As traditional and emerging payment providers scrap over many aspects of the mobile-payments infrastructure being built in the U.S., an overriding concern for consumers and industry leaders for emerging payments of all types continues to be security.
First Data Corp. is working with merchants through its TransArmor service to keep thieves bent on stealing data at bay, and one Canadian software company says it soon plans to support the product.
Through TransArmor, when a consumer swipes a card at a payment terminal, his account information immediately is replaced in the merchant’s system with a token number fraudsters should find useless, and the transaction is encrypted throughout the process.
Because the merchant is not holding on to the customer’s information, it’s theoretically less responsible for security, less vulnerable to an Epsilon-style data breach (see story) and less bound to the requirements of the Payment Card Industry data-security standards.
Some 230,000 merchants use the TransArmor technology, which became available two years ago. It also works with some mobile-payment technologies such as VeriFone’s Payware Mobile, and vendors could integrate it with newer mobile-payment technologies such as Square and PayPal Inc.’s new Triangle device, though none has done so yet.
AJB Software Design Inc., a Mississauga, Ontario-based provider of payment processing software to merchants–20 of the top 100 North American retailers are among its clients and its software runs on 300,000 POS devices–plans to start offering First Data’s TransArmor security software with its next upgrade.
“For us, this is about continuing to stay ahead of customer demands,” says Pat Polillo, AJB Software vice president of sales. “In the past two years, we’ve seen an uptick in our customers looking at [complete encryption services] as the silver bullet to solving their auditing and security responsibilities.”
Even among retail customers that have converted to chip-and-PIN card technology that’s considered far more secure than magnetic stripe cards, the need for such security is strong, he says.
Canada began converting to the EMV chip card standard in 2008, and AJB has done more than 30 chip-and-PIN projects with Canadian retailers. “We’re finding that a lot of those same retailers who three years ago migrated to chip and PIN are now coming back to us and layering end-to-end encryption and tokenization on top of that,” Polillo says.
Although chip-and-PIN does solve all fraud-related problems, “for retailers, the one thing chip-and-PIN doesn’t do is reduce retailers’ cost to stay PCI-compliant,” he says.
However, Visa Inc. has positioned chip-and-PIN as an alternative to PCI compliance (see story).
“What Visa strategically did in the U.S. was say if you do chip-and PIN and if X% of your transactions are chip-based transactions, then you don’t need to do a formal PCI audit,” Polillo says. “It’s a brilliant strategy. Whether it makes a difference and gets EMV into the U.S. market as fast as they hope remains to be seen.”
What do you think about this? Send us your feedback. Click Here.