Updated: Friday, November 21, 2014
Visa, MasterCard to cut credit card interchange in Canada
R etailers in Canada appear to have achieved something those in the United States have failed to achieve: commitments by the Visa Inc. and MasterCard Worldwide units operating there to lower credit card interchange. And they didn’t even have to challenge card brand pricing in the courts or through the government to get it.
Canada's Minister of Finance announced on Nov. 4, 2014, a plan under which the Canadian units of MasterCard and Visa will “voluntarily” slash merchant interchange, thereby forestalling government-imposed changes in the card companies’ interchange models.
“These commitments represent a meaningful long-term reduction in costs for merchants that should ultimately result in lower prices for consumers,” Minister of Finance Joe Oliver said in a statement. “As a result of the voluntary proposals, there is no need for the government to regulate the interchange rates set by the credit card networks.”
MasterCard and Visa each submitted a proposal to reduce interchange fees to an average effective rate of 1.50 percent for the next five years, beginning no later than April 2015. They promised to ensure all merchants see lower interchange. The largest price breaks, however, will go to small and midsize merchants and charities. To ensure they keep their promises, the two card companies have agreed to annual verifications by an independent third party.
American Express Co. has made no promises to cut merchant fees. “American Express has a different business model than Visa and MasterCard," Oliver said in a statement. "It negotiates its fee directly with merchants, and merchants know their cost each time they accept an American Express credit card. Nevertheless, if there is a fundamental shift in the marketplace and it is determined credit card networks other than Visa and MasterCard exert market power or will soon exert market power, the government will expect that those networks voluntarily commit to reduce their credit card fees in line with the current voluntary proposals submitted by Visa and MasterCard.”
In response to ongoing merchant complaints, the Canadian government has been pressing the card companies to cut interchange. Indeed, the government pledged in its 2014 budget to take steps to ensure lower card fees for retailers, and lower costs for consumers by extension. And Oliver warned the card companies they had better keep their promises. “If the reductions in interchange fees are not passed along to merchants or the overall cost of accepting credit cards increases at any time during the period covered by these commitments due to actions taken by Visa or MasterCard, the government reserves the right to rescind its acceptance of the voluntary commitments,” he said.
The Retail Council of Canada said its members were “delighted” about the deal heralded by Oliver’s office, but also said it intends to push for further reductions. The RCC claims to represent and lobby for about 70 percent of retail stores in Canada. “For our merchants, this is an important first step towards ending the escalation of credit card fees that have been ballooning in Canada for the past seven years – fees that, until today’s announcement, went completely unchecked." said Diane J. Brisebois, President and Chief Executive Officer of the RCC. "While we’ve made a start today, everyone is still paying too much.”
Visa Canada said it took action to forestall regulations. But if conditions change so will the company’s commitment. “Visa has long maintained our opposition to regulatory approaches which impair a functioning market, and that position has not changed,” Visa Canada said in a statement. “Visa believes the undertaking establishes stability and predictability for the Canadian payments industry.
"Importantly, the nature and content of the undertaking will avoid the kinds of regulatory measures that, when attempted in other markets, have left consumers worse off. … Visa enters into this undertaking with the full expectation that the government is committed to a level playing field. If Visa or our clients are disadvantaged as a result of entering into this undertaking, Visa reserves the right at any time to terminate or amend it.”
Interchange has been a bone of contention between merchants, banks and the card companies worldwide. The government of Australia forced the card companies to effectively halve credit card interchange in 2003. In the United States, Visa and MasterCard have had to contend with multiple court challenges to their pricing structures. Then there was the Durbin Amendment to the 2010 Dodd-Frank Act, which mandated cuts in debit card interchange rates – a move that has reportedly diminished U.S. card-issuer earnings by billions of dollars a year. Canadian merchants also tried, unsuccessfully, to challenge interchange in court several years ago.
Reports in the Canadian press, quoting bank sources, suggest the impact of the lower credit card interchange will be minimal at the six-big banks that dominate the Canadian market. Analysis by one of those banks, Canadian Imperial Bank of Commerce, said the fee reductions will result in 0.4 percent to 0.6 percent decline in earnings per share at the nation’s leading banks in 2015. A report by National Bank of Canada stated, “the announced reduction to interchange fees would have a fairly minimal impact on the earning of the Big Six Canadian banks.”
Michael Gokturk, CEO at Payfirma, an ISO with operations in the United States and Canada, said the new rates would seem to have little impact on ISOs and acquirers. “The impact of this announcement falls into one of two categories, based on how the ISOs or acquirers bill their merchants,” Gokturk said. “If merchants are set up on an ERR [enhanced rate recovery] or any other model which has a component of interchange differential, then there is no obligation for the acquirer or ISO to pass along savings to the merchant. If their customer base was acquired under an interchange plus [cost-us] model, then there will be mandatory savings to the merchant without any loss of revenue to the ISO,” he said.
Gokturk added that some merchant categories may pay more under the change, depending on how the rate cuts play out. “What this means are the grocery store rates and gas station rates, which benefit from a significantly reduced interchange cost [now], would actually increase to pull the average to 1.5 percent due to the sheer volume of credit card transactions,” Gokturk said. “Also, many premium card types that offer rewards and benefits to cardholders carry a much higher cost than 1.5 percent; as a result, we could see a drastic cutback of these type of rewards if the cost were to be reduced significantly.”
This could result in some backlash, depending on how the card companies interpret the agreement Gokturk added. “For example, the language could also be interpreted to mean the total average cost of accepting credit card will be at 1.5 percent, without regard to card type or industry,” he said. “Accordingly, we will have to take a measured approach to what this reduction actually means for all stakeholders, not just acquirers.”
Laszig joins, Train moves up, Watkins departs The Green Sheet
Friday, November 21, 2014
T he Green Sheet Inc. is delighted to announce that payments industry executive Dale S. Laszig has joined our team as a staff writer. She has been a long-time contributing writer to our publication and, for the 2013-2014 year, she was also author of the Street SmartsSM column.
Dale's areas of special interest include business development, POS technology, marketing, writing and editing. As a consultant, she has helped business owners leverage industry knowledge, best practices and electronic transaction technology to achieve strategic goals. Always willing to put skin in the game, she is an active member of The Electronic Transactions Association, as well as the Women's Network in Electronic Transactions, and has volunteered on multiple committees and at tradeshows to help maintain high standards for the industry as a whole.
"We are thrilled to have someone of Dale's high caliber join us," said Kate Gillespie, President and Chief Executive Officer of The Green Sheet. "Her ability to form lasting relationships, her industry knowledge, technical know-how and strong work ethic will all be a great asset to us as we go forward."
In addition, Ann Train, whose eye for detail is unparalleled, has been promoted to the position of senior staff writer. And we bid farewell to Dan Watkins, who has left his post as associate editor to pursue other professional opportunities. For seven years, Dan was an outstanding staff member who could write or revise any type of article needed with speed and accuracy.
We wish Dan well in his future endeavors, congratulate Ann on her promotion and give Dale a hearty welcome to The Green Sheet's editorial team.
Home Depot breached via third-party vendor
Friday, November 21, 2014
I n the wake of the Target Brands Inc. breach that occurred during the 2013 holiday season, it was disclosed that the massive intrusion originated from network credentials stolen by fraudsters from Target's heating, ventilation and air conditioning (HVAC) subcontractor. The Home Depot U.S.A. Inc. recently reported that the same attack vector was used in the breach of its systems in early 2014. That breach reportedly resulted in the theft of 53 million customer email addresses; apparently no payment card information.
On Nov. 6, 2014, Home Depot said an investigation into the breach, which began in April 2014 and was uncovered in September, discovered that fraudsters stole the user name and password of an unnamed third-party vendor that had access to Home Depot's electronic network. "These stolen credentials alone did not provide direct access to the company's point-of-sale devices," Home Depot said. Instead, the hackers employed the user credentials to access Home Depot's network and install malware that targeted the retailer's self-checkout systems in the United States and Canada.
At the time of the breach, Home Depot was in the middle of transitioning some 85,000 POS terminals to the Europay/MasterCard/Visa (EMV) chip card standard to boost security against fraudsters using counterfeit cards at the POS. Following its breach, Target instituted its own EMV transition. But, ironically, neither EMV implementation addresses the source of the breaches: back-door weaknesses in network security.
Ease of intrusion
Chicago-based data security and compliance firm Trustwave has been vocal in its criticism of businesses for having lax security practices when it comes to third-party vendors. Karl Sigler, Trustwave Threat Intelligence Manager, said retailers rely on third-party vendors for all kinds of services, including HVAC maintenance and after hours cleaning crews.
"For a lot of these third-party vendors, it's all about ease of access and [to] be able to get in and do their job as quickly and efficiently as possible," Sigler said, "That opens up vulnerabilities." The main point of vulnerability is via remote access, according to Sigler, where businesses supply vendors with user credentials to access their networks remotely. But, often, those credentials contain weak, easily hackable passwords and PINs, or businesses dole out the same credentials to multiple vendors.
Trustwave conducted research on password strength based on thousands of network penetration tests it performed on businesses in 2013. Out of a sample of over 625,000 passwords, Trustwave was able to crack over half within minutes, and almost 92 percent of them within a month's time. Additionally, Trustwave found that the most common password is Password1, followed by Hello123, and password. Trustwave said weak or default passwords contributed to one third of compromises it investigated in 2013 and 2014.
Sigler pointed out that physical network intrusions are also common. "A lot of the time the easiest method to get into a facility physically is by becoming part of the cleaning crew or the HVAC crew," he said. "And once they have physical access to a system, and you don't have strong protections on the systems inside, it's pretty easy to gain access and install whatever malware they want."
It is for these reasons that third-party vendors are popular targets for fraudsters. "The large organizations are hard to attack directly," Sigler said. "But a lot of these third-party vendors are themselves a smaller shop, and they don't often have proper security controls put in place, the manpower, or they don't have the skills in-house to do it. So it's an easier attack vector. [Fraudsters] are going to take the easiest path to get to the data they want to steal."
Awareness and control
Fortunately, awareness is growing of the security vulnerabilities inherent with third-party vendors and the network access given them by businesses. The PCI Security Standards Council has put a focus on security issues involving third-party vendors in the update to its global data security standard.
Version 3.0 of the Payment Card Industry (PCI) Data Security Standard (DSS), which becomes the de facto standard for securing networks on Jan. 1, 2015, puts the onus on vendors to clarify for the benefit of merchants which PCI DSS controls they will address and which are the responsibility of merchants. The updated standard also mandates that vendors use unique passwords for each merchant they connect to remotely, and deploy two-factor authentication for those connections as well.
Sigler recommended practical steps businesses can take to make fraud attacks via third-party vendors less likely. First, lock down physical environments. "You should be very aware of the physical environment you're giving [vendors] access to," he said. "If you're giving them access to the entire facility, they should at least be monitored or escorted through rooms or through server situations that have very critical systems."
Second, given that businesses often employ multiple vendors, organizations should have awareness and control over how those vendors access networks. "Because of vendor preferences, [businesses] end up having too many remote access solutions," Sigler said. For example, one vendor might prefer a remote desktop interface; another vendor might use a virtual private network solution.
So businesses should regularly audit how vendors are accessing networks and limit access points to one or two that can be more easily monitored, Sigler noted.
Additionally, if a breach occurs, businesses should be able to recognize and respond to it quickly. "That's the last safety net," Sigler said. "And that involves monitoring your network, monitoring your systems for things that are abnormal – things that you wouldn't expect to see."
To spot abnormal activity, organizations need to establish a baseline of normal activity, which is accomplished by diligently monitoring networks. "They should have a system in place where they both log whenever a third-party vendor logs into their network, then monitor those logs for odd activity," Sigler said. An obvious example of abnormal activity is when a vendor logs onto a network at 3 a.m., he noted.
Add smart TV payments to the omni-channel experience
Tuesday, November 11, 2014
A new opportunity is forming for the payments industry in the burgeoning market for multifunction, Internet-connected smart TVs. It's a market driven by consumers who watch less and less network and cable TV and instead stream content online, whether on a desktop, a tablet computer or, more commonly now, a smart TV. Leveraging payment functionality online via smart TVs may thus be the next big delivery channel for payment providers.
Boston-based market research firm Strategy Analytics said in its Smart TV Forecast that 76 million smart TVs were shipped globally in 2013, up by 55 percent from 2012. Western Europe is the biggest market so far for smart TVs, according to the research. By 2017, Strategy Analytics said, virtually all mid- to high-end TVs will ship with some form of Internet capability.
However, the "smart" capabilities of connected TVs are being underutilized by consumers; Strategy Analytics reported that only about 50 percent of smart TV owners in the United States and Europe utilize that online functionality. "[S]o vendors must continue to add compelling applications and services to entice consumers to utilize their platforms," said Strategy Analytics Analyst Eric Smith.
One such vendor is Paymentwall Inc., a global e-commerce service provider headquartered in San Francisco. The firm is an aggregator of online solutions, including an international payment gateway, a mobile carrier billing platform and an alternative prepaid platform. Paymentwall has offices in nine countries, including China, Germany, Turkey and Brazil.
Paymentwall Chief Executive Officer Honor Gunday said the company has integrated all its features into a smart TV application, PW Smart TV, which facilitates payments for the online streaming of movies and other content. The solution is geared toward developers who build applications for smart TVs.
Gunday said that, in the last few years, at least 5,000 applications have been written for smart TVs from around 3,000 developers worldwide. The problem is monetizing those applications. "These developers who produce these applications on many TV platforms have to find a way to monetize the users, monetize the content, monetize the services that they provide. And they do this on their own," Gunday said. "But what Paymentwall enables them to do right now is integrate Paymentwall on any TV so they can process a payment."
Paymentwall's user interface (UI) allows consumers to choose content and pay for it by entering a credit card number, for example, using the numeric keys on the TV's remote control. "They don't have to type addresses," Gunday said. "They don't have to type in other details. Once that's done, our system tokenizes the credit card details [and] saves it in our vault."
The entry of the card number is a one-time action for consumers, Gunday added. "Our system is smart enough to recognize all the users using the TV once we store and tokenize the card details," he said. "They don't have to keep inputting the card details when they are using a credit card."
Paymentwall also allows consumers to intitate transactions with secondary mobile devices like smartphones and tablets. "Most people, statistically speaking, always have a cell phone when they are sitting on their couch in the living room," Gunday said. "They can pay on the mobile device and our system communicates directly with the TV and executes the payment on the phone, but indicates the fact that its executed through the TV via an API [application protocol interface]."
A demo of PW Smart TV is available at www.youtube.com/watch?v=NWhQ0VDEL_Q&feature=youtu.be .
Smart fridges, too?
Gunday said smart TV payments are akin to the traditional pay-per-view model, with consumers accessing content on TVs by paying pay-per-view providers, typically via phone. But the big difference in the smart TV realm is the flexibility of integrating payments from many providers on one multifaceted platform, according to Gunday.
The potential payment volume flowing through smart TVs is hard to quantify in this early stage in the market's development. However, consumers in the developed world still like to watch TV; Americans love it, to the tune of 8 hours per day, Gunday said, with consumers in Turkey coming in second at a daily average of 5 hours.
The demographic shift away from traditional TV watching by younger generations of consumers (and toward accessing content via mobile devices) will not dampen the smart TV market, at least for the next 10 years, according to Gunday.
Indeed, TVs are a staple of living rooms around the world and remain a strong focal point for communal gatherings to watch sporting events and movies, for instance. Additionally, smart TVs have become the hub of entertainment centers, where gaming consoles and other devices can be connected and content enjoyed on the larger screens that TVs provide.
Gunday noted that the card brands have put smart TV payments in the card-not-present category, which comes with a higher interchange rate because of the increased risk of fraud on those transactions. PW Smart TV does not employ standard customer authentication protocols, such as the 3D Secure technology developed by the card brands, because it would complicate the user interface.
"Otherwise they would have extra pop-ups happening inside the UI," Gunday said. "And once you eliminate that you are more prone to risk and chargebacks."
Instead, Paymentwall has developed its own proprietary authentication technology that leverages consumers' Wi-Fi networks to which smart TVs are connected. "The geo location and device ID of the smart TV and so on verify that it is the user that we think it is," Gunday said.
Regardless of the hurdles facing smart TV payments, it is clear the omni-channel user experience will one day advance beyond smart TVs to smart refrigerators and smart kitchens, too.
Gunday said electronics giant Samsung contacted Paymentwall to investigate adding payment functionality to one of its refrigerator lines so that consumers could purchase such goods as milk and eggs from UIs built into the units. Gunday said such a potential application is still well into the future, but achievable.
The line-busting potential of in-app payments
Friday, November 7, 2014
N o consumer likes to wait in line. And even a restaurateur, who sees a line out the door every night as a symbol of a restaurant's success and popularity, worries that long lines will eventually turn valuable customers away.
Now, with the recent launch of Apple Inc.'s mobile wallet platform Apple Pay, the in-app payment capability is being seized upon as a powerful new way for retailers to reduce lines and wait times by allowing consumers to place orders remotely and pick them up at their convenience. The order-ahead feature can thus have the dual impact of decreasing in-store wait times while also making it a little easier for consumers to navigate their busy lives.
In October 2014, Apple iPhone- and iPad-based mobile POS solution provider NCR Small Business launched remote payment and order-ahead functionality for Apple Pay transactions on its NCR Silver POS system. A merchant-customizable mobile app, Silver Sidewalk, works in tandem with the POS terminal to facilitate orders. The NCR Corp. division, which is focused on supplying small and midsize businesses with mobile payment solutions, is making the order-ahead service available free to merchants until Jan. 1, 2015.
"There's been a lot of innovation in the food service – and to some extent in the retail and e-commerce space – for order and pick-up," said Justin Hotard, President at NCR Small Business. "We think it's a great opportunity. We've heard from our merchants in the food service space that it's really about skipping the line."
A 'sweet' solution
Order-ahead functionality seems especially appropriate for take-out businesses like pizza kitchens, certain restaurants and coffee shops, food trucks, and specialty food retailers – types of retailers that the Atlanta-based merchant service provider specializes in. One NCR Small Business client is Peterbrooke Chocolatier, which is based in Jacksonvile, Fla., and operates 23 stores in the southern United States. The chocolate purveyor was one of the mobile-POS provider's first customers to go live with order-ahead.
"They have a pretty large assortment of grab-and-go gifts," Hotard said. "What they found is that a fair number of their customers will come in and grab a box of chocolates as a gift or [for] an event. They kind of know what they want. And they want to just come in and grab and go. If they can order it on their phone on their way in, that's a huge convenience for them. It reduces that friction."
With Apple Pay, Peterbrooke doesn't have to enroll the customer in a loyalty program upfront or maintain its own proprietary mobile app via customers loading their bankcard data. "I don't shop at Peterbrooke's five times a week," Hotard said. "It's not the place I go everyday. I don't know if I'd actually want to put my credit card into their application. But if Apple Pay has already got my credentials, I can just use that to pay. [Customers are] much more likely to use their app."
NCR Small Business teamed with Jacksonville-based app developer iMobile3 LLC to build the Silver Sidewalk mobile app designed to facilitate mobile order-ahead transactions. "Our merchants don't have to go through the hassle of working with us to create their own application," Hotard said. The app provides store inventory and pricing, as well as a menu for food purveyors. And the app is integrated into Apple's Passbook, where bankcards and loyalty cards are stored on Apple devices.
When a customer launches Silver Sidewalk and pays for something online, the order is processed through the NCR Silver POS iPad terminal, and in-store pick-up is as seamless as possible. "When that order is pulled up, there's a verbal confirmation that occurs between the employee and the customer," Hotard said. "There are certainly other things that we can do. But today it's a verbal confirmation."
Skipping to the front of the line
All types of service providers are launching order-ahead applications. In March 2014, PayPal Inc. went live with order-ahead in the United Kingdom. The Starbucks Coffee Co. said it would begin testing its own version in its hometown of Portland, Ore., before the end of 2014 and launch the service nationally sometime in 2015. And quick service restaurant chain McDonald's launched the order-ahead Mac App in Austria in May 2014.
Also last May, Square Inc. unveiled Square Order and has been busy adding functionality to the app. It's latest addition is an arrival prediction feature that automatically calculates the time it will take for a customer placing a mobile order to arrive at the store for pick-up. Timing, of course, is everything when you order a latte ahead of time and expect it to still be hot when you pick it up.
"I think we're all at the beginning of this revolution," Hotard said. "Every merchant I've talked to, whether it's a larger multisite operator or some of our smaller merchants, they have customers that call them and place orders. They definitely get concerned that their lines are too long. And so we think this solves a pretty valuable problem and certainly enables a convenience for our merchant customers. That's why we are so excited about it."
View prior breaking news