Updated: Friday, September 26, 2014
Harbortouch CEO says Apple Pay more than NFC
T he launch of Apple Inc.'s near field communication (NFC) -capable mobile payment scheme, Apple Pay, in conjunction with the debut of the iPhone 6, has been hailed as the future of contactless, in-store payments. But Jared Isaacman, Chief Executive Officer at merchant services firm Harbortouch, said Apple Pay will go well beyond NFC in transforming the consumer's in-store payments experience.
"NFC really has very little to do with what Apple Pay is about," Isaacman said. "Real" Apple Pay, according to Isaacman, involves in-app payments that require no NFC-equipped POS terminals and, in fact, require no terminals at all.
"The consumer just presses their thumb on the Touch ID screen and the transaction is complete and it's synched to their default address," Isaacman said. "You don't have to enter anything. No user name, no password, no credit card number. That's called an in-app purchase. And that's the key integration. And that has significant implications beyond just e-commerce. That is Apple Pay right there."
By streamlining the physical payment process, or better yet rendering it nearly invisible, a transformation of the entire retail experience could be achieved. "You need NFC to have a digital wallet," Isaacman stated. "You're not going to do in-app functionality if you're just at a convenience store trying to buy a can of Coke and leave. NFC more than solves that problem. But there's an in-app capability that solves even a bigger problem, that makes the user experience even better."
Close collaboration with Apple
The Sept. 9, 2014, launch of Apple Pay spurred many payments companies to announce that their hardware and software solutions supported Apple Pay and NFC payments. Harbortouch issued its own statement saying that the POS provider's proprietary Perkwave terminals have the same capability, which Isaacman said puts Harbortouch on par with every other service provider that deploys NFC terminals.
"So, great, we're compatible in that regard," Isaacman said. "And that's awesome. But that's not what Apple had in mind when they said they are going to get rid of the old wallet."
Harbortouch is best known for the restaurant-specific POS system that bears its name. Mentioned in Harbortouch's announcement was a provocative statement about the company's close development activities with Apple prior to the unveiling of Apple Pay. "Our new program, operating in sync with Apple Pay, is sure to transform the way consumers conduct payments in the hospitality and restaurant environment," Isaacman said in the statement.
Harbortouch will get into specifics about its new Apple Pay integration at its Accelerate 2014 Sales Conference to be held in New Orleans on Oct. 2. But Isaacman partially lifted the veil nonetheless, with mobile loyalty and rewards functionality front and center. He said that, more than cheaper rates or any particular value-added service, what merchants really want from their payment service providers is a way to grow businesses by increasing customer loyalty and repeat business.
Isaacman said deeper integration provided by Apple Pay will more precisely quantify rewards and loyalty programs, so that a merchant who spent $2,000 on rewards and incentives per month can see that those investments led directly to $20,000 in additional monthly revenue. "That's very powerful," he added. "That's where you're going to see Apple Pay take this ultra convenient payment to the next level."
Tech, front and center
Harbortouch's evolution from a traditional ISO when Isaacman started the business 15 years ago to more of a technologically-focused POS software vendor today has mirrored, if not foretold, the dramatic changes taking place in the payments industry. Businesses once comfortable in particular siloes of expertise, such as acquirer, processor or reseller, are being forced to transform into holistic merchant services firms offering integrated solutions that run merchants' entire businesses. That process of convergence will only speed up in the coming years, according to Isaacman.
"There's not going to be ISVs [independent software vendors] anymore," he said. "And there's not going to be POS resellers… It's not just going to be credit card ISOs anymore. Everybody is going to wear the same hat in the payments space and you either get it or you don't."
The rise of Money 2020 as the premier payment conference, dominated by tech giants like Microsoft Corp. and Google Inc., is one sign of the changing payments landscape, Isaacman said. He added that the launch of Apple Pay is just another sign of how technologically sophisticated solutions are what will increasingly drive merchant services, and traditional ISOs better get on board.
"Merchants need technology in order to integrate with advanced in-app functionality, like what Apple Pay can do with mobile rewards and mobile loyalty," Isaacman stated. "And you've got to get smart on it. They have to change; it's not about rates and fees anymore. Credit card processing rates could largely become irrelevant at some point. This is about technology. Some will get it. And some will think, 'Well, I'll just continue doing what I'm doing because that's worked for 10 years.' And they are going to wind up in trouble."
Retailers make mobile a priority
Tuesday, September 23, 2014
W ith Apple Inc.'s launch of its own near field communication (NFC)-based mobile wallet scheme, Apple Pay, the m-wallet ecosystem all of a sudden looks brighter. On the heels of Apple's Sept. 9, 2014, announcement, national retailers made news concerning mobile payment implementations, underscoring how mobile is transforming the retail environment.
Department store operator Macy's Inc. and quick service restaurant chain (QSR) Subway recognize that mobile payments and other mobile-based applications are impacting the retail experience. In a Sept. 15 announcement, Macy's said it will support Apple Pay, pilot a same-day delivery service, launch new apps to take advantage of web functionality and expand the use of radio frequency identification (RFID) tags for its fashion apparel merchandise.
Terry J. Lundgren, Macy's Chairman and Chief Executive Officer, characterized the company's moves as geared to leveraging mobile applications to deliver an omnichannel customer experience and in that way keep Macy's relevant to mobile device users.
"Our goal remains to help our customers shop whenever, wherever and however they prefer, and to use the entire inventory of the company to satisfy demand," Lundgren said. "We are a multi-faceted retailer with stores, technology, Internet capability and mobile access that come together for our customers. They are at the center of all our decisions, and our ongoing research and development will continue to help us understand how to personally engage with them."
Macy's reported that its stores, as well as Macy's-owned Bloomingdale's stores, will be able to accept Apple Pay transactions beginning in the fall. "The convenience of mobile payment at the point-of-sale is becoming increasingly interesting to customers, and Apple Pay offers an opportunity to further simplify the point-of-sale process…," Macy's said.
More mobile moves
In the fall, Macy's will also roll out a same-day delivery pilot program that leverages mobile technology. The service will be offered to customers in eight cities: Chicago, Houston, Los Angeles, New Jersey, San Francisco, San Jose, Seattle and Washington, D.C. Deliveries will be managed by crowdsourcing delivery provider Deliv, with several mall operators, including General Growth Properties Inc., Macerich, Simon Property Group LP and Westfield Corp., taking part in the pilot.
Additionally, Macy's is testing new handheld POS devices and tablets in Georgia and New Jersey stores. By equipping sales associates with the devices, Macy's hopes to improve the in-store shopping experience. Another improvement to that experience is in the form of "smart" fitting rooms, where wall-mounted tablets are used to scan merchandise items so customers can see how accessories can, as Macy's put it, "complete the look."
Yet another Macy's implementation involves enhanced shopping apps. One new app called the Macy's Image Search allows customers to "search the merchandise assortment on macys.com by taking and submitting a photograph of any outfit, accessory or merchandise item they see in daily life," Macy's said.
Macy's has also launched a mobile wallet designed to allow users to store coupons and loyalty offers that can be easily accessed in whatever environment, virtual or brick-and-mortar, that customers are shopping in. "Storing this information in a single destination eliminates the need for physical versions of special discount offers or other shopping incentives," Macy's said.
Furthermore, the retailer reported that RFID technology has increased efficiency and boosted sales, as the tags provide Macy's actionable data about what store items are most popular. Macy's said, "In recent omnichannel pilots in fashion categories – social dresses, men's sportcoats and men's slacks – Macy's documented RFID's ability to significantly improve sales, gross margins and markdowns by better leveraging inventory counts that are real-time and accurate."
Finally, Macy's is expanding its use of Bluetooth low energy (BLE) technology through its partnership with Redwood City, Calif.-based shopkick. The shopping app developer offers shopBeacon, which leverages Apple's iBeacon technology for location-based devices that plug into wall sockets and establish remote connections with users' Apple smartphones, allowing for the automatic download of offers and discounts to Apple's Passbook mobile wallet.
Macy's said it will be enabling this BLE solution nationwide starting in the fall, with enhancements to the program expected in early spring 2015.
Softcard goes subbing
With the rise of the Middle East terror group calling itself ISIS, the mobile wallet scheme of the same name decided to rebrand to Softcard. The new name comes with a new partner – the submarine sandwich chain Subway.
In October 2014, Subway and Softcard will launch NFC payments nationwide in over 26,000 Subway locations in the United States, marking one of the largest U.S. deployments of NFC-based payments. Via the Softcard app, consumers will be able to pay for meals contactlessly using their mobile devices.
Softcard, which is a joint venture of AT&T Mobility, T-Mobile USA Inc. and Verizon Wireless, is integrating both American Express Co.'s Serve reloadable prepaid card and Subway's own rewards card for the delivery of discounts and special offers. The Softcard app operates with Softcard's proprietary SmartTap technology embedded into POS terminals to enable NFC payments.
The partners cited a recent National Restaurant Association survey that said four in 10 young-adult consumers would likely pay for meals at QSRs with mobile devices if they could.
Alibaba IPO takes investors on magic carpet ride
Friday, September 19, 2014
A libaba Group Holding Ltd., which operates the largest overall e-commerce presence in the world, debuted on the New York Stock Exchange on Sept. 19, 2014, with an over two-hour delay in its initial public offering caused by a repeated upward revision of the stock's price per share. With Alibaba's shares now trading at well over 30 percent higher than initially set, a strong new competitor has emerged with designs on disrupting the U.S. e-commerce marketplace.
Alibaba was initially priced at $68, but excitement for China's e-commerce giant resulted in the share price opening at $92.70. Once trading finally got under way, almost at noon eastern standard time, shares soared to $99.70 before settling back to around $90 in early afternoon trading. More than 100 million shares of Alibaba were reportedly traded in the first 20 minutes of trading, and the IPO raised $21.8 billion, surpassing Visa Inc.'s IPO of $17.8 billion in 2008 and Facebook Inc.'s $16 billion raised in 2012.
Alibaba, founded by high-profile entrepreneur Jack Ma, has been characterized as China's equivalent of Amazon.com Inc., eBay Inc. and eBay-owned PayPal Inc., all rolled into one, with a touch of Google Inc. thrown in. Alibaba operates several e-commerce businesses in China, including Alibaba.com, Taobao Marketplace and Tmall.com (formerly Taobao Mall). Alibaba also runs its own search engine, eTao, and a PayPal-like online payment service, Alipay.
Unlike Amazon, which buys goods from suppliers and resells them to consumers, Alibaba operates more like a middleman, connecting consumers to retailers in the spirit of eBay, but without functioning as an auctioneer. Taobao is considered Alibaba's largest e-commerce site, with approximately 760 million product listings from about seven million sellers. But retailers don't pay to sell on Taobao, rather they pay Alibaba for advertising and Google-like search engine optimized rankings.
Taobao is primarily for small merchants, while Tmall showcases larger businesses, like Apple Inc. and The Gap Inc., which opened Tmall storefronts in 2014. Unlike Taobao, Tmall charges retailers transaction fees. It has been reported that, in 2012, the combined transaction volume of Taobao and Tmall surpassed 1 trillion yuan (about $163 billion), more than Amazon and eBay combined.
The final piece of Alibaba's puzzle is Alipay, which has become the dominant third-party online payment provider in China. Alipay operates as an escrow service; consumer funds are held and only remitted to sellers once consumers receive, and are satisfied with, the goods that they paid for. Through Alipay, Alibaba also provides interest-bearing savings accounts for its users.
China's payments 'dragon'
In a September 2014 webinar, Alipay: The Chinese Dragon Beyond The Great Wall, Mercator Advisory Group lifted the veil on the so-called PayPal of China. Tristan Hugo-Webb, Associate Director of Mercator Advisory Group's International Advisory Service, said Alipay is what binds all of Alibaba's businesses together and is critical to Alibaba's ambition of becoming "the center of the online universe."
Alipay is no longer part of Alibaba Group, but is a separate entity still controlled by Jack Ma. The financial services firm was founded in 2004. By 2007, Alipay was processing an average of 800,000 transactions a day, with a daily transaction volume of $20 million, according to Hugo-Webb; by 2010, Alipay's daily numbers had risen to 40 million transactions and a transaction volume of $102 million. On Nov. 11, 2013, China's equivalent of Valentine's Day (referred to as Singles' Day), Alipay set a record by processing 171 million payments in a 24-hour period, Hugo-Webb said.
Hugo-Webb compared Alipay to its natural rival in the U.S. market, PayPal. The eBay subsidiary is considered the most popular online payment method in the United States, with 62 percent of online consumers having a PayPal account, Hugo-Webb noted. But PayPal averages only 8.8 million payments processed per day.
With China's total population of 1.35 billion, Alipay has a larger potential customer base to draw from than the 314 million for PayPal in the United States. However, Alipay only represents 50 percent of China's market, Hugo-Webb said. It is also rapidly expanding into the mobile realm; by February 2014, Alipay was processing 18 million mobile payments per day, Hugo-Webb added.
He noted that Alipay is aggressive in funding consumers' mobile wallets. When users open the wallets, Alipay automatically conducts a funds transfer from linked accounts to wallets so that money is always available to wallet users, Hugo-Webb said.
Alibaba's U.S. prospects
The size and scope of Alibaba makes it a fearsome competitor to U.S. e-commerce firms like Amazon and PayPal. Additionally, the excitement over its IPO shows that investors are confident Alibaba will be successful in its bid to penetrate the highly competitive U.S. marketplace. However, Alibaba may have difficulty gaining traction and market share because of inherent growth constraints placed on it by an already mature market.
Ken Wisnefski, Chief Executive Officer at digital marketing agency WebiMax, said, "Their margins are already high. They are amazing. But is there much more opportunity for upside from them? They are not going to be able to control that type of margin in the United States. There's already a large player here in Amazon."
Alibaba will find it hard to chip away at Amazon's dominance, Wisnefski added, with Amazon's customer loyalty beginning to rival the loyalty enjoyed by Apple Inc. "The brand loyalty with Amazon is something that is going to make it difficult for Alibaba to really be able to penetrate that space," he said.
Additionally, Alibaba could run into problems attracting U.S. merchants to its online sellers' marketplace. Wisnefski likened Alibaba's challenge to how U.S. retailers use search engine competitors to Google. "When you look at even advertising, we've got a lot of clients that do a lot of work on the Google paid services," he said. "It doesn't exclude them from doing work on the Bing and Yahoo! networks. But they don't allocate as much of the budget towards it. It's not as much of a focus."
Given the maturity of the U.S. online marketplace, with well-established players not likely to be deposed any time soon, Alibaba may be content to play a smaller role. "There's a lot of money to be had here playing second fiddle," Wisnefski said. "I could see that being a strategy."
Flawed coding blamed for recent data breaches
Tuesday, September 16, 2014
T he proliferation of data breaches at major U.S. retailers is a direct result of poorly coded software, according to a software analysis and measurement firm. The global data analytics firm, CAST, said seven out of 10 retail and finance applications are vulnerable to the Heartbleed-style malware attacks that have caused havoc among U.S. retailers nationwide in recent months.
CAST revealed in its 2014 CAST Report on Application Software Health (CRASH) that financial and retail industry applications are the most vulnerable to data breaches, with 70 percent of retail and 69 percent of financial services applications having "data input validation violations" that can lead to breaches. "This is particularly concerning, considering the amount of personal and financial customer data often held in applications across these industries," CAST said.
Lev Lesokhin, CAST Executive Vice President, described faulty code as a product of rushed deadlines faced by IT staff. "So long as IT organizations sacrifice software quality and security for the sake of meeting unrealistic schedules, we can expect to see more high-profile attacks leading to the exposure and exploitation of sensitive customer data," he said.
FI security coding fails
A Trustwave 2012 slide presentation entitled "Whitelist is the New Black" defined input validation as the "process of verifying the correctness of data supplied to an application before using that data." The data security firm noted that input validation is the hardest part of ensuring applications are secure. "Most vulnerabilities are a result of user-controlled data not being validated, or not being validated appropriately," Trustwave said.
CAST said poorly written code that did not properly validate data resulted in the notorious Heartbleed malware attack, which exposed over 60 percent of the Internet's servers to potential attacks. "As of June, 21, 2014, it's estimated that 309,197 public web servers still remained vulnerable," the researcher noted.
In its CRASH report, CAST singled out the financial services industry for the worst coded applications, the most surprising finding of the report. "[T]he data showed that the financial services industry has the highest number of input validation violations per application (224) even though their applications, on average, are only half as complex as the largest application scanned," CAST said.
Dr. Bill Curtis, Chief Scientist at CAST and CRASH report author, believes CAST's findings discredit the idea that software security and software quality are mutually exclusive. "The CRASH Report data proves this is false," he said. "Badly constructed software won't just cause systems to crash, corrupt data and make recovery difficult, but also leaves numerous security holes."
Home Depot the latest victim
In April 2014, the Heartbleed bug was detected by Trustwave in the popular OpenSSL security protocol, which is described as a cryptographic library used in securing e-commerce sites, email services and file transfer protocol programs. The bug is a weakness in the code that can be exploited by hackers to circumvent encryption and gain access to sensitive cardholder and enterprise data.
Heartbleed had reportedly gone undetected for over two years, time in which hackers could exploit the weakness to steal SSL certificates that establish encrypted communications for such activities as consumers making online purchases with bankcards or when administrators log onto networks.
The most recent big breach occurred at The Home Depot. The home improvement retailer said it first learned about the breach on Sept. 2, 2014, from law enforcement and its banking partners, and that the compromise began the previous April, affecting its U.S. and Canadian stores, but not its operations in Mexico, nor customers shopping via its online store.
Security reporter Brian Krebs wrote in a Sept. 14 post on his KrebsonSecurity blog that multiple financial institutions reported a steep increase over the past few days in ATM withdrawal fraud using data stolen from Home Depot customer accounts. While the retailer reassured customers that no debit card PIN data was compromised in the attack, Krebs noted that fraudsters can use other types of data that was stolen, such as ZIP codes, to reset debit cardholders' PINs via automated phone systems that employ weak cardholder authentication methods.
"The card data for sale in the underground that was stolen from Home Depot shoppers allows thieves to create counterfeit copies of debit and credit cards that can be used to purchase merchandise in big-box stores," Krebs wrote. "But if the crooks who buy stolen debit cards also are able to change the PIN on those accounts, the fabricated debit cards can then be used to withdraw cash from ATMs."
In the wake of the breach coming to light, a class-action lawsuit in the Atlanta district court was filed by the Georgia law firm of Harris Penn Lowry LLP. The suit alleges that Home Depot did not inform its customers of the breach until after Krebs broke the story on his blog site.
Apple Pay may set mobile payment security standard
Friday, September 12, 2014
A pple Inc. is known for setting trends, if not defining whole new market categories, as represented by the iPhone and iPad. But now, with the Sept. 9, 2014, launch of the iPhone 6, and Apple's first foray into the wearable device market with the Apple Watch, the tech giant has come out with a mobile contactless payment system called Apple Pay that could potentially set the standard for mobile security for the entire marketplace. By defining the security standard that wary consumers buy in to, the market for mobile contactless payments at the POS may finally take off.
Here's an excerpt from Apple's statement: "Apple Pay will change the way you pay. When you add a credit or debit card with Apple Pay, the actual card numbers are not stored on the device nor on Apple servers. Instead, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element on your iPhone or Apple Watch. Each transaction is authorized with a one-time unique number using your Device Account Number and instead of using the security code from the back of your card, Apple Pay creates a dynamic security code to securely validate each transaction."
Apple Pay leverages near field communication (NFC) technology embedded in smartphones to conduct contactless, in-store payments. Customers' sensitive payment data is tokenized and stored within the secure element of the NFC chip. When users pay with their phones at the POS, one-time tokens are generated in the place of the payment data. When Apple's biometric fingerprint scanning technology, Touch ID, is added to the mix, a potent security environment is erected around mobile payments.
Redefining card present
Randy Vanderhoof, Executive Director of the Smart Card Alliance, said, "[Apple Pay] really raises the bar on secure implementation of payments, because adding the biometric authentication to the transaction provides a much more secure validation to the merchant and to the issuing bank that the proper individual is making the payment transaction – and that they can trust that transaction."
Vanderhoof added that the card brands recognized the higher degree of security associated with Apple Pay and "rewarded" Apple with the lower card-present interchange fee, even though mobile contactless transactions are by literal definition card-not-present (CNP) and subject to higher fees. "So they are redefining the definition of card-present here," Vanderhoof said. "They're doing this because Apple is able to provide the same, in fact more, security, to the payments network that would normally exist when the physical card is involved."
Because CNP transactions are considered more prone to fraud, they are placed in a higher interchange category, which translates into merchants paying more to accept CNP transactions.
In analysis of Apple Pay, Alcaraz Research said, via the Seeking Alpha website, that the 15 to 25 basis point discount the card brands have provided to Apple Pay transactions means that "Apple Pay processing fees can just be around 1.25 to 1.35 percent, much lower than PayPal's card-not-present transaction fee of 2.7 percent."
Vanderhoof noted that Google Wallet transactions also fall into the CNP interchange fee category because no comparable security protocols are in place, as Android-based phones are not equipped with biometric security technology.
Boon to the market
But the benefits of the Apple Pay security ecosystem to Apple, and the 220,000 U.S. retail locations that already accept contactless payments, will potentially extend to the entire mobile payments marketplace. Vanderhoof said the lower interchange category will act as an incentive for Apple to more aggressively market Apple Pay, which will result in more consumers wanting to use it and more merchants wanting the ability to accept it, creating a momentum of adoption and usage.
"It certainly does provide a very strong incentive for Apple to invest more marketing clout behind the wallet solution, which will then create more mobile payment transactions, which will replace the less secure magnetic stripe transactions more quickly," Vanderhoof said, "So the benefits are then going to be shared across the entire market; merchants and issuers are going to benefit from the higher security and the less likelihood of fraud by the way Apple has implemented Apple Pay."
It won't take many consumers coming into stores and asking if merchants accept Apple Pay for reluctant retailers to reconsider upgrading terminals to accept contactless payments. "I think merchants are probably going to be rethinking the future of NFC and contactless payments with this announcement," Vanderhoof said. "The previous implementations of NFC and mobile wallets hasn't had a real big impact on consumers, and therefore it hasn't caught the attention of too many of the merchants.
"But now with Apple jumping into the fray, it may give [merchants] further reason to upgrade their point of sale to be NFC capable and perhaps turn that NFC acceptance on sooner than they may have."
Additionally, Apple has created a security and mobile payment model that competitors can emulate. "It certainly is a model to consider for other solution providers to step up their creative ways to demonstrate a stronger link between a cardholder and the payment transaction, like Apple is doing with their biometric Touch ID," Vanderhoof stated.
However, Vanderhoof cautioned against rushing to crown Apple Pay the dominant mobile payments scheme. "With any new payments player in the market, and changes that happen in the direction by which consumers can transact at the point of sale, it takes some time for those new features to catch on and be fully vetted and operational."
But the stars seem to be aligning nonetheless. "I would say the signals are very good for what Apple has done, but it's a little bit too early to put a flag in it and call it a huge success or a huge game changer," Vanderhoof said.
View prior breaking news