Payments Business Magazine JanFeb 2014 by Lloydmedia Inc

Ja n/Feb 2014

The Merchant’s Guide to Transactions, Cards & eCommerce

ABMs are the new media New channel cuts through advertising clutter also in this issue:

❱ Why Canadian CFOs should be taking a closer look at virtual payments ❱ Privacy and security - can we find balance? PM 4 0 0 5 0 8 0 3

Table of Contents

January/February 2014 Volume 5 Number 1 Editor Amy Bostock amy@paymentsbusiness.ca Publisher Mark Henry mark@paymentsbusiness.ca Contributors Joseph Arrage, Thierry Denis, Donald B. Hathawy, Catherine Johnston, Jason Kolbenheyer Creative Direction Jennifer O’Neill jennifer@paymentsbusiness.ca

COLUMNS & DEPARTMENTS 4

News

24 Association Spotlight

FEATURES

Privacy, security & fraud Is there a balancing point?

Photographer Gary Tannyan Senior Account Managers Brent White brent@paymentsbusiness.ca Chantal Goudreau chantal@paymentsbusiness.ca President Steve Lloyd steve@paymentsbusiness.ca For subscription, circulation and change of address information, contact subscriptions@ paymentsbusiness.ca Publications Mail Agreement No. 40050803 Return undeliverable Canadian addresses to: Circulation Department 302-137 Main Street North Markham ON L3P 1Y2 t: 905.201.6600 f: 905.201.6601 info@paymentsbusiness.ca www.paymentsbusiness.ca Subscriptions available for $40.00 year or $60.00 two years. 2014 Lloydmedia Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of the publisher. Printed in Canada Reprint permission requests to use materials published in Payments Business should be directed to the publisher. Made possible with the support of the Ontario Media Development Corporation

Are we secure?

ABMs are the new media

2014 payment predictions

New channel cuts through advertising clutter

Industry trends to watch for this year

Monetico International aspires to offer single global acquirer

Five reasons why Canadian CFOs should be taking a closer look

Using technology to reinvent the branch

Thinking globally

Virtual payments

Not your parents’ ATM

Next issue…

March/April — Mobile payments; insider report on cross border payments & risk management january/February 2014

PAYMENTSBUSINESS

News

Payza launches software as a service enterprise solution “Payza as a Platform” brings flexible and frictionless payment experience to licensed corporations and their customers and merchants worldwide Payza has announced that registered money service businesses and payment companies around the world are now able to employ the newly redesigned Payza.com platform in order to increase their speed to market and expand their global presence. This launch marks Payza’s official entry into its strategic partnership phase that was announced at the end of 2013. Payza as a Platform is an enterprise solution that enables corporations or entities already licensed in their operational jurisdictions the rights to use Payza.com as their online payment transaction provider, fully customizable to both customer needs and local requirements. Payza as a Platform’s features include: • Flexible funding and withdrawal • Instant and secure transfer and payment methods • Integration with major

banking systems, such as EFT and ACH • Transactional services in 20+ currencies • Integration with processing for all major credit and debit cards • Fully automated client verification procedures • On-going fraud monitoring • Dispute resolution and chargeback management • Payment buttons and APIs “We are at a pivotal juncture in developing the Payza. com experience,” explains Ali Nizameddine, Payza’s Executive Vice President in charge of global product and technology strategy. “For the past 12 months, we have been dissecting our platform and redesigning it with only our customers in mind. Consumers want making a purchase online or sending money to loved ones to be as easy as possible. The same goes for online businesses and the daily

hassles they face just to accept a payment. Our customers didn’t just deserve better; they deserved the best.” Payza launched its redesigned platform in December 2013 to provide members with a highly personalized and intuitive interface with enhanced security and usability. “Money isn’t social or personal. What you do with it is,” says Nizameddine. “And that’s how we designed the ultimate online payment experience: safe, personal, social and painless. Now we are expanding that online payment experience in a softwareas-a-service model to offer our platform, to companies licensed in jurisdictions not already covered. This opens the doors to a broad member base in a fraction of the time and at a much reduced cost than it would take a company to develop its own payment

platform after all regulatory and legal requirements have been met.” Payza as a Platform licensed companies have immediate access to a turnkey customer experience that includes: • Personalized avatars and messages for fun and security • Links to social media • An Activity Feed that provides a snapshot of all customer financial activities and profile updates “Payza is one of the world’s most global payment platforms,” Nizameddine adds. “By making Payza available to licensed partner companies, we’re not only instantly opening the doors to the global marketplace for them and their customers, we’re also enhancing the Payza experience for our existing members by finding new ways to bring the world a little bit closer.”

Checkpoint Systems Inc. and Halo Metrics sign Master Distributor Agreement to support Canadian retailers Checkpoint Systems, Inc., a leading global supplier of merchandise availability solutions for the retail industry and its supply chain, announced today that Halo Metrics signed a Master Distributor agreement to support Canadian retailers. Under the terms of the agreement, Halo Metrics will actively market, sell, install and service Checkpoint’s electronic article surveillance (EAS) product portfolio for all retailers in the Canadian market that are not currently part of Checkpoint’s national account program. Checkpoint will continue to directly support its Canadian national accounts on a direct basis through its sales 4

PAYMENTSBUSINESS

and customer Merchandise Availability team offices in Markham and Winnipeg. Halo Metrics began providing security solutions to Canadian retailers in August of 1988 from its British Columbia location. Over the last 25 years Halo has grown and been able to work with retailers across Canada with local representation in BC, Ontario and Quebec. “Our focus is to balance the retailer’s loss prevention efforts with the honest shopper’s need for easy access to merchandise on display” says Cheryl Gillott, President of Halo Metrics. “The new agreement with Checkpoint enables

Halo to offer our retail customers more of a complete security solution. We are very pleased to deepen our Checkpoint relationship with the signing of this Master Distribution Agreement”. “Halo Metrics has been an outstanding partner with our Alpha division since 2001. They have earned the trust and respect of retail loss prevention professionals with their knowledge and commitment to customer service. We are excited to expand our relationship for the benefit of the Canadian retailers”, said Dan Reynolds, vice president of sales for Checkpoint Systems.

January/February 2014

Privacy, Security & Fraud

Privacy, security and fraud Is there a balancing point? By Catherine Johnston

o you ever wonder how you can possibly keep ahead of these, given how quickly technology evolves? Remember when mobile phones first introduced cameras? Most of us were thrilled with the new functionality. It didn’t take long before bad people started to misuse the cameras, often to violate people’s privacy. Technology being abused and misused is a cycle that we see all too often. Is there any hope? Yes, there is!

Where to start On the privacy side, we have two laws in Canada; PIPEDA the Personal Information Protection and Electronic Documents Act (PIPEDA) which is Canada’s private sector privacy law and The Privacy Act which covers the personal informationhandling practices of the federal government. The Office of the Privacy Commissioner has a great deal of helpful information at http://www.priv.gc.ca. Check it out for information that can help you both professionally and personally. Ontario also has a Personal Health Information Protection Act. Now, if the thought of having to read through a legislative Act strikes fear in your heart, you’ll be glad to know that Fair Information Practices are the underlying premise of these ACTs and they are common sense principles.

PAYMENTSBUSINESS

as we introduce new products, services or technologies. The bolt on approach can sometimes work, but you need to step back periodically and review your overall privacy position. Question whether your goal is simply to be compliant with the law. Do you want to make privacy a marketing and competitive advantage? Do you want your customers to see you as a trusted entity? The answers, of course, will be dictated by what you sell and how privacy sensitive your customers are. Once you’ve decided on your strategy, it’s time to take a holistic look at your policies. Here are some of the things you should consider. 1. Are your policies consistent across your organization? If one area of your company states that it does not collect specific personal information, but another part of your company does, you’ll need to make that clear to your customers or people who visit your web site. 2. If you tell people that they can control privacy settings, make it easy for them to do it. 3. Understand the risks of using the term “We may...” in your privacy policy. It doesn’t engender trust in the reader. 4. Think about stating your policy in terms of the fair information practices (see https://www.priv. gc.ca/leg_c/p_principle_e.asp for the list) 5. Do a Privacy Impact Assessment. There are many in the market, as well as competent consultants. January/February 2014

You want to look for a PIA that deals with the personal information from the time you first collect it until you securely dispose of it. You’ll need to think about everyone that has access to the data throughout that period. Determine what they can do with the information. That is more than whether they can view, add, change or delete information, but whether they can print, copy, transmit or otherwise affect it. ACT Canada and the Office of the Information and Privacy Commissioner Ontario have developed several of these procedures to deal with chip card applications. Make this personal. Think about your mother. What privacy protection would you want her to have?

Face-not-present Are you tired of having to provide a lot of personal information every time you access specific web sites? We all understand that certain sites need to be absolutely sure who we are before granting access to assets such as bank accounts or health information. Nonetheless, over the years I’ve come to the conclusion that we make things more complicated than necessary. I am me, not me the driver, me the patient, me the traveller or countless other “me’s”. I have the right to drive because I have continued on page 15

Privacy, Security & fraud

Are we secure? W By Donald B. Hathaway

hen Kurt Eichenwald wrote “Conspiracy of Fools” he was underscoring the sleepiness of the Enron Board of Directors – and we all know the result of their drowsy approach to oversight. That debacle was more than a decade ago and the world has learned other lessons in the interim, especially the perils of ignoring systemic risk and adopting an attitude of blissful ignorance towards complex financial transactions. Corporate directors, helped by a jolt of caffeine from a package labelled Sarbanes-Oxley (SOX), were rather more wakeful when the credit crunch unfolded in 2007 but they were still in denial about some of their responsibilities, notably certain financial risks. Lessons have been learned so this paper assumes that it is unnecessary to make the case that all corporate directors and executives, jointly and severally, january/February 2014

bear responsibility for risk, especially financial risk. There is a lot of support for the idea that “money makes the world go around”. Remember when Liza Minelli sang that song in Cabaret? As a bit of trivia, she repeated the word money almost ninety times, including chanting it twenty or thirty times without a pause. Well, we are all as fixated as Liza, and those who are corporate directors and executives are only too painfully aware that their organizations’ transactions are all about money. It was not always thus. Primordial transactions were based on debt, long before coins, which in turn gave way to paper currency. The first credit card appeared early in the twentieth century, followed by the Internet and ecommerce. By then it had become commonplace to authorise credit card transactions through surface mail or even over the telephone, and with

the increased facility of the digital age the physical act of authorizing a transaction and the person with the authority to perform that act could be separated by space and time. Fast forward to 2013. Global ecommerce revenues are in the trillions and there are over 1.5 billion computer users. Huge rivers of electronic “cash” run through networks supporting commercial transactions on a global scale. It should not be a surprise that sophisticated and well-organised hackers have gathered like predators circling a herd of antelope on a savannah. Their favorite tactic is to dip into a payment stream while remaining undetected for extended periods as they quietly siphon the profit margin – or more - into their own coffers. At the start of the digital age the various credit card companies were working separately to develop security protocols that PAYMENTSBUSINESS

Privacy, Security & Fraud

could stymie the thieves but they soon realised the value of collaboration and the Payment Card Industry Data Security Standard (PCI-DSS) came into being. It is now the de facto standard for all companies facilitating a portion or all of the payment stream flowing among buyers, sellers and financial institutions. The PCI-DSS standard is defined as six goals containing a total of twelve requirements for any entity that stores, processes, or transmits payment cardholder data. Compliance is based on three steps: Assess, Remediate and Report. It is an ongoing process and may include periodic validation by an onsite audit conducted by a Qualified Security Assessor.1 This paper was written with executives and corporate directors in mind, in particular those whose organizations have implemented an SAP2 system. Its intention is to raise the awareness of security issues related to transactions originating from an SAP business application mounted within the overall security of a host organization. The six goals are presented as questions with the twelve requirements as secondary questions divided among the goals, although these often speak to more than a single goal due to the integrated nature of payment processing. It is assumed that any organization using digital 8

PAYMENTSBUSINESS

systems to facilitate financial transactions will want to be PCI-DSS compliant, and while this paper endorses this stance, it must be said that it can be a demanding and complex task. Beyond the requirements specifically mentioned here there are, for example, over 30 more that address building compliant software. These requirements are all the more reason to consider using only a payment solution with SAP Certified Integration and which is Payment Application Data Security Standard (PA-DSS) compliant under the PCIDSS requirements. PA-DSS is applicable to third-party applications that store, process or transmit payments. Software applications developed by merchants for in-house use only are exempt from PA-DSS but must comply with PCI DSS. To achieve such compliance, the payment application is subject to a full audit by a QSA3 trained for such payment application auditing. From a board oversight perspective, a director ought to conduct due diligence by posing such questions, while the other side of the coin (no pun intended) is that these are questions that management should be able to answer in plain language. When such answers are not forthcoming the problem may lie beyond technology. Is the network secure? Someone once said, “A secret is something that only I know”, but while this may hold when the issue is your personal opinion of your spouse’s waistline, it is not really useful in an intensely interconnected world. People need data to do their jobs and

processing a transaction means sharing information with others, including those who are in another organization, probably in a different city or country and quite possibly operating at a different time of day. Worse, the very nature of the transaction requires the most critical personal and financial data. Security is neither trivial nor easy. The sort of questions that ought to be posed start with a few directed at the internal security of the network where the cardholder data resides. Here are a few sample questions chosen because they examine the ability of the organization to satisfy the internal security requirements implied by PCI-DSS compliance: • How sturdy are the firewalls on our network? • Is there any person or entity with access to our network and we are not certain of their trustworthiness? • Is there any manner of direct public access to our payment system? • Does everyone have a firewall on their personal devices? • Can I assume that we do not use passwords supplied by anyone outside of our network? • How strong is the security on all wireless devices that have access to our network? • Have we developed configuration standards – and how high have we set the bar? • Who is our System Administrator and how strong is the encryption on administrative access? The SAP platform installed in your organization is probably its main business system and, January/February 2014

as such, it is used by many employees. The network security issue is around the presence of cardholder data and controlled access to storage or transmission of that data. A (perhaps obvious) example is that cardholder data should never be permitted to be downloaded onto laptops or portable memory devices. Many companies segment the network to isolate cardholder data from other, non-payment related applications and users. The use of SAP gateway software and other related technology that help filter, route, and control traffic should be considered.

How do we protect cardholder data? Those reading this may recall the discovery of several boxes of cardholder data from a major Canadian bank, found in a landfill in Pennsylvania. That was paper, of course, and the security breach occurred at the final step of a logical sequence that had begun with acquisition of the data. Protecting digital data is a similar process, but while destroying a digital file is simple, protecting it during its lifetime is not. Your due diligence on protecting cardholder data can be fulfilled by a few key queries – and if the answers cannot be given in plain English, be suspicious. What is our stance on the storage of cardholder data? There are two crucial parts to this question: where the data is stored and for how long. The first concern is where the cardholder data is stored. Organizations are often surprised when they conduct a true discovery process and find that they store cardholder

Privacy, Security & fraud

information in many places apart from their central payment application, e.g. spreadsheets, databases, and the like. The compliant practice is to store cardholder data only where it is essential to the transaction – and nowhere else. How long is cardholder data stored once the transaction is complete? The best answer is we acquire it, we use it, we lose it. Once any transaction is complete and the period for a possible chargeback has expired there is little benefit – and an ongoing risk – in storing the cardholder data on which it was based. How is authentication data managed after authorization is complete? You are probably familiar with the Card Verification Number (CVN) found on the back of your credit card, often enclosed in a little box. It is not embossed so it can only be read visually, so the question might be: what does the reader do with what has been read from the card? The CVN is read with the human eye but the same situation holds for the data contained in the payment card’s storage chip or magnetic stripe, so the question becomes one of whether the data read from the magnetic stripe or chip is limited. If your organization uses a card-swipe device for quick entry into the SAP system, the system could easily read and store the complete track information, even when it uses only the minimal cardholder data for the transaction. All three sets of data are very sensitive. They should be treated rather like the keys for friend’s automobile: once you have moved the vehicle as requested, return the keys at

once – and obviously you would never make copies! In the same way, once the payment has been authenticated the data is no longer needed and should never be stored. Nor should such data be transmitted to the transaction processor, since there is a risk that might be stored there and become vulnerable. The SAP system does not store such data, but you should be comfortable that it has not been stored somewhere outside of the SAP system. Overall, track data should be gone from the merchant system by the time the cardholder is putting their card back into their wallet. The Primary Account Number (PAN) is a crucial piece of information, so is it masked when it is displayed? Do we render the PAN unreadable when it is stored? This is akin to being careful when entering your PIN at the supermarket, and never writing in down so that it can be found. How do we protect and manage cryptographic keys? A century ago, large metal keys were kept in a key safe, which could be opened by only a few trusted people. Keys were distributed at the start of the day and returned when used, never later than the end of the day. Handling cryptographic keys has close parallels, readily explained in non-technical terms. Do we encrypt data prior to transmission? A requirement for this goal is the secure the transmission of cardholder data using an accepted form of encryption - so the answer should be ‘yes’. Most payment applications for SAP systems employ some form january/February 2014

of encryption, and SAP itself provides an encryption method. It should be noted that SAP encryption is a challenge for PCI-DSS compliance because it stores the encryption algorithms in the same location as the encrypted number, so if a thief breaks in both the encrypted number and the encryption key used to decipher the card number are there for the taking. Payment solutions with SAP certified integration transmit cardholder data to the processor/acquirers typically via SSL4 type connections, or other similarly secure methods. Some of the solutions also support the SNC5 method of communication among servers. While the requirements speak only to encryption, many organizations are opting to use a token number replacement method for the encrypted card number. This method can allow the use of SAP applications without the card number being stored within the application.

Do we have a vulnerability management program? It is hoped that no one would question the importance of risk management and vulnerability management is a special variant of risk mitigation. Likely it is part of the overall security program and, while not specific to SAP systems, they are covered. Still, an informed director might wish to ask any of these and similar questions: • Do we use the most recent anti-virus software – and is it current, that is, have we installed the latest security patches? • Do we have an established process to identify security vulnerabilities? • Does our payment systems

software development conform to PCI-DSS and industry best practices? • Do we have formal change control procedures? How do we ensure that they are followed? • Public-facing web applications have to be more vulnerable, so how do we protect against attacks? Even if your organization uses a compliant payment application with the SAP system, there are vulnerabilities for an ecommerce store that can often be more difficult due to the variety of shopping cart and web store features and the fact they are often built as a custom solution and may or may not have undergone any scrutiny with respect to PCI-DSS requirements.

How strong are our access controls? The phrase “Internal Control and Financial Reporting” was coined when the US Government promulgated the SOX regulations in response to financial control and transparency problems across a swath of major corporations. A key feature of ICFR is the requirement that Chief Executive Officers and Chief Financial Officers jointly certify the authenticity and completeness of financial data provided for public disclosure. Since ICFR processes are embedded in the corporate accounting system they employ acceptable forms of user access ID and restricted access controls, and this is certainly true of the SAP platform. The additional security to achieve PCI-DSS compliance concerns access to cardholder PAYMENTSBUSINESS

Privacy, Security & Fraud

data, i.e. who truly has a need to know if transactions are to proceed. Humans love to “be in the know” and this pervasive foible lies behind the common claim that “I can’t do my job without the information.” In some cases that is true but it does not mean full and completely unrestricted access to all cardholder data in an unencrypted format. In fact the transaction can be completed knowing only the card type and the last 4-5 digits of the card number, which is PCI-DSS compliant. Happily, security and job performance can co-exist quite effectively. This means that the answer to the question about access controls is answered in a PCIDSS manner when controls limit access to cardholder data to the bare minimum essential to processing a transaction.

How do we monitor and test networks? The PCI-DSS requirements emphasize logging mechanisms and other tracking related to user or compromised access, but they also addresses internal

and external network scanning for vulnerability. • Do we have an established process to detect and identify users accessing the system, including wireless? • Do we audit access automatically – and do we retain audit trail entries for at least a year? • Are all critical system clocks synchronised? • How often do we review system logs - daily? • Do we employ both internal and external network vulnerability scans and penetration tests? • Do we have proactive intrusion detection, i.e. a warning in time to take action against the threat? • How do we monitor files for integrity? Merchants are categorized by levels depending on their total transaction volumes and particular levels are required to have a quarterly external vulnerability scan performed by an Approved Scanning Vendor (ASV) qualified by the PCI-SSC. See: https://www. pcisecuritystandards.org/qsa_ asv/ for a list of ASV

How robust is our Information Security Policy? An important consideration is whether the organization has

clear, well-considered policies and procedures dealing with all aspects of corporate life. It goes without saying that an Information Security Policy is a must to achieve PCI-DSS compliance but it is also a signal to the entire organization that security is important. • Does the Information Security Policy address all PCI-DSS requirements? • Does the Policy include an annual process to identify threats and the results of risk assessments? Further, does the Policy require an incident response plan? This is akin to asking if the Policy speaks to a proactive or preventive stance. • Do we ‘walk the talk’, i.e. our daily procedures are consistent with policy? While thinking through and writing sound policies is a necessary step, it is not sufficient. A policy is a statement of what is expected – but procedures are needed to tell everyone how to fulfill the policy. Finally, when you look around your organization, question whether there is an active and ongoing education program • Does the Policy ensure that job descriptions include duties related to security? Are employees made aware of this aspect of their responsibilities (education again)?

Secure transactions Every director, on every board, has to accept the fact of asymmetrical information: it is simply impossible to know and understand as much as those working fulltime for the company. Even those who do spend their days at the company may not have access to or understand certain corporate processes. The situation becomes even more difficult when the business model relies on advanced technology and must meet tough regulations, which is certainly the case when the company processes its payments electronically. The following article was written to help those working in or on the boards of such companies to ask those questions that, when answered, will help them sleep at night. Since Delego works so closely with SAP, it is especially pertinent to companies that have installed one of its platforms.

PAYMENTSBUSINESS

January/February 2014

• Does the policy cover temporary employees and contractors? They often have access to information and systems similar to fulltime employees. • How often do we review and update the Policy? Given the rate of change in software and in financial regulations this should be at least annually, followed by an education program to ensure that the changes are made known to one and all. The Information Security Policy should be a major section within corporate policies, so that all employees and directors are required to certify their current knowledge of policies at any given time. Ignorance is unacceptable – it is simply too risky.

Summary This article has reviewed PCI-DSS compliance through questions about its six goals and twelve requirements. It has been written as a summary appropriate for board oversight and executive level responses to the questions of corporate directors. It concludes that organizations should consider using only a payment solution with SAP Certified Integration and which is Payment Application Data Security Standard compliant under the PCI-DSS requirements. The many questions posed to probe these requirements suggest that compliance is likely to be a complex task but one that is well worth the effort. Donald B. Hathaway is the Board Chair at Delego Software

Insider Report: ATMs

ABMs are the new media New channel cuts through advertising clutter

By Joseph Arrage

anadians, and indeed people the world over, are used to seeing advertising messages splashed across everything from TV screens to hockey rink boards. There are so many messages clamoring for our attention that often times any given message is simply lost in the shuffle. But one relatively new media channel has recently been cutting through the clutter across Canada and North America, delivering attentive customer prospects to advertisers and new sales to retailers and financial institutions. That media channel is the ABM. The ABM as a media channel is unique for a variety of reasons: consumers conducting

a transaction pay close attention to what is happening on the screen while they are waiting for their cash to dispense, these consumers walk away with cash in hand ready to buy and the ABM is often delivering a message in a retail location where a properly incented, cashequipped consumer can easily respond to a marketing message.

â&#x20AC;&#x153;With hundreds of retail-based ABMs across Canada and thousands of ABMs around the world already engaging consumers with compelling messaging and promotions, the power of ABM marketing to drive meaningful benefits for consumer sentiment and product sales is proven.â&#x20AC;? january/February 2014

While various financial institutions have used their own ABM fleet to primarily market their own services to their cardholders, from chequing accounts to auto loans, Scottish firm i-design has made its name promoting retail and consumer packaged goods products at the ABM. With over 10 billion thirdparty advertising units delivered and over 35,000 ABMs running i-designâ&#x20AC;&#x2122;s software across the globe, the company knows how to deliver on the marketing promise of the ABM and its tuned-in audience. ABM marketing can take a variety of forms, from a simple inclusion of a branded screen PAYMENTSBUSINESS

Insider report: ATMs

displayed on the ABM when it’s not in use to pre-printed messages delivered on the back of a receipt. As pioneered by i-design, ABM marketing creates a cohesive messaging platform that engages consumers before, during and after the ABM transaction, with the goal of providing maximum impact on awareness and intended response. While there are distinct messaging opportunities with every ABM marketing campaign, the standard elements of a campaign, as deployed through i-design’s joono software, are: • Attract sequence – messages delivered via static and video graphics before a consumer inserts his or her card into the ABM • Please wait and thank you messaging – dedicated marketing units displayed on the two “wait” screens of the ABM transaction sequence while a transaction is being processed and upon completion of the transaction • Receipt takeaway – final marketing message printed

PAYMENTSBUSINESS

January/February 2014

at the time of the transaction on the bottom of the receipt with a call to action, often a bar-coded coupon, QR code or text-based discount code. Like other digital media channels such as web and mobile, ABM marketing can be controlled from afar, with remote content delivery and specified campaign start and stop dates programmed in advance of the campaign. Campaigns can also be targeted based on a variety of criteria to deliver the right message to the right audience. Targeting methods include location, time-of-day, day-ofweek, ABM card issuer (based on card BIN) and even one-toone messaging. For example, a supermarket could deploy ads to ABMs in its urban stores promoting hot meals to go on Monday night complete with a discount coupon and promote its in-store coffee bars at select suburban stores during the morning commute. Today you can see ABM marketing at work in any 7-Eleven convenience store in Canada. Cardtronics, which operates over 80,000 ABMs around the world and around 2,000 machines in Canada, began operating ABMs for 7-Eleven Canada in 2011 and included i-design’s ABM marketing software from the start of the program. Working with 7-Eleven and Scotiabank, whose brand appears on the ABMs, Cardtronics has deployed a range of promotions that provide enhanced value for using the ABM and help encourage ABM users to spend more money in the store.

Insider Report: ATMs

ABM marketing provides significant benefits to all parties of an ABM transaction: • Consumers – By using ABMs equipped with marketing capabilities, consumers are able to receive additional value each time they use an ABM through coupons and promotions that provide product and service discounts and through a more engaging ABM experience that enhances their ABM usage. • Retailers – Encourage ABM users with cash-in-hand to make purchases in the store through coupons and discounts, realize additional revenue from third-party advertisers and enjoy increased use of the ABMs in their stores as consumers come to prefer marketingenabled machines. • Financial institutions – Reward loyal customers with promotional discounts and offers, provide customers with new reasons to use their retail-placed ABMs and communicate regularly with customers in a nontraditional setting. • Third-party advertisers – Reach consumers who are fully engaged with and attuned to the marketing message at the ABM, are already standing in a retail location where a purchase can be made and are ready to buy with the cash they just received.

the power of ABM marketing to drive meaningful benefits for consumer sentiment and product sales is proven. While the media noise drowns out so many messages in our daily lives, the ABM remains one channel that commands our full

and complete attention while being able to deliver the right message to the right audience in the right place at the right time – a potent combination that makes the ABM a more important and powerful tool than ever for retailers and

financial institutions alike. Cardtronics (www.cardtronics.ca) is the world’s largest operator of retail-placed ABMs. The company specializes in offering products and services that bring together retailers, financial institutions and consumers, delivering cash and convenience in the retail environment, where cash meets commerce.

Each Click is a Residual Payment.

Authorize.Net has paid out more residual payments than any other payment gateway. Contact us to learn why. Call 1.866.437.0491 or visit www.authorize.net

With hundreds of retail-based ABMs across Canada and thousands of ABMs around the world already engaging consumers with compelling messaging and promotions,

january/February 2014

PAYMENTSBUSINESS

Feature

2014 payment predictions As we kick off a new year, Ingenico’s Thierry Denis highlights some industry trends to watch for in 2014 By Thierry Denis

Trends to watch in 2014

he payments industry is becoming a major influencer in the consumer-facing industries. Payment is central and the last step in closing the purchasing transaction. Today’s small and medium merchants in North America are challenged to remain competitive and expect a wide range of secure payment options, beyond traditional fixed-point magnetic stripe solutions. They demand new functionalities from their POS providers that will enable them to improve productivity, increase sales, build customer loyalty, and most importantly optimize customer experience at checkout. POS manufacturers and banks are pressured to deliver hardware products and solutions that meet these demands. As in any business it is clients’ perceptions that will drive their economic investment decisions, the electronic payments business is no different. And while Ingenico’s perception takes into account the global marketplace it is clear to see that while North America has led the charge on many fronts over the years, like being the first one to adopt the general purpose credit card payments, that may not be the case in every instance of what Ingenico envisions the future will hold.

Training customers and frontline sales staff – The multi-year effort towards the U.S. migrating to EMV will continue to be driven by large multi-national retailers whom have first hand experience in fraud/chargeback benefits from their transitions of other global regions. With Canada’s recent migration to EMV, the U.S. is poised to remain the last big ‘playground’ for magnetic stripe fraud; in between two EMV compliant countries (Canada/ Mexico). Large retailers will need to continue to push for better electronic payment security in the U.S. The old days of paying for your food at a restaurant, when the server takes your card away to swipe it, are eliminated with EMV as the cardholder has to confirm the transaction by an authenticating pin number. Information and data compliance does not equal security– Information security will continue to be a major focus in North America for 2014. Cyber-crime will continue to escalate as criminals’ level of sophistication and motivation increase. The convergence of personal and business technology and the ease of introduction of new solutions such as mobile payments and m-Commerce opens up areas of vulnerability for an organization

PAYMENTSBUSINESS

that they might not have considered in the past. The updated PCI DSS (Payment Card Industry Data Security Standard) will likely cause retailers to reexamine their current security infrastructure and approach to protecting credit card data. The more forward thinking organizations understand that compliance does not equal security and will continue to seek best practices on securing their business processes. They will continue to elevate the importance of protecting all sensitive data and accelerate a more holistic, risk based approach to the problem. Better customer experience delivered with mobile payments solutions–Mobile technologies and handheld devices such as smartphones and tablets have drastically altered the purchasing experience for both the consumer and the merchant, enabling services and goods to be provided anywhere, any time. This will be an interesting study in how the different generations think about convenience, security and technology related to payment. With smartphone manufacturers, the spectrum is about as wide and as fragmented as it could be with a fairly significant portion of the population still reluctant to use their credit card to purchase online at one end - and then January/February 2014

for the generation raised on technology, there is the expectation to be able to do everything from their phone.

Looking ahead Convenience to pay with any form of electronic payment, including tap & go, m-wallets, or plastic cards regardless of the sales channel, is becoming the new norm at checkout. The handset manufacturers will continue to experiment with social media and consumerdriven market research in an attempt to engage consumers to help create a convergent smartphone device capable to handle both communication and payment i.e. a handset that will eventually become a digital wallet. 2014 will see a lot of experimentation in this space in an attempt to learn which will garner adoption by consumers and retailers. Regardless of the level of adoption this will be a multi-year evolution. Thierry Denis has been President, North America since 2011 is responsible for driving the development of Ingenico’s strategy in the U.S. and Canada. Leveraging his rich sales and technical experience he has also helped the international growth of the company. Denis has been with Ingenico for over 21 years.

Privacy, Security & fraud

continued from page 6

passed the required test and have not broken the driving rules that would cause me to lose that right. My rights and privileges will change, but I will always be me. In a “face-notpresent” world, why can’t I have a “me” certificate that assures the other end of the web portal that I am who I say I am. The fewer times I have to provide my personal information, the better I feel about my privacy.

Procedure for Smart Cards, the application developer was surprised that we ended up with a 110 page report when we had expected 20. They were happy that we had also found all the security gaps in the process and delighted that they could use

privacy as a marketing tool. You really can balance privacy and security for the benefit of your clients and to the detriment of the bad guys.

Catherine Johnston is the President and CEO of ACT Canada. Since 1989, ACT Canada has been internationally recognized as the stakeholder association that drives payment evolution and digital identity. Stakeholder dialogue drives profitable decisions. For information, please visit www.actcda.com.

New and neat: thinking like a consumer If you are using a web site to provide services, the stateof-the-art is to not ask me or your other clients to provide more personal information, but to use something we already have and that you trust. For example, several Government of Canada web services may now be accessed by using bank credentials. Neat – it’s something I already have and I know how to use. This is a great example of going one better than thinking outside the box – the government of Canada and SecureKey, who make this possible, have expanded the box! For the government, it was important to get citizens to use the cost effective web portal but some people found it difficult to remember their sign-on details and some were concerned about privacy. By thinking about it from the consumer’s point of view, the government solved the problem.

So... the balancing point If you approach things from a privacy perspective, you will design systems that have tight security. The first time we used the Privacy Impact Assessment january/February 2014

PAYMENTSBUSINESS

Securing Mobile Life.

Creating Confidence. Giesecke & Devrient offers a comprehensive range of payment products and solutions based on the latest EMV, contactless and dual interface technologies. Our smart debit, credit and prepaid products are available on a wide range of platforms based on secure and highly flexible operating systems. Alongside the comprehensive portfolio of easily configurable card products and card solutions, we offer all services related to electronic payments including m-commerce and transit. Our services include personalization, system integration, project management and technical consulting from a single source. For more information, please visit: www.gi-de.com/ca

Vertical market

Thinking globally Monetico International to fulfill partners’ vision of becoming a single, global acquirer By Amy Bostock

PAYMENTSBUSINESS

esjardins Group, the largest cooperative financial group in Canada, and Crédit MutuelCIC Group, a first-tier mutualist financial institution in Europe, have teamed up again to create Monetico International (Italian for electronic payment). Based in Montreal, Monetico will offer innovative payment solutions for the merchant clients of both financial institutions. “Our goal with this project was to be more transparent with merchants while at the same time reducing costs,” says Patrice Dagenais, Vice-President, Payment Solutions and Business Partnerships at Desjardins Card Services. “It’s a new way of doing business - standards rather than proprietary.” Thanks to this collaboration, Monetico will now rank among the top 10 largest organizations specializing in payment solution services on a global scale, with more than 400,000 merchants and over 3.3 billion payment transactions annually.

Thanks to this collaboration, Monetico will now rank among the top 10 largest organizations specializing in payment solution services on a global scale, with more than 400,000 merchants and over 3.3 billion payment transactions annually

“Merchants are thinking internationally and we need to do the same,” says Dagenais. “Most of the major acquirers are coming from the United States so in order to be different We needed to find a partner that is based somewhere outside of North America.” Monetico will pool the expertise of Desjardins Group and Crédit Mutuel-CIC Group to lay the foundation for an organization that will coordinate acquirer payment solutions over two continents and eventually expand worldwide. “A great benefit to partnering with a French institution is that they already have knowledge of EMV,” says Dagenais. Each group will operate its respective acquirer payment solutions from a shared platform, and will jointly develop compliance solutions with international standards. January/February 2014

Together, Desjardins and Crédit Mutuel are fulfilling their vision of becoming a single, global acquirer, always striving to best meet the needs of their merchants, regardless of size. The Monetico brand will support this vision and international business development for both organizations. “These new developments speak to our willingness to strengthen our business ties. Thanks to a partnership that we established few years ago, our merchants will benefit from the services offered on either side of the Atlantic. By taking a global approach, our expertise will gain in recognition,” said Michel Lucas, President of Crédit Mutuel-CIC Group. “Together with Monetico International, we will be able to better support our respective merchants worldwide.”

Fasten your seatbelts. Roll up your shirtsleeves. And prepare yourself for an information packed day.

Presented by:

and

March 20, 2014 Twenty Toronto Street

Mobile Payments Bring IncludYour Team Work es FRE ! Tacticbook of Ti E p s&S ecret s, s

Workshop

How to Make The Mobile Future Work For You Don’t miss out… for more information and to register online go to www.paymentsbusiness.ca

How to Make Fact-Based Decisions That Power Your Organization’s DNA

March 31, 2014 Twenty Toronto Street

Predictive Analytics

Workshop

For more information and to register online go to www.dmn.ca

Presented by:

Pay Channel

Virtual payments Five compelling reasons why Canadian CFOs should be taking a closer look

By Jason Kolbenheyer

PAYMENTSBUSINESS

he latest credit card security breaches impacting Target and Neiman Marcus are one more nail in the traditional card’s coffin. It’s certainly obvious that change should happen and happen soon. Supposedly pin and chip cards will provide the solution but they are already being compromised in Europe and adoption in Canada is still years away. With corporate executives on the road, corporate card in hand, CFOs need to be looking at alternatives. Now. Virtual cards are gaining traction in the corporate payments space, and for good reason. With extraordinary controls and an ecosystem that supports universal acceptance, virtual cards eliminate the risk of stolen credit cards that are in the spotlight today and provide streamlined efficiencies to an expansive portfolio of use cases. Virtual cards are single-use credit card numbers that are generated for a specific payment. A virtual MasterCard® number, for example, can be generated to make a payment, and once that payment is made, the virtual card number cannot be used again. These numbers can be generated through the web, mobile phone or via API, providing security and ease for either routine payment such as accounts payable or real-time flexibility when business

needs are on-the-go. When it comes to corporate payments, the following five benefits of virtual card payments are quickly capturing the attention of CFOs across industries.

1. Security Rare is the person who has not had their credit card compromised. In fact, as I was writing this article, I received a call from my bank telling me that due to unusual activity, my card had been blocked. While most of us can relate to the personal pains associated with a similar phone call, the scale of loss for a business experiencing a security breach can be catastrophic. The Target Corporation case is now estimated to be the largest cyber attack in history, where over 100 million consumers may have fallen victim to credit card theft from online hackers. Within weeks, Neiman Marcus found itself in a similar quandary. Unfortunately, hackers don’t abide by boundaries so it’s more than likely that Canadian firms are being exploited as I write this. While these scenarios involve business-to-consumer relationships, the inherent lessons learned can help companies that focus on B2B payments avoid finding themselves in similar predicaments. Our executives January/February 2014

in Canada, for example, are traveling the world, exposing them to vulnerabilities across multiple geographies. Virtual cards eliminate the risk of stored credit card numbers being compromised. For example, if a virtual card number were used to make a purchase while an executive was on the road or if an office manager used it to buy supplies for the corporation, the single allotted use for that card number would be satisfied immediately following the transaction. The result? Very disappointed thieves who discovered that the credit card number they’d just stolen was completely invalid for any further purchases. Virtual cards are so secure, in fact, that they fall outside of the scope of PCI compliance. As shared via the MasterCard website: “Single use virtual cards do not require PCI DSS be applied because these cards are inactive/ disabled after use therefore the PANS no longer pose fraud risk to the payment system.”

2. Employee fraud It’s not just the big retail giants that are impacted by security breaches. The security threats of stolen credit cards and fraudulent spending face every company today. And those threats are not always outsiders. Oftentimes,

Pay Channel

employees themselves are the culprits. Virtual cards enable employers to not only control spending, but also monitor it. Because one card number is generated for each transaction, those numbers can be electronically tracked and reconciled within a company’s accounting software. At any given time, analysis can be performed to evaluate spending by employee, by department or cost center, and even tracked against budget. Noncompliance with corporate purchasing policies would immediately be evident and employees could be held accountable. Since noncompliant corporate travelers account for as much as 15% of employee fraud this represents millions in unnecessary costs whether the cards are secure or not.

3. Global acceptance Risk tolerance is understandably low when it comes to a company’s financial well-being. While there are innovative payment technologies surfacing every day, the biggest drawback is acceptance. New digital forms of currency may gain some traction in a consumer-oriented industry such as gaming, but acceptance will be limited in a B2B enterprise environment. Virtual cards that are issued on established rails such as MasterCard, Visa, or American Express offer the assurance of global acceptance. These industry leaders have established a global network and an enterprise infrastructure that cannot be easily replicated.

4. Spending controls Virtual cards provide an unmatched ability to control all spending parameters. As

payment is being issued, unique controls can be put into place that allow the corporation to place restrictions such as: the dollar amount, which can be set to an exact amount or within a rangewhere the virtual card will be spent, i.e. if the purpose was to allow the user to pay for dinner and not their car repair, the controls allow the company to set those parameters

5. Multiple use cases Accounts payable is perhaps the best known application of virtual cards. Virtual card providers enable companies to replace paper check writing with a much more efficient electronic payables system. Through integration with ERP systems, payment files are uploaded, virtual credit card payments are approved and issued to vendors, and accounting systems are automatically updated and reconciled without error. Payments are processed just as any credit card payment would be processed, without the risk of stolen cards, lost checks or fraudulent charges. E-commerce presents an especially attractive proposition for web-based transactions. Through APIs now available from virtual card companies, organizations can generate their own virtual cards for their business needs. For example, if a business is procuring goods on behalf of their customers, they can instantly issue virtual cards at the time of purchase – without the security risks associated with stored static card numbers. And because each transaction is completed with a unique card numbers, all spending can be easily tracked and reconciled within the january/February 2014

company’s ERP system. And as more and more employees bring their mobile devices to work, the pressure on corporations to provide secure mobile applications is growing rapidly. As if hacking corporate servers weren’t enough, now the threat of compromised, lost or stolen smartphones will become a huge issue. Again, the use of virtual cards in the mobile environment eliminates that corporate exposure. We are only scratching the surface of what is possible with virtual cards. With so many benefits, one might question why every company hasn’t yet adopted the technology. The barrier is certainly not cost, as virtual card payment solutions are readily available at no charge. With so many benefits of virtual card payments, and sophisticated enterprise solutions that are proven and ready to support wide scale adoption, the question is not long if adoption will occur, but when.

Chief Product Officer, Jason oversees the strategy and design of CSI’s innovative technology. He has over 15 year of digital and mobile product architecture, design, and promotion. Learn more about the company at www.csicorporatecard.com.

Jason Kolbenheyer is Chief Product Officer at CSI Enterprises, responsible for the company’s globalVCard brand of payment solutions. As

PAYMENTSBUSINESS

technology Update

Not your parents’ ATM FirstOntario Credit Union uses technology to reinvent the branch By Amy Bostock

PAYMENTSBUSINESS

n his best-selling books Banking 2.0 and Banking 3.0, Brett King heralds the death of the bank branch – warning financial institutions that they have to reinvent themselves because branches are going to disappear. “We never did believe that here,” says David Schurman, Executive Vice President & Chief Operating Officer at FirstOntario Credit Union. “We do believe

that branches are going to be different and that banking is going to be different. The branch will continue to be a channel that people will want to use. Maybe not as much as in the past and not as often but they will occasionally need a branch.” Schurman says what financial institutions really need to do is reinvent what a traditional branch is. “We no longer need a 6,000 square foot space,” he says. January/February 2014

“People are visiting less often and the technology available means smaller footprints are possible. We feel that we need to have more branch footprints but different, smaller branches in more convenient locations.”

Bank where you want to bank Having branches along what Schurman calls “the pathway of life”, that is where people are

Technology update

going to go anyway, is how he believes financial institutions will prosper. But with real estate at a premium in these locations, more cost efficient expansion options had to be considered. “We knew that we would need to have more branches in more convenient locations but we also knew that this would be expensive. Branching out is not cheap.” He also recognized that there needed to be more types of branches (i.e. kiosk branches in places like hospitals and malls) and that customers were demanding longer service hours. This is where PAT came in. Developed by NCR, the Personal Assistant Teller (NCR APTRA Interactive Teller) allows financial institutions to offer their customers the benefits of both self-service and the branch experience in one solution, closing the “intimacy gap.” PAT combines video collaboration and remote transaction processing technology embedded within the ATM to give customers the choice of self-service or connecting with a remote teller in a highly personalised, two-way audio/ video interaction. By adding PAT to the mix, FirstOntario has been able to achieve both of their initial goals – building more branches and building them where people want to use them. A great example is the FirstOntario kiosk that has opened at a hospital in St. Catherines, Ontario. The kiosk uses PAT for teller transactions plus it offers an on-site advisor who can help with loans and investments. This format allowed FirstOntario to meet all of their clients’ needs but with a smaller footprint.

Bank when you want to bank Being able to extend branch hours without having to make staff work longer hours is another added benefit of having PAT on the FirstOntario team. “Our staff actually appreciated it,” says Schurman. “We were the first in Canada to bring PAT in and of course the initial reaction was to question whether we were doing this to cut jobs and save money. Or were we shipping jobs to overseas call centres? The answer to both is absolutely not! “PAT was brought in to extend service to our members and to be able to build branches in different models. Our call centre for PAT is right here in our head office so we’re actually creating jobs when we have to hire additional staff to man the call centre for PAT.” “It’s been really popular,” says Schurman of the PAT kiosks. “Although it started off a little slow because when we first introduced PAT it was in existing branches so PAT was an option but people still went to the live tellers if they were available. Since PAT was an unknown. The biggest challenge was making people understand that this was not an ATM – it’s like a real teller. But once they tried it and realized how easy it was, well, a lot of our customers now know are PAT tellers by name.” In order to move forward with PAT, the folks at FirstOntario also had to change their thinking. “We had to train our call centre staff differently,” says Schurman, “and also had to look at the people that we were putting in those roles differently. When it’s live onejanuary/February 2014

on-one like we’re offering with PAT you can’t have awkward silences – there’s no hold button.” So FirstOntario designed a training program that was a little different than what they were currently using in their call centres and moved people through transactions differently. “It’s like serving someone in person but through live 2-way video.” FirstOntario started off with one PAT and have since grown that number to 12. The plan was originally to include PAT in any new branch location that was built or any existing branch that was renovated.

Over the last four years they’ve renovated branches that include PAT and now have a number of new branches as well. They have the kiosk model with only PAT present and also a hybrid 1,500 sq. foot model in a mall that has PAT and a live teller. Finally they have full services branches that offer PAT for extended hours. “What we’ve done at FirstOntario is a bit different than Brett King’s predictions of the death of the branch,” says Schurman. “What we’ve done is a transformation of the branch. Five years ago we had 17 branches; today we have 27.”

Meet PAT The Personal Assistant Teller (PAT) has become a major part of how FirstOntario Credit Union does business. The friendly sounding acronym for their new technology is meant to make customers feel comfortable with the twoway live video teller. “So even though there is a piece of technology that they’re using to communicate and to do a transaction, they’re actually going to speak to and see a real person,” says David Schurman, Executive Vice President & Chief Operating Officer at FirstOntario Credit Union. “Using PAT is much different than using a computer or picking up a phone; it’s actually like going to a real teller line with a real person across from you helping you. Eliminating lines is one PAT’s main jobs. Along with allowing FirstOntario to extend service hours without requiring staff to work longer hours, Schurman hopes that by installing PAT units in existing branches wait times will decrease. “We want the PAT experience to be very personal but also to use technology to be more efficient and effective.”

PAYMENTSBUSINESS

Association Spotlight

ATMIA Canada/ATMIA Association ramps up for busy 2014

TMIA Canada has been very active over the past several months. A very welcomed milestone in ATMIA Canada was the official formation of the GRC (Government Relations Committee), a new committee that will focus on government relations. The committee will provide a forum to deal with the rising tide of proposed legislation and to keep ATMIA members informed about legislation affecting the Canadian ATM industry. “Over the last few months, ATMIA and the Canadian Bank Machine Association have been working on a plan to unite the industry — to create one single, strong voice to monitor legislation and regulatory issues that could hurt our industry and the bottom lines of ATM businesses,” said Curt Binns, executive director of ATMIA Canada. “As an industry we are stronger when we work together than we are separately.” Founding members of the GRC committee include Access Cash General Partnership, Cash N Go ATM Network, Direct Cash Management Inc., Stanley Frisco ATMs and Threshold Financial Technologies Inc. Chris Chandler, president of Access Cash, will lead the committee. “I am looking forward to serving the ATM industry as Chairman of the Canadian GRC,” Chandler said in the announcement. “I believe by working together we can affect positive change that will help protect the future health and vitality of our industry.” According to Binns, the GRC demonstrated their commitment and effectiveness in protecting the industry within one month of becoming official. “On October 31st, 2013, the CBC aired a story which could have been very damaging to our industry had it not been over showed by local political issues. The GRC members convened and spent several days developing strategies and defence papers to protect this negative press. All ATM operators benefited from the good work of ATMIA Canada’s GRC. I am excited that we’ve laid a strong platform for momentum and growth in 2014.” He adds that the GRC is, from time to time, required to enlist the assistance of experts in the legal, marketing, and monitoring fields. “We have thus launched a contribution campaign to fund these activities. It is incumbent on anyone who is aligned with the ATM food chain to contribute to the cost of this industry’s protection of our integrity, safety, service and reputation.”

Canada Conference 2014-02-24 The call for speakers and session proposals for the 2014 Canada Conference recently closed and organizers are now fine-tuning the agenda for this annual event. This year’s theme is Expanding the ATM World: the rise of the payments hub. The event will be held June 4-5 at The Hilton Hotel and Suites in Niagara Falls, Ontario. Stay tuned for more details. 24

PAYMENTSBUSINESS

Here are some of the association’s many projects, activities and initiatives which benefit members and the ATM industry as a whole.

Public Affairs and Industry Committees

GRCs in each chapter monitor regulatory developments and liaise with governing bodies to represent the voice of the ATM. Our Global GRC compares international trends in regulation and governance ATMIA teams up with multiple effective regulatory monitoring and government liaison agencies including EFTA, Good Relations and Stateside Associations. Industry committees include representation for sponsoring financial institutions, independent ATM deployers, vendors and on ATM security-related issues. Future of Cash and Cash Council • Videos on positive global role of cash posted on YouTube and social media • Pro-cash presentations at industry events • Cash best practices: position papers on role of cash in financial inclusion

Education and training

ATMIA offers global conferences, position papers, training modules, webinars, white papers and business best practices Visit the associations’s library of industry best practices and white papers. Enroll for ATMIA’s certified international online training for ATM operators. The association is proactive about educating members on current challenges and opportunities from the migration to a new Windows 7 & 8 operating system to trends towards standardization for greater efficiency.

Protection

Set of ATM life cycle best practices and ATM security initiatives worldwide. • Preventing Cash Trapping Best Practices • Preventing Mobile Banking Fraud • Managing Anti Money Laundering at ATMs • End-to-End Encryption for ATMs • ATM Software Security Best Practices • ATM Life cycle Security Best Practices • ATM Physical Security Version 2 Best Practices • Anti Skimming Best Practices • ATM Cash Security Best Practices • Preventing Card Trapping Best Practices • Gas & Explosive Attacks Best Practices • Stored Value Products Best Practices • CiT Best Practices - USA • Preventing Ram Raids Best Practices • Protecting Personal Bank Accounts Best Practices • Mobile Device Banking Security Best Practices • ATM Contactless Acceptance Best Practices • Decommissioning ATMs • Dealing with Stained Banknotes Best Practices • Point of Sale Life cycle Security Best Practices • ATM Physical Key Management • Preventing Insider Fraud Best Practices

January/February 2014

Service Directory

Card Manufactures

Integrated Payments Solutions

Integrated Payment Solutions and Services

Secure Solutions for Payment & Identification

One of the most advanced and reliable payment delivery solutions in financial services technology.

Since 1852, G&D has been an integral partner that is solutions orientated and trusted by banks, governments and carriers. Our solutions are founded on trust, integrity and the creation of value through Confidence.

www.everlink.ca

• Contact, Contactless and Dual-Interface Smart Cards • Mobile Payment • On-line Secure Authentication • Enhanced Card Identification

Toll Free: 1-800-387-9794

Toll Free: 1.866.388.0076

www.gi-de.com

secure payment solutions

EMV & NFC Consulting

Ensure a successful NFC project with FIME’s consulting team! • EMV & NFC consulting • Test tools • Security evaluation • Certification www.fime.com infoamericas@fime.com

Secure Payment Solutions

Apriva is North America’s Leading Wireless Gateway. SECURE DEVICES | RELIABLE SERVICE | EXCEPTIONAL SUPPORT

To learn more call Paul DeRosse, Senior Vice President, Sales at 905.530.2351 or visit www.apriva.com.

Payments Business delivers news, insights, features, commentary, developments, trends and technology updates which help our readers make better and more informed decisions about their transactions, cards and EBPP strategies. To advertise in the Payments Business Service Directory Contact: Mark Henry mark@paymentsbusiness.ca

see youR company name here Contact Mark Henry mark@paymentsbusiness.ca 1800-668-1838 x 223

PAYMENTSBUSINESS

January/February 2014