GS Logo
The Green Sheet, Inc

Please Login

Banner Ad
Skyscraper Ad

Friday, July 21, 2017

Visa's war on cash encounters backlash

V isa Inc. launched a new initiative to unseat cash from its perch atop the payments apparatus. And that has some folks crying foul. Despite the proliferation of card-based electronic alternatives, cash remains the number one choice for consumer payments in the United States, particularly for items priced at $50 or less.

Data published by the Federal Reserve Bank of San Francisco revealed cash was used for nearly one-third (32 percent) of retail transactions in 2015; credit cards represented 21 percent and debit card transactions were 27 percent of the total. Cards fared better in terms of total value of retail payments: 16 percent of dollars spent were transacted with credit cards and 18 percent with debit cards. Cash accounted for 9 percent of the total value of retail payments in 2015, according to the The State of Cash: Preliminary Findings from the 2015 Diary of Consumer Payment Choice.

Rewards for going cashless

On July 12, 2017, Visa heralded an initiative to get businesses off cash, particularly fast food truck vendors. It is promising awards totaling $500,000 to eligible small food establishments that commit to going 100 percent cashless.

In support of going cashless, Visa cited a study it just completed that found if businesses in just 100 cities shunned cash in favor of cards (such as those loaded on mobile wallets) the net benefits to those cities would total $312 billion a year. In New York City alone, businesses could generate $6.8 billion in additional revenues and save over 186 million hours of labor by switching to digital payments, according to Visa.

Visa said it will be showcasing the new initiative as sponsor formula race car events in and around New York, where concession sales will be cashless. "With 70 percent of the world, or more than 5 billion people connected via mobile devices by 2020, we have an incredible opportunity to educate merchants and consumers alike on the effectiveness of going cashless," said Jack Forestell, Head of Global Merchant Solutions at Visa. "To Visa cashless culture means convenience, security and ease of use. That translates to freedom for consumers and merchants alike."

Cashless rationale assailed

But not everyone is convinced. The ATM Industry Association immediately blasted the initiative, and Visa's promise of monetary rewards for businesses that can successfully wean customers off cash. Among other arguments, the association called into question the economics of card payments if Visa needs to offer monetary rewards to incent change.

By effectively paying food service vendors "to reduce their customers' payment choices, Visa Inc. has elevated its commercial interests above the public interest in America," stated Mike Lee, ATMIA's Chief Executive Officer. "Cash is still the most universal, popular and convenient form of payment in the world today and to deny the right to use it is an insult to millions of Americans who use cash, as well as a deal-breaker for those who only use cash. This is digital discrimination and bad industry practice."

Concerns about digital discrimination, particularly as it pertains to payments, are not limited to ATMIA. Several media outlets – from national to local newspapers – have published articles raising concerns going cashless will seriously disadvantage Americans without bank accounts. The Federal Deposit Insurance Corp. reported that 7 percent of U.S. households (9 million in all) are unbanked.

In June, Washington City Paper, a weekly publication in Washington, D.C., where more than 11 percent of households are unbanked, ran this front page headline: Casual Restaurants are Going Cashless – And Cutting Off their Unbanked Customers.

PayPal advances globally
Thursday, July 20, 2017

P ayPal Holdings Inc. advanced its global payment position through a series of actions completed the week of July 17, 2017. First, it finalized the acquisition of TIO Networks Corp., a cloud-based multichannel bill payment processor. SamSung Electronics Co. Ltd. agreed to add PayPal as a payment option within Samsung Pay for in-app, online and in-store purchases; and PayPal extended its partnership with Visa to European businesses. Earlier this year, PayPal entered a definitive agreement to acquire Canadian-based TIO for $2.56 per share in cash or an approximate value of $233 million. After receiving TIO shareholder approval in April, the Supreme Court of British Columbia granted approval for PayPal to indirectly acquire all issued and outstanding shares of TIO, a portfolio company of Core Innovation Capital and the Center for Financial Services Innovation.

"By acquiring TIO and integrating bill payment into our global payments platform, PayPal adds another key service in our efforts to become a part of a consumer's everyday financial life," said Dan Schulman, PayPal President and CEO. "Worldwide, more than 2 billion people do not have affordable access to basic financial services, making it difficult and expensive for consumers to carry out basic financial tasks, including bill payment."

Seventy-nine percent of TIO's customers are low-to-moderate income. CFSI and Core initially invested in TIO to reduce bill-pay costs to consumers. According to Core, when it invested in TIO in 2013, customers that year saved approximately $192 in annual walk-in bill pay charges, relative to common alternatives, an aggregate savings of $290 million overall.

In 2016, TIO acquired Softgate Systems Inc., a retail payment exchange platform that connects retailers and billers with cash-preferred consumers. Last year, TIO processed over $7 billion in payments for 14 million customers in North America. Today it has over 10,000 supported billers who process telecom, wireless, cable and utility bill payments at over 900 bill-pay kiosks, 65,000 retail walk-in locations, and through mobile and web.

"PayPal's acquisition of TIO represents one of CFSI's greatest impacts to date," said Jennifer Tescher, founder and CEO of CFSI. "In TIO, we made an early investment that helped a strong innovator become a financial health champion, and the company has built an incredible business around a real consumer pain point, shaped it, and demonstrated that it can be done profitably. Under the larger umbrella of PayPal, TIO should scale even further to benefit more Americans."

Samsung, Visa market extensions

Expanding its strategic partnership with Samsung, PayPal customers in the United States will be able to use Samsung Pay to access and use their PayPal wallets. Conversely, through Braintree, a PayPal service, merchants will be able to accept Samsung Pay as a method of payment in-app and online through Braintree Direct. Both parties plan to extend availability of the joint offering to other countries in the future.

Injong Rhee Chief Technology Officer and Head of R&D, Software and Services of the Mobile Communications Business at Samsung said, "At Samsung, we pride ourselves on our open model of partnership and collaboration, which helps us deliver the best experiences to our customers. We are excited to be partnering with PayPal, one of the largest payment platforms in the world, to offer our global consumers a richer mobile wallet experience."

With the extension of its partnership with Visa, which already includes collaboration on in-app, online and in-store payments in the U.S. and Asia Pacific regions, through PayPal's banking license in Europe, it now joins Visa's network of client financial institutions to offer Visa accounts in Europe that enable customers and businesses to use PayPal funds to make purchases wherever Visa is accepted.

"Visa and PayPal have a shared goal of giving consumers a safe, convenient way to pay using their preferred device," said Bill Sheedy, CEO, Europe Region,Visa. "Expanding our partnership into Europe provides greater consumer choice and benefits merchants. By having the option to issue Visa accounts in Europe, PayPal will now have the ability to offer customers new and innovative ways to manage and move their money regardless of platform or device."

Prep sluggish for GDPR deadline, study finds
Wednesday, July 19, 2017

A new study finds most companies may not be ready for the European Union General Data Protection Regulation (EU GDPR), which becomes law May 25, 2018. The 2017 EU GDPR Readiness Report by Crowd Research Partners and STEALTHbits Technologies Inc. amassed data from 500 cybersecurity professionals who are members of LinkedIn's Information Security Community. Nearly 90 percent of organizations surveyed were familiar with the EU GDPR, but only 32 percent considered themselves compliant or nearly compliant, researchers noted.

"This survey reveals that while over 90 percent of the respondents indicated familiarity with the EU GDPR, less than a third believe they are compliant or well on their way to compliance," said Holger Schulze, Chief Executive Officer at Crowd Research Partners, and founder of the Information Security Community on LinkedIn. "What is striking in this study is the marked contrast in level of preparedness and awareness between companies headquartered in the US and the European Union.

Security overhaul needed

As companies scramble to meet the fast-approaching deadline, 30 percent of survey respondents indicated that they would be making substantial changes to their security practices and technologies to conform to GDPR guidelines. Their top challenges were finding ways to address budgetary deficits (32 percent), hiring experts (28 percent) and ensuring that all staff fully understands the regulatory requirements (29 percent), according to the report. Approximately 65 percent of participants have a Data Protection Officer on staff or plan to hire one.

Adam Laub, Senior Vice President of Product Marketing at STEALTHbits Technologies, said the upcoming regulation is prompting numerous organizations to prioritize privacy best practices. "We would encourage organizations to review this report carefully to understand the perspectives of their peers and gain insight into some of the challenges involved in GDPR conformance," he stated.

Implementation begins

Researchers noted the GDPR's anticipated regulatory impact will vary by industry, depending on the amount of personally identifiable customer information that businesses collect. They found that participants have identified multiple avenues within their corporate networks that will need to become compliant. Many are taking an inventory of user data and mapping it to protected EU GDPR categories in the following ways:

Bracing for global impact

Tony Fulda, Managing Director of Strategic Advisory Services for San Jose, Calif.-based AppSec Consulting Inc., said companies that work with European firms or have employees, partners or customers in the European Union, will face termination and noncompliance penalties if they fail to implement EU GDPR guidelines for collecting and managing Personally identifiable information on or before the May 2018 deadline.

"Our consulting team has been advising clients on how to best meet or exceed GDPR's new requirements and build out a sustainable and appropriate privacy program," he stated. "An expanding number of organizations are getting in front of these new requirements as a good business practice, as well as to mitigate the risk of leaking private personal information by human error or cyber-attack."

Mastercard to acquire Brighterion, beef up AI capability
Tuesday, July 18, 2017

B efore 2011, the term "artificial intelligence" rarely cropped up in The Green Sheet. Since then, mention of artificial intelligence (AI) has gradually increased to the point where, like "fintech" and "payfac," it appears routinely in news, views and feature articles throughout the magazine. Indeed, AI is on the rise in the payments sphere. This is evidenced by today's news that Mastercard intends to purchase Brighterion Inc., a software company specializing in AI.

Describing Brighterion in a press release about the acquisition, Mastercard wrote, "Brighterion offers the world’s deepest and broadest portfolio of artificial intelligence and machine learning technologies, providing real-time intelligence from all data sources regardless of type, complexity and volume. Our technologies are successfully applied in cyber and homeland security, anti-money laundering (AML), real-time cross-channel fraud prevention, onboarding and risk monitoring, behavioral device ID, data breach detection, marketing, trading, healthcare and biotech."

Mastercard noted that its suite of security products already uses AI, and Brighterion’s Smart Agent technology will be added to the suite. "The resulting insights and capabilities from the combined team will deliver even greater accuracy and a new element in managing risk and protecting the consumer," the company stated.

Ajay Bhalla, President of Enterprise Risk and Security for Mastercard, added, "To fully realize the promise of our increasingly digital lives, we need to design our payment systems with the future in mind and that’s what we’re doing. Our unprecedented use of artificial intelligence on our network is already proving successful. With the acquisition of Brighterion, we will further extend our capabilities to support the consumer experience."

Brighterion founder and Chief Executive Officer Akli Adjaoute said it all comes down to intelligent decisioning at the time of the transaction. "We’ve worked with Mastercard over the years to identify patterns and trends to power their most advanced customers’ authorization and decisioning activities," he said. "We look forward to building on that foundation and providing an industry-leading, holistic and seamless security experience."

The companies declined to disclose their agreement's terms but indicated closing of the transaction is subject customary conditions, including the expiration or early termination of the applicable waiting periods under the Hart-Scott-Rodino Act.

Early detection halts Avanti kiosk attack
Friday, July 14, 2017

T ukwila, Wash.-based Avanti Markets Inc., a self-service solutions provider, shut down kiosks in select U.S. office breakrooms that may have been compromised by malware. Forensic analysts believe the intrusion occurred July 2, 2017, and praise the company for detecting and stopping the attack within 72 hours. Avanti alerted the FBI and issued a public statement July 4, with recommendations to those who may have been affected.

Avanti representatives said kiosks do not store personally identifiable information (PII) and do not have universal configurations, which makes them less susceptible to wide-scale attacks. Customers who paid by credit card at infected kiosks during the malware's 72-hour window may have exposed card credentials; those who paid by "Market Card" may have exposed names and email addresses, company representatives noted. However, they confirmed that biometric data was protected by end-to-end encryption used in all Avanti fingerprint readers.

Protecting the POS 'gray zone'

Jonathan Sander, Chief Technology Officer at STEALTHbits Technologies, said POS systems are not a big area of focus for many security professionals. "The POS systems are often brought in from the outside, used by contract or part-time employees, and even connected to networks that aren't fully IT managed," he said. "They live in a gray zone that makes them both hard to manage and easy to target."

Companies must act swiftly to update aging POS infrastructure, added Ido Wulkan, Intelligence Team Lead, IntSights Cyber Intelligence Ltd. Wulkan said criminals used similar attack vectors against Avanti and other major chains, such as Intercontinental Hotels in 2016. "This type of malware infects [POS] machines, collects the credit card data and transfers it to a remote server," he stated. "POS devices are known to operate on old and under-maintained systems, which makes them more susceptible and vulnerable to malware."

Wulkan also observed the Avanti threat actor used the same SSL certificate as the group behind the PoSeidon and Chanitor POS malware attacks. "This group tends to re-use its C&C infrastructure in different campaigns, and its servers are hosted in Eastern Europe, which might indicate that it is of Eastern-European origin," he stated. "The group utilized Microsoft Office Macro Vulnerabilities and phishing emails as attack vectors for its previous campaigns, which means these methods might also have been used for this campaign to some extent." Failing to protect external-facing computers can leave them open to unauthorized entrants who can infiltrate an organization's network and utilize vulnerabilities to attack POS systems, Wulkan said. He recommended the following tactics to mitigate against POS threats:

Automating responses, technology

Gilad Peleg, Chief Executive Officer of SecBI, sees a tough road ahead for forensic investigators as they sift through millions of log files to identify the machines that communicated with outside IP addresses and correlating these incidents over the time-span of the breach. "Regardless of which incident response firm they have called to their aid, this task could take weeks and they should really consider using [artificial intelligence (AI) and machine learning algorithms] to reduce this time, deliver conclusive results and no false-positive alerts," he stated. SecBI's Autonomous Investigation technique uses AI and multiple layers of machine learning to mimic an expert cyber security analyst at machine speed investigating and hunting through billions of logs to detect the full scope of malicious incidents, Peleg noted. "As an example, we use unsupervised machine learning and cluster analysis to piece together seemingly benign events into suspicious incidents (clusters) that go undetected by other systems."

Lisa Baergen, Marketing Director at NuData Security, a Mastercard company, said the Avanti breach is a reminder of the need for organizations to rethink how they protect and verify user identities in the digital world. "Using a multilayered approach of integrating device intelligence, active and passive biometric analysis, and behavioral analytics is the key to truly understanding the user behind the device – which will effectively devalue the stolen identity data to any other person or entity," she added.

View prior breaking news

Spotlight Innovators:

North American Bancard | Harbortouch | USAePay | IRISCRM.COM | Humboldt Merchant Services