GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Legislative outlook:
Some clouds but no rain

Patti Murphy
The Takoma Group


Industry Update

New fees, more money for Visa, MasterCard

RBS, Heartland PCI compliance revoked: What's next?

A token of payments to come

Raising the ACH bar

Virtucard for virtual goods


Bill Pirtle

Breaches across America
installment two

Selling Prepaid

Prepaid in brief

Boom time for prepaid game card market

Global payroll done with SaaS

The state of escheatment


Be the toast of hosts

Scott Henry

Sluggish economy spurs faster payments

Nasreen Quibria
Association for Financial Professionals

Mobile payments? Not yet

Biff Matthews
CardWare International


Street SmartsSM:
Who are you?

Jon Perry and Vanessa Lang

Pull back the expense curtain

Jeff Fortney
Clearent LLC

Downshifting to rev up sales

Christian Murray
Global eTelecom Inc.

PCI versus tricky technology

Michael Wright
Panoptic Security Inc.

Five magical questions in making sales

Daniel Wadleigh
Marketing Consultant

Company Profile

UseMyBank Services Inc.

Data Delivery Services Inc.

New Products

Instant mobile processing

MerchantWare Mobile
Company: Merchant Warehouse

A most literate check reader

Company: Parascript LLC


See it, believe it



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

April 13, 2009  •  Issue 09:04:01

previous next

Be the toast of hosts

By Scott Henry

We all know data security is as big a deal for small merchants as it is for large retailers. It is increasingly apparent that there is significant exposure to threats across the spectrum - from the vast numbers of small, independent retailers classified by Visa Inc. as Level 4 all the way up to giant retail chains at Level 1.

Many of us have thought there has to be a better way to deal with this security threat. And there is. It's called end-to-end encryption, and it could provide you, as an ISO or merchant level salesperson, a new revenue stream.

While the sophisticated criminal assaults on larger retailers and processors may dominate the headlines, it is the larger number of Level 4 retailers that represent easy pickings for fraudsters.

Most criminals aren't the sharpest blades in the drawer, nor the most industrious. Unlike the sophisticated hackers targeting retail chains, most of these small-time thieves are drawn to the easy buck - places where they can grab the biggest bounty quickly with the lowest risk.

That's why the vast number of smaller merchants represents such a tempting target: They generally have little if any security beyond what is already built into their payment terminals.

Processors and the card brands realize they can't afford to leave the Level 4 merchants out of the security picture.

There's just too much reputational damage caused from compromised cards, even if the actual monetary damages are relatively small.

Once large and mid-sized retailers adopt end-to-end encryption, which we believe is a given, the card brands and processors will want to include the smaller folks. Visa has already made it clear to acquirers that they are expected to ensure compliance among Level 4 merchants.

PCI DSS limitations

Most everyone now recognizes that Payment Card Industry (PCI) Data Security Standard (DSS) compliance represents just a snapshot in time. Once an auditor has signed off on a system, it could very well be out of compliance anytime between that moment and the next evaluation.

Increasingly, many on the retail side and the processing side realize that end-to-end encryption is the only truly secure method for card payment transactions.

Larger merchants will adopt the technology themselves or require their processors to implement it; mid-sized merchants want the protection but will wait for their processors to offer the service at their hosts. That, as usual, leaves out the little guys.

Processors, willingly or not, will roll out encryption services. If you only deal with one processor, that may be fine for you and your merchants; but if you deal with multiple processors, or just want the flexibility to swap processors at some future point, you'll need to be able to offer this capability independently. A hosted service provides the key to your future.

Much of the computerized world is marching, if not running, to take advantage of hosted services (also often referred to as managed services).

As devices increasingly are connected to the Internet, it becomes easier to take advantage of centralized services that are able to leverage the resources at those end points.

In this manner, it is far more cost-effective to deploy and manage advanced services such as end-to-end encryption. In fact, a hosted environment makes it possible to deliver right to the POS a wide range of application services - including value-added applications (loyalty, gift card and prepaid, for example) and cutting-edge solutions - without having to invest large sums of capital.

Transform the POS

Hosted services, which are managed from a Web-based gateway, can transform your POS offerings into new points of profit and dramatically enhance the value you provide to merchants across your region.

The hosted payment service model has many well-known advantages: It provides merchants a quick and easy setup process, fast transaction speeds, integration with existing POS terminals and minimal to zero up-front costs.

In addition to addressing the security issue, hosted services allow small and medium-sized merchants to grow their businesses by taking advantage of functions that were formerly available only to larger companies.

Of particular interest should be the ability to offer terminal gateway services such as:

In the restaurant market, for example, hosted services enable small restaurants to use separate pay-at-the-table systems utilizing either Wi-Fi or general packet radio service connectivity, as well as obtain sophisticated reporting and consolidation functions previously offered only through a more complex restaurant management POS system.

Terminal management, virtually

The ability to manage end-point terminals from a central location is what will enable you to offer small, independent merchants access to end-to-end encryption.

As card fraud issues continue to generate headlines, security will increasingly be a hot commodity.

You'll be able to offer access to the most sophisticated, most easily managed security for a relatively modest cost.

This type of solution is an ideal way to offer new revenue-generating capabilities - such as a security compliance fee - to merchants on a pay-per-use basis, without requiring large upfront investments in network infrastructure and application development. That will enable you to penetrate new markets, improve margins and earn new sources of revenue from merchant accounts.

In addition, the ability to expand your portfolio with services that can be offered for incremental monthly fees will help you establish strong relationships with merchants - relationships that help improve merchant retention.

Scott Henry is Director, North America Product Marketing, for VeriFone. He can be contacted at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios