Secure Payment Systems

Credit card companies charge for late fees, over-the-limit fees, ATM fees and many, many others. But nothing tops the interchange fees they charge retailers. Last year it amounted to $48 billion.

As if this wasn't enough to get retailers upset, credit card companies routinely agree to increase the interchange fees. And with credit-card fraud rising, the card issuers also push the cost of security and lost sales back onto retailers.

These actions, along with the failure of the Payment Card Industry (PCI) standards to guarantee security, were recently under scrutiny on the floor of the U.S. Congress. During the hearing, lawmakers made it clear they had concerns about actions taken by the credit card companies and warned that federal regulation may be needed.

In reports widely covered in the media, Representative Bernie Thompson of Mississippi told credit card executives he was concerned they were trying to "shift risk" of fraud and associated costs to retailers rather than truly improving "products and procedures."

Dave Hogan, senior vice president and chief information officer for the National Retail Federation (NRF), testified about the inability of PCI standards to accomplish its stated goal. "In our view, if you peel off all the layers around PCI data security standards, you will see it for what it is," said Hogan. "In significant part, it is a tool to shift risk off the bank and credit card company balance sheets and place it on others."

Without doubt payment technologies have moved up the priority list for most retailers today. In large part, this is due to the cost of mandated PCI compliance standards and the high price tag of securing the numerous internal, external and third-party links in the payment processing chain.

As a result, retailers need to place increasing importance on keeping up with the latest events, technologies and an emerging array of new opportunities that can help them reduce costs and better serve their customers.

Card-Based Payments Rise
Credit card companies continue to attract new customers as they add attractive incentives and rewards for cardholders. As a result, consumers have migrated away from traditional check payments towards card-based payments. The heavy dependency and usage of credit cards also is impacting the consumers use of cash, with 41 percent of consumers indicating they use cash less often today than they did two years ago according to the 2008 Study of Consumer Payment Preferences, a nationwide study conducted by BAI Research and Hitachi Consulting.

"More and more consumers are substituting card-based payments in place of cash," said Ajay Nagarkatte, managing director of BAI Research. "Of those who have reduced their cash use, 97 percent are shifting to credit, debit, or gift and prepaid cards instead."

A significant driver of credit card use is rewards programs. More than 75 percent of cardholders report having rewards attached to at least one card. Overall, 58 percent of cards earn rewards. For 51 percent of rewards cardholders, rewards have a strong impact on their use of the card.

Not to be overlooked is the phenomenal growth and usage of debit cards, gift cards and prepaid cards. According to the study, signature and PIN debit now account for a combined 37 percent of consumers in-store payments. PIN debit is preferred by 45 percent of consumers, while 35 percent prefer signature (20 percent have no preference). Those preferring PIN debit consider it more secure, faster and easier to use than signature. Consumers preferring signature debit do so for the security, lack of fees, their inability to remember a PIN, and, in some cases, rewards programs.

Growth of gift and prepaid cards was not quite as robust as debit cards in 2008. Gift and prepaid cards accounted for only four percent of consumers in-store purchases, the same as in 2005. Retailer-specific cards continue to dominate the gift card space, but more than twice as many gift card purchasers and receivers bought or were given a general purpose gift card in 2008 as were in 2005.

"Today's card-based payments have done much to erode the base of paper transactions in the U.S.," said Chris Allen, director, Consulting Services, Financial Services Practice at Hitachi Consulting. "And emerging payment methods like contactless and mobile are likely to take it further still."

What's New in Payment Tech?
Contactless payment technologies continue to receive a great deal of buzz, but the technology continues to be an emerging trend. A new contactless payment application from First Data and Inside Contactless, the Go-Tag line of products, incorporates payment sticker technology.

First Data and Inside Contactless jointly developed contactless payment stickers, which First Data markets as Go-Tag products. Inside Contactless supplies MicroPass payment sticker prelams to First Data-qualified card manufacturers for production.

Another new payment application from Shop Visible integrates Amazon Payment into business management tools. Enhance-ments to the ShopVisible e-commerce tool helps online retailers convert site visitors into buyers by providing a fast and secure method for consumers to pay for purchases using their existing accounts.

When customers are ready to checkout at a Web site powered by ShopVisible, they can click on the "Checkout with Amazon" button and enter their information. Customers will easily access their account, including their address book and payment information from to complete their purchase.

A More Secure Enterprise
Secure payments have been paramount to Peapod, an online grocery shopping destination, which recently added Tripwire Enterprise, a file integrity monitoring system. The system helps the grocery retailer meet its Payment Card Industry Data Security Standard (PCI DSS) goals, as well as manage change control with its mission critical systems.

Peapod, which also operates a delivery service for Giant Food and Stop and Shop supermarkets, has delivered over 13 million orders. For Peapod, ensuring continuous regulatory compliance supports an overall mandate to keep customer data secure and to maintain the trust that customers have placed for many years in the Peapod e-commerce platform.

In addition to providing the change audit and configuration assessment capabilities required by the PCI standard, Peapod uses Tripwire Enterprise to save system administration time and view system modifications from its central console without having to access each server individually. This central view allows Peapod to enforce its change control processes by monitoring its systems for unauthorized changes, investigating exceptions to its policy.

"Tripwire Enterprise offers a powerful solution for helping us with PCI compliance, track changes throughout the enterprise, detect exceptions to our policies, and be able to quickly remediate any problems that could disrupt security and system availability," says Todd Vazquez, senior UNIX administrator, Peapod. "Because Tripwire delivered, we can keep delivering our customers' groceries, knowing that we are keeping our processes, systems and customers' data safe."

Future of Payment
Representative Bernie Thompson, at a recent Congressional hearing, identified secure payments as a major threat to retailers and consumers today. He noted that despite years of efforts by the PCI standards body transactions are no more secure now than they were before.

"The payment card industry's effort to shift risk appears to have contributed to our current state of insecurity," Thompson said. "And I am concerned that as long as the card industry is writing the standards, we will never see a more secure system."

The solution, as most retailers are convinced by now, is a system of end-to-end encryption of payment data, but the powerful credit card companies are not equipped to handle encrypted data and so oppose it. As a result, retailers are forced to battle card companies as well as fraudsters to fix the secure payments problem.