GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

The Green Sheet turns 25

News

Industry Update

Payment ship navigates economic storm

A new PCI day

Moneris to acquire Humboldt

Revolution heats up

WSAA wows in paradise

When the pen is mightier than e-mail

Biff Matthews
CardWare International

Gift and loyalty, the year-end accelerant

Christian Murray
Global eTelecom Inc.

Views

When the pen is mightier than e-mail

Biff Matthews
CardWare International

No denial, no surrender

Scott Henry
VeriFone

Education

Street SmartsSM:
A day in the life of a successful MLS

Jason Felts
Advanced Merchant Services

Who moved my merchants?

Jeff Fortney
Clearent LLC

Gift and loyalty, the year-end accelerant

Christian Murray
Global eTelecom Inc.

The how, when, why of recruitment outsourcing

Curt Hensley
CSH Consulting

Escaping the PCI maze

Tim Cranny
Panoptic Security Inc.

Company Profile

International Merchant Solutions LLC

New Products

Out of the shoebox, into the server

Charge Anywhere Electronic
Wireless Signature Capture

Shield terminals in sticky situations

ExoShield Terminal Cover
Inventor: Michael Katsanevas

Inspiration

Shaping the story

Features

ISOMetrics:
Payments in brief: 1983 to 2008

Miscellaneous

POScprit

Departments

Forum

Higher risks mean higher rewards

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

October 13, 2008  •  Issue 08:10:01

previous next

No denial, no surrender

By Scott Henry

There's no denying that the U.S. economy has continued to weaken, causing retailers to slow spending and look for economies wherever they can find them. Meanwhile, "free terminal" programs, promising merchants something for nothing out of pocket, further squeeze your opportunities for upfront revenue. How do you differentiate the products you're selling in this type of environment?

As the old saying goes, "When the going gets tough, the tough get going." But you can't carve out a winning strategy through platitudes. Nor can most hope to find shelter in a price-cutting spiral.

It is indeed tough to differentiate in a down market when merchants are seemingly interested in nothing but price. That, in turn, creates significant compression in margins as ISOs struggle to hold on to market share and look for any edge in winning over customers of competitors.

While it may be tempting to focus on churning your competitors' ranks, competing only on cost in this environment amounts to a zero-sum game - what you do to others can just as easily be done to you.

Differentiated cost savings

The trick is in finding savings for your customers that don't further erode your margins. And there are two key areas where you can help out your merchants and still turn a tidy profit: communication costs and security implementation.

It's estimated that 40 to 50 percent or more of U.S. merchants have access to DSL service or other broadband connectivity. Yet less than a third are believed to be using Ethernet connections for their payment systems. Retailers who are already using broadband in their back rooms to connect their PCs can quickly lower communication costs by extending that broadband connection to their payment devices.

In addition to cutting back on dedicated lines, Ethernet connectivity provides retailers the ability to shave precious seconds at checkout. This will increase the effectiveness of their sales, while also cutting back on customers who turn away when they see a line at the counter. These are hard dollars that you can easily translate into almost instantaneous return on investment on terminal replacements.

Then there's the magic of wireless. Many merchants don't yet have a clue that they can get faster, more portable electronic payment capabilities at competitive, even lower cost than what they're now paying for dedicated phone lines.

Cellular carriers have developed aggressive service plans that recognize the unique nature of very short transaction transmissions. Plus some processors are eagerly encouraging the transition to wireless with lower processing fees than dial.

Recurring revenue streams for transaction-based services are pennies on the dollar, if that. Tapping into the revenue stream for wireless communications will not only exceed the return of transaction-based revenue, it will allow you to become more competitive with your buy rates, while saving the customer communication costs and increasing your margins.

Security raising the bar

To death and taxes, we can now add a third inevitability: security requirements. And they will always be greater in the future.

Large retail organizations have largely been brought to the altar of security - albeit often crying and dragging their feet. The payment networks have set in place the security mandates that enable them to shift liability for data breaches to merchants. In some cases, the penalties can add up to millions of dollars, more than enough to justify the investment in updated payment systems that meet more stringent requirements.

Small and mid-size merchants, for the most part, have, until now, had a free ride on security. But that's changing. The card brands have delegated to acquirers the responsibility of determining which of their lower tier merchants are in compliance. Just because a merchant is not mandated to submit to a costly security audit doesn't mean that the merchant can't be required to do so.

Many smaller merchants may mistakenly believe they aren't required to be compliant with the various Payment Card Industry (PCI) Data Security Standard (DSS) requirements. But that couldn't be further from the truth.

All merchants fall under PCI mandates, and eventually the hammer will come down on the smaller guys. When it does, the impact on an individual small merchant will likely be more devastating than it would be on a larger retailer: A business like TJX Companies Inc. has deep pockets and a broad enough footprint to absorb fines and lawsuits; the smaller merchant is more likely to be driven into bankruptcy over a breach.

Security value-add

Security should fit in your value added applications portfolio. Merchants today need a security consultant to keep up with the PCI mandates and to figure out what applies to their specific situations. That consultant should be you, and you should be able to generate revenue accordingly.

The new Payment Application DSS, based on the former Visa Inc. Payment Application Best Practices (PABP), provides a foundation for the PCI Security Standards Council (SSC) to more rigorously enforce requirements over payment software applications.

PABP applied to PC payment applications, but the PCI SSC has opened the door to terminal applications. To avoid PA DSS mandates, the terminal on which an application resides must:

  1. Have no connection to any of the merchant's systems or networks
  2. Connect only to the merchant's acquirer or processor via a private line

In addition, the payment application vendor must provide secure remote updates, troubleshooting, access and maintenance. And sensitive authentication data must never be inappropriately stored.

It seems clear that more and more terminals and applications will fall under PA DSS as the industry and the regulations evolve. How will a merchant understand what's covered and what isn't? Simple - he or she will increasingly turn to you.

One area where terminal churn is going to be a viable, indeed lucrative, opportunity is in the upgrade of older wireless equivalent privacy (WEP) installations to Wi-Fi Protected Access (WPA and WPA2). In its summary of the upcoming PCI DSS standard, the PCI SCC essentially banned WEP standalone use as of June 2010. (New installations of WEP are prohibited after March 1, 2009).

Taking this message to market will not only demonstrate your position as consultant to the merchant and solidify your standing as an industry knowledge expert, but also provide a tremendous opportunity to churn the market and obtain new business.

Cashing out

Concerns over the compromise of card data that have plagued large retail operations are producing a new opportunity: Organizations that previously opted to integrate card acceptance into electronic cash register (ECR) retail schemes are recognizing they have left themselves vulnerable to PCI DSS violations.

Because these legacy ECR software environments were largely crafted before storage of cardholder data was restricted, these organizations either have to completely revamp that software.

Or, they can separate the card acceptance process by letting the payment terminals handle the entire credit/debit payment cycle. This opens up a wide ranging opportunity, at least with small and mid-size multilane outfits.

So, while it's true an economic downturn crimps investment, it by no means should put an end to forging ahead with differentiated selling.

Merchants increasingly realize they cannot afford to put off investments in areas that improve sales and close off security gaps. The issue is how you go about capitalizing on those opportunities.

Scott Henry is Director, North America Product Marketing, for VeriFone. He can be contacted at scott_henry@verifone.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.