At first glance, the new encryption technology now sweeping the payments industry looks like a bonanza for ISOs and agents. On second glance, the situation appears more complicated.
Vendors are beginning to offer encryption they claim will eliminate the need for retailers to store card information in their payment terminals during transactions. The technology could trigger a frenzy of point-of-sale terminal replacement and provide agents a whole new area of marketable consulting expertise—two changes that could increase revenues.
Next Big Shift
The movement toward supposed “end-to-end” encryption technology is fostering fundamental change in the payments industry, according to Steve Elefant, chief information officer at Heartland Payment Systems Inc., a Princeton, N.J.-based payment processor.
“When I got involved 25 years ago, the industry was just going from paper drafts and knuckle-buster machines to electronic draft capture. “This is the next big shift,” Elefant says.
Like the Internet, the payments-network system was built to foster connectivity, not security, he says, adding that with encryption, the industry is “having to go back and make sure that it’s all secure because of the threats we face from cyber criminals.”
Retailers seem certain to embrace encryption because the technology’s enhanced security will help them comply with Payment Card Industry data-security standards, some observers say. Complying with PCI security rules has proved challenging for retailers, and some have encountered fines passed along by their acquirers for failing to meet PCI standards.
“Within a year or two—probably a year—the encrypting terminal will become a ‘must-have’ offering for the ISO because they’ll have too many merchants requesting that type of product,” says Cliff Gray, an associate at The Strawhecker Group, an Omaha, Neb.-based payments-consulting firm.
“It could drive revenue,” Gray says of the potential rush to replace older terminals incapable of handling encryption. “It will become an obstacle to sales if they don’t have it.”
Studies indicate retailers may replace 50% to 60% of their terminals in the next three to five years, says Elefant. Retrofitting older terminals to accept the new technology costs more than buying new terminals because of the limited capacity of some older terminals and the tamper-resistant security modules many terminals contain, he says.
“It’s definitely going to increase terminal sales,” Sean Jones, president of Hagerstown, Md.-based merchant-services company creditcardbiz.com, says of encryption. “This is a great opportunity for ISOs to create better relationships with new and existing clients—inform, educate and become more of a resource for merchants.”
But complications may ensue, according to Craig Thomson, president and CEO of Beanstream Internet Commerce Inc., a Victoria, British Columbia-based ISO. Encryption brings three advantages and three liabilities for ISOs and agents, Thomson contends.
The potential for consulting represents one benefit, Thomson says. “Because encryption is something most merchants are not going to be that familiar with, it opens the door for the agent to provide consultation, act as a technical expert and add value,” he maintains.
Increased revenues represent the second benefit, Thomson says. “Because you’re adding value and because you’re providing a solution to a problem for the merchant, you charge more money for that,” he says.
As a third benefit—the tendency for vendors to offer proprietary approaches to encryption—makes each method more “sticky,” Thomson continues. Once a merchant signs on, he will feel reluctant to switch to another ISO and start learning an unfamiliar technology from the beginning, he says.
“So, in terms of client retention, it’s an advantage,” Thomson says of the differing technologies.
In the negative column, Thomson cautions that making a technically oriented sale may require more of an agent’s time. Retailers no longer will be content with hearing just about pricing, reports, and terms and conditions. Now they will want a description of the technology and an explanation of how it differs from competing offerings, he says. “That puts more of an onus on the salesperson to know the product, to know the technologies, to know how it fits in,” Thomson says.
The flip side of stickiness—concerns about portability—represents the second potential disadvantage for ISOs, Thomson says. Larger merchants may balk at investing in technology that works with one vendor and not another because they will fear an unwarranted rate hike at renewal time. “An agent is going to have to be able to handle that objection,” he notes.
In a third potential disadvantage, larger merchants that decide to take the extra steps to convert to encryption may demand in return that ISOs take on more responsibility for data breaches, Thomson says. “Contractually, it could add some complexity—there’s never something for nothing,” he says.
A fourth potential disadvantage has occurred to Deana Rich, president of Van Nuys, Calif.-based Rich Consulting. When ISOs try to sell or lease the new terminals, they may drive clients into the embrace of competitors that provide free terminals, she says.
Meanwhile, as a fifth disadvantage, some competitors are pledging not to raise fees in conjunction with encryption. Elefant derides extra charges for encryption, referring to them as “junk fees” that add no value for retailers. “We fundamentally believe that merchants should not have to pay more to be secure,” he says. “So we’re not charging any of those fees.”
However the advantages and disadvantages shake out for ISOs and agents, the payments industry appears poised for a shift toward keeping cardholder information more secure with the help of encryption.