman and also Mr. Orfei advocated for a layered approach to data security, with EMV at the point of sale, point-to-point encryption, and tokenization.

Mr. Orfei continued, “EMV chip is not a silver bullet.  Additional controls are needed to protect the integrity of payments online and in other channels.  This includes encryption, tamper resistant devices, malware protection, network monitoring and more.  All are vital parts of the PCI standards.”

 

 

As a solution provider, FreedomPay has committed to delivering the highest standards in the industry that help merchants protect their customers’ credit card data.  FreedomPay offers merchants the technologies and supporting programs be on the leading edge of payment data security, adhering to the rigorous PCI Validated P2PE standard, and extending functionality across the broad ecosystem of Card Present and Card Not Present payments.

EMV, PCI Validated P2PE and tokenization are what we do.  And really, that is only the beginning.  Just wait until you see what secure transaction data can do.

 

SHARE NOW
Posted January 01, 1970 by FreedomPay

Tokenization and data – the value in unlocking loyalty at the Point of Sale

Merchants are no stranger to the transformational power of point of sale (POS) data. They already use it to link demand with inventory, create customer profiles for marketing and to spot buying trends in individual and across multiple locations.

However, the true commercial value of sales data lies in being able to drill down to individual customer’s buying behaviors – what they’re buying, where and when, and how they paid for it while staying data compliant.

Revenue hungry brands are eager to tap into this rich vein of data to re-energize their loyalty programs with seamless access to personalized content and tailored rewards. But, without the technology to link it securely to a specific customer, and across business functions, the prospect of meaningfully monetizing is lost.

Smart and safe: Harnessing data and tokenization

So how to unlock it? For omni-channel brands focused on driving stickier relationships, the easiest way to harness data and ID is using tokenization. This works by generating a customer identifier code or ‘token’ which is linked to the payment mechanism. Data from an individual’s sales journey can then be tracked invisibly, with no friction, and without compromising sensitive cardholder details.

Used in tandem with a connected commerce platform, tokens can be shared across business functions breaking down operational silos and connecting sales, CRM, social and marketing activities.

Near-money loyalty: Expanding tokenization

Not only that but tokenized points are 100% transferable and tradeable so they become a near-money currency across brands and outlets. This lends itself seamlessly for loyalty programs. Loyalty suddenly becomes more versatile, usable and attractive for customers – and a potential source of revenue for the merchant.

Using customer data in this way allows brands to execute loyalty as part of their business operations – as a platform not as a ‘point’ solution.

By doing so they can make the shift to truly seamless customer centric loyalty programs, delivering highly targeted and fluid rewards that flow smoothly between multiple vendors. Creating more value-rich experiences, boosting uplift and connecting with customers for longer.

All of this and more is just sitting on the POS waiting to be freed.

SHARE NOW
US