The Green Sheet Online Edition
April 13, 2009 • Issue 09:04:01
Be the toast of hosts
We all know data security is as big a deal for small merchants as it is for large retailers. It is increasingly apparent that there is significant exposure to threats across the spectrum - from the vast numbers of small, independent retailers classified by Visa Inc. as Level 4 all the way up to giant retail chains at Level 1.
Many of us have thought there has to be a better way to deal with this security threat. And there is. It's called end-to-end encryption, and it could provide you, as an ISO or merchant level salesperson, a new revenue stream.
While the sophisticated criminal assaults on larger retailers and processors may dominate the headlines, it is the larger number of Level 4 retailers that represent easy pickings for fraudsters.
Most criminals aren't the sharpest blades in the drawer, nor the most industrious. Unlike the sophisticated hackers targeting retail chains, most of these small-time thieves are drawn to the easy buck - places where they can grab the biggest bounty quickly with the lowest risk.
That's why the vast number of smaller merchants represents such a tempting target: They generally have little if any security beyond what is already built into their payment terminals.
Processors and the card brands realize they can't afford to leave the Level 4 merchants out of the security picture.
There's just too much reputational damage caused from compromised cards, even if the actual monetary damages are relatively small.
Once large and mid-sized retailers adopt end-to-end encryption, which we believe is a given, the card brands and processors will want to include the smaller folks. Visa has already made it clear to acquirers that they are expected to ensure compliance among Level 4 merchants.
PCI DSS limitations
Most everyone now recognizes that Payment Card Industry (PCI) Data Security Standard (DSS) compliance represents just a snapshot in time. Once an auditor has signed off on a system, it could very well be out of compliance anytime between that moment and the next evaluation.
Increasingly, many on the retail side and the processing side realize that end-to-end encryption is the only truly secure method for card payment transactions.
Larger merchants will adopt the technology themselves or require their processors to implement it; mid-sized merchants want the protection but will wait for their processors to offer the service at their hosts. That, as usual, leaves out the little guys.
Processors, willingly or not, will roll out encryption services. If you only deal with one processor, that may be fine for you and your merchants; but if you deal with multiple processors, or just want the flexibility to swap processors at some future point, you'll need to be able to offer this capability independently. A hosted service provides the key to your future.
Much of the computerized world is marching, if not running, to take advantage of hosted services (also often referred to as managed services).
As devices increasingly are connected to the Internet, it becomes easier to take advantage of centralized services that are able to leverage the resources at those end points.
In this manner, it is far more cost-effective to deploy and manage advanced services such as end-to-end encryption. In fact, a hosted environment makes it possible to deliver right to the POS a wide range of application services - including value-added applications (loyalty, gift card and prepaid, for example) and cutting-edge solutions - without having to invest large sums of capital.
Transform the POS
Hosted services, which are managed from a Web-based gateway, can transform your POS offerings into new points of profit and dramatically enhance the value you provide to merchants across your region.
The hosted payment service model has many well-known advantages: It provides merchants a quick and easy setup process, fast transaction speeds, integration with existing POS terminals and minimal to zero up-front costs.
In addition to addressing the security issue, hosted services allow small and medium-sized merchants to grow their businesses by taking advantage of functions that were formerly available only to larger companies.
Of particular interest should be the ability to offer terminal gateway services such as:
- Consolidated reporting and transactions
- Automated updates to gateway-supported terminals
- Integration with customer relationship management services
- Flexibility to quickly take advantage of new processing features and options
In the restaurant market, for example, hosted services enable small restaurants to use separate pay-at-the-table systems utilizing either Wi-Fi or general packet radio service connectivity, as well as obtain sophisticated reporting and consolidation functions previously offered only through a more complex restaurant management POS system.
Terminal management, virtually
The ability to manage end-point terminals from a central location is what will enable you to offer small, independent merchants access to end-to-end encryption.
As card fraud issues continue to generate headlines, security will increasingly be a hot commodity.
You'll be able to offer access to the most sophisticated, most easily managed security for a relatively modest cost.
This type of solution is an ideal way to offer new revenue-generating capabilities - such as a security compliance fee - to merchants on a pay-per-use basis, without requiring large upfront investments in network infrastructure and application development. That will enable you to penetrate new markets, improve margins and earn new sources of revenue from merchant accounts.
In addition, the ability to expand your portfolio with services that can be offered for incremental monthly fees will help you establish strong relationships with merchants - relationships that help improve merchant retention.
Scott Henry is Director, North America Product Marketing, for VeriFone. He can be contacted at email@example.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.