The Green Sheet Online Edition
August 24, 2009 • Issue 09:08:02
Processing continuity: Threats and remedies
Even in the best of times, no business can afford to be without a contingency plan. Disaster recovery has become an industry unto itself, offering training, certification and outsourced solutions to protect businesses of all sizes from interruptions of service.
So, how can merchant level salespeople (MLSs) address merchants' concerns about continuity in credit card processing? Here are the top five threats to processing continuity and five tried-and-true responses to them:
Threat 1: Environmental disasters
Global warming, earthquakes, hurricanes, tornadoes, tsunamis and volcanoes have wreaked havoc around the world, putting additional strain on infrastructure and relief agencies. Meteorologists predict more extreme weather events and encourage adoption of emergency preparedness in public and private sectors.
Response - redundant network systems: Most business owners recognize the importance of co-locating critical business data; our industry is no exception. Credit card processing networks have regionally diverse, mirrored front-end and back-end networks designed to automatically replace each other during routine maintenance or system failures.
Merchants can go further by using virtual terminals and Web-based tools to supplement their systems. For example, if a battery fails on a mobile credit card terminal, a laptop computer with an air card (a device that enables wireless Internet access) and card reader could continue processing by using a virtual terminal or installed payment application.
This secondary terminal would have the same merchant identification number and bank relationship as the primary terminal; transactions would be viewed from the same secure Web portal.
Threat 2: Organized or deliberate disruption
Beyond the threat of terrorism, constant churn exists in real estate markets as businesses relocate. What processes can help companies stay in business during a move?
Response - mobility strategy: Merchants are accustomed to mobile payment processing for a number of reasons: Mobile workers accept card payments at points of service and points of delivery. Seasonal merchants process transactions during limited engagements and store or return equipment when not in use. Consultants process payments wherever they work instead of waiting until they return to their offices.
Business continuity is another compelling reason to establish a mobility strategy: When merchants relocate, travel or participate in special events, mobile payment devices seamlessly process payments without creating additional work for the back office. Whether they use mobile payment terminals, smart phones or laptops paired with card reader peripherals, merchants get the advantage of lower swiped rates, increased security and speed.
Threat 3: Loss of utilities or services
Outages and blackouts are a fact of life in big cities during peak usage periods and in rural communities during extreme weather. Expect the unexpected when using electricity, dial phone lines, cellular networks and Ethernet connections.
Response - redundant hardware solutions: Dual-communication technology protects merchants from communication failures. Credit card terminals with dial and Ethernet transmission control protocol/Internet protocol ports are designed to "fail-over" when a primary communications protocol shuts down.
Other dual-communication models have connectivity to both dial and cellular networks. The frequently overlooked countertop wireless terminal is preferred by some merchants for the speed and low cost of wireless networks over slower, more expensive dedicated dial lines. The dial port of the terminal, connected to a fax or company line, would be used only if cellular connectivity is lost.
Dual power supplies provide alternative energy sources during power failures. A terminal that can be powered by either electricity or battery power pack is an asset for merchants in remote locations with uneven electricity and frequent power surges.
It's a good habit to recommend surge protectors to all merchants to maintain the integrity of their processing systems. This is especially true for merchants who use backup generators, which are known to "spike," creating power surges that can compromise even the toughest POS devices.
Threat 4: Equipment failure
The payments industry sets high standards for credit card terminals. The Payment Card Industry (PCI) PIN Entry Device (PED) standard regulates how devices process online, PIN-based debit transactions. Payment hardware and software have to be certified by processors.
Class A certifications include branded documentation such as quick reference guides and trained support professionals who download, troubleshoot and provide online and help desk support.
Class B certifications acknowledge that incoming transactions can be authorized and settled by a processor's host network; support issues are directed back to the manufacturer and ISO. MLSs are trained by ISOs, value-added resellers, processors and manufacturers on product features and benefits and on how to sell them to merchants.
Obviously, selling refurbished equipment carries more risk of failure. Sometimes even new technology that comes with a manufacturer's warranty can be a lemon.
Response - backup plan: Although most MLSs promote equipment replacement programs, overnight replacements may include some downtime and risk of lost sales. How frequently does a next-day shipment become a second day-shipment due to carrier error or a missed shipment deadline? Immediate replacement is preferable to next-day replacement. Offer merchants additional protection: a spare credit card device, virtual terminal or manual imprinter to stand in during an emergency.
Threat 5: Security breach
Credit card fraud and identity theft are the highest risk factors in credit card acceptance. High profile security breaches at major retailers have led to further initiatives by card brands and processors to regulate procedures for transmitting, processing and storing cardholder data.
Response - mandate PCI DSS compliance: Educating merchants on the benefits of using industry best practices and the PCI Data Security Standard (DSS) has never been more important.
The PCI DSS regulates how to build and maintain secure networks, protect cardholder data, manage vulnerability, implement access control measures, monitor and test networks, and maintain an information security policy. For more information on the PCI DSS, Payment Application DSS and PCI PED, as well as how to help merchants choose certified and compliant solutions, visit www.pcisecuritystandards.org.
If it pays to expect the unexpected, then strategies for processing continuity will keep on paying for many years to come.
Dale S. Laszig is a writer and payments industry executive with a diversified background in sales and marketing. Her company, DSL Direct LLC, helps industry professionals and business owners leverage electronic transaction technology. She can be reached at 973-930-0331 or firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.