The Green Sheet Online Edition

Data security gaps persist among Level 4 merchants

In continuing to monitor Level 4 merchant progress toward adoption of Payment Card Industry (PCI) Data Security Standard (DSS) best practices, ControlScan and Merchant Warehouse conducted an annual survey of brick-and-mortar, MO/TO and online merchants. Results from this year's survey of 603 merchants found gaps exist between brick-and-mortar and online merchants in terms of awareness and actions taken toward achieving PCI compliance.

"The four years' worth of data now in place show that Level 4 merchants have an urgent need for education and hands-on support to effectively protect their businesses from data thieves," said David McSweeney, Executive Vice President, Operations at Merchant Warehouse.

Level 4 PCI DSS compliance findings:

• 47 percent of respondents were unsure or not at all familiar with the PCI DSS.

• 70 percent of e-commerce merchants understand PCI DSS is mandatory.

• 52 percent of brick-and-mortar merchants understand it is mandatory.

• 70 percent of e-commerce merchants have completed PCI DSS validation.

• 45 percent of brick-and-mortar merchants have completed validation.

"Just under half of this year's respondents indicated they are unaware of the PCI DSS," stated Joan Herbig, Chief Executive Officer at ControlScan. "That finding, combined with the fact that 79 percent of respondents think their business has little-to-no risk of breach, indicates a serious disconnect between Level 4 merchants and the ISOs and acquiring banks serving them."

Overall, the survey found a majority of those familiar with the PCI DSS rank security as "medium" or "high" as an organizational priority. When all respondents were figured into the calculation, the overall PCI compliance rate for Level 4 merchants was 30 percent. Merchant commentary and actionable steps are also covered by the report.

Holiday cyber attack prevention strategies

Distributed Denial of Service (DDoS) protection services firm Prolexic Technologies published a new white paper that warns e-commerce businesses of DDoS attacks in the 2012 holiday season. Strategies for Surviving a Cyber Attack this Holiday Season examines the damage DDoS attacks can cause online businesses and recommends best practices to mitigate and minimize the impact of such attacks.

ATMIA polls industry

The ATM Industry Association, in conjunction with Kahuna ATM Solutions, plans to release results from the third annual U.S. Independent ATM Deployer (IAD) Survey next February during the 2013 ATMIA U.S. Conference and Expo. For the survey, IADs were polled online about legislative and compliance issues, Europay/MasterCard/Visa (EMV) standard and near field communication migration, and new products and services planned for release in 2013.

Payment convergence predicted

An ABI Research report titled Mobile Payments, NFC, and Contactless Convergence predicts near field communication (NFC) mobile payments will rise from $4 billion in 2012 to $191 billion in 2017. The report discusses market convergence between payment types, identifies market beneficiaries, and analyzes current trends, drivers and inhibitors across a host of potential markets that include ticketing, retail and loyalty, and other spheres.

TMG weighs in on EMV

A white paper from The Members Group entitled The EMV Roadmap: Designing Your Financial Institution's Plan outlines practical guidelines for financial institutions (FIs) considering migration to the EMV standard in response to card brand timelines for EMV adoption and ensuing changes in fraud liability.

"With liability shift timelines in place, financial institutions may feel compelled to implement EMV immediately," wrote co-authors TMG Director of Client Relations Matt Flynn and Brandon Kuehl, TMG Product Development Architect. "However, it's important to understand these timelines are not mandated."

The paper noted that during previous liability shifts, between 30 and 60 percent of merchants and issuers updated their technology in time to meet network deadlines. The authors recommended a pragmatic approach to EMV, urging FIs to prepare a thorough cost-benefit analysis when considering system upgrades that are EMV compliant.

Key points FIs should address include:

• How does the potential cost of fraud loss compare to investment costs for EMV upgrades?

• What is the value of top-of-wallet positioning among international cardholders?

• Which portfolio segments are best positioned for EMV?

• What costs will be born in training employees and cardholders on the new standard?

Once EMV is determined to be the right path, format selection is the next concern to address. Visa reportedly prefers chip-and-signature, while MasterCard prefers chip-and-PIN. The authors suggested hybridization of formats as a possibility.

One final option offered by the authors is that issuers choosing to migrate to chip-and-signature cards now can add chip-and-PIN functionality later. However, chip-and-PIN technology does not allow merchants to designate routing of PIN transactions, which conflicts with the Durbin Amendment to the 2010 Dodd-Frank Act and could exclude debit issuers from the EMV equation the authors noted

B2B e-commerce to outpace B2C

A Forrester Research Inc. report, Key Trends in B2B eCommerce for 2013, predicted U.S. companies and government agencies will purchase $559 billion online in 2013, outperforming business-to-consumer e-commerce spending projections of $252 billion for the year. Trends outlined in the report include refining the user experience, migration from offline to online channels and rising demand for talent in this arena.

Theoretical approach to payment behavior

A recent study presented by the Federal Reserve Bank of Boston discusses consumer behavior with regard to rapidly changing payment instruments and its relevance to policy interest. Explaining Adoption and Use of Payment Instruments by U.S. Consumers extrapolates from a cross-section of data to develop a structural model of adoption and use of payment instruments.

Banks roll with mobile

The third annual First Annapolis Consulting Mobile Banking and Payments Study revealed 81 of the top 100 U.S. FIs now offer some form of mobile banking. "The findings from the study indicate that banks are beginning to leverage their mobile applications to build a 'pathway to payments' by enabling features like bill payment and P2P," stated Paul Grill, Partner at First Annapolis Mobile Commerce & Alternative Payments.