July/Aug 2015
The Merchant’s Guide to Transactions, Cards & eCommerce
e c a F l a e R e Th a t a D n e l o t S of
❱ Albert Gonzalez who pled guilty last year to breaking into computer systems of major retailers.
OUR 2015 CYBERSECURITY REPORT INSIDE:
also in this issue:
❱ Vertical Market
Taking the friction out of ecommerce
❱ Industry Update
ISO 20022 and real-time domestic payments PM 4 0 0 5 0 8 0 3
Table of Contents COLUMNS & DEPARTMENTS July/August 2015 Volume 6 Number 4 Editor Karen Treml karen@paymentsbusiness.ca Publisher Mark Henry mark@paymentsbusiness.ca
4 News 28 Events
FEATURES
Contributors Markus Bergthaler; Derek Colfer; Karen Cox; David Drury; Catherine Johnston; Stephen Lindsay; Derek Vernon
President Steve Lloyd steve@paymentsbusiness.ca For subscription, circulation and change of address information, contact subscriptions@paymentsbusiness.ca Publications Mail Agreement No. 40050803 Return undeliverable Canadian addresses to: Circulation Department 302-137 Main Street North Markham ON L3P 1Y2 t: 905.201.6600 f: 905.201.6601 info@paymentsbusiness.ca www.paymentsbusiness.ca Subscriptions available for $40.00 year or $60.00 two years. ©2015 Lloydmedia Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of the publisher. Printed in Canada. Reprint permission requests to use materials published in Payments Business should be directed to the publisher.
The Real Face of Stolen Data
18
Our Files, Our Information – Our Issue
Creative Direction Jennifer O’Neill jennifer@paymentsbusiness.ca Photographer Gary Tannyan
8 Event Roundup - Cardware 30 ACT Canada Update
10
The Evolution of Payment Fraud How it works, where it began, and the impact of EMV
13
Cybersecurity: Not Just An IT Issue New technology also comes with new and complex IT security challenges
15
Gamer Safety from the Merchant to the Consumer A look at gamer safety from account takeovers to third party fraud
ACT shares its experience with a malware attack
REGULAR COLUMNS 20
INDUSTRY UPDATE ISO 20022 and real-time domestic payments
24
PAY CHANNEL Remote deposit capture: faster, easier cheque processing
26
VERTICAL MARKET Taking the friction out of eCommerce – streamlining and securing the process
This month’s feature section deals with cybersecurity. For the most part, cybercrime is nameless and it is faceless. Unlike Ponzi scheme criminals and serial killers where everyone is familiar with those names and the faces, few of us could actually name any cybercriminals or identify them in a photo. Yet, behind every incident, there is indeed a name and a face. Albert Gonzalez, alias ‘Soupnazi’, featured on the cover, is one of the real faces of stolen data. Gonzalez pled guilty to breaking into the computer systems of major retailers, including TJX Companies and BJ’s Wholesale Club. He was sentenced to 20 years in prison after being a part of one of the largest thefts of credit and debit card numbers in American history. In cybercrime, the names are real, the faces are real, and their activities result in massive costs to both businesses and individuals.
Next issue… Made possible with the support of the Ontario Media Development Corporation
Sept/oct — An acknowledgement and celebration of the women that are the inspiration, innovators, and rising stars of the payments industry. JULY/AUGUST 2015
PAYMENTSBUSINESS
3
NEWS
CPPO to support high-growth, multi-billion dollar prepaid market in Canada With a highly banked population and a reputation around the world for being fiscally responsible, a new survey reveals that many Canadian consumers face challenges with the current ways they manage their finances, budget and pay for goods. As a result, Canadians from coast to coast are considering new financial tools to help them solve these problems and take control of their financial lives. Entitled “How Canadians Pay Today,” the survey of 1,003 Canadian consumers was conducted by Leger and commissioned by the Canadian Prepaid Providers Organization (CPPO), the voice of the rapidly growing open loop prepaid payments industry in Canada. The cards look and function like traditional credit and debit cards and can be used anywhere the card network (American Express, MasterCard and Visa) is accepted, including online and around the world. However, they do have a significant difference to credit and debit cards: they access a set amount of funds that have been pre-loaded for a consumer by a consumer, business or government. According to MasterCard Canada the industry is expected to reach CDN$ 4.9 billion in merchant spend in Canada in 2015. “While Canada has one of the most progressive populations with respect to adoption of financial services, this study shows that there are still concerns with payment security, budgeting and managing finances, and open loop prepaid cards can help alleviate those problems,” said David Eason, CPPO co-founder and Chairman of the CPPO and Berkeley Payment Solutions. “Open loop prepaid products are the fastest growing form of electronic payment in the U.S., with USD$200B in merchant spend in 2014. Canada’s market is expected to follow this growth trend as many Canadians look for secure and convenient ways to manage their finances, budget and reduce debt.“ Other survey results: • Three quarters of Canadians prefer not to carry a lot of cash; current financial products aren’t fully meeting their needs • Three quarters (74 per cent) of Canadians prefer not to carry a lot of cash and 78 per cent use less cash than they used to. Despite
this fact, 65 per cent are concerned about using their debit and credit cards at online retailers and 45 per cent are worried about security of their cards. • Vast majority of Canadians (82 per cent) want payment cards that avoid overdraft or interest charges • Open loop prepaid cards access a set amount of funds, so Canadians can avoid overdraft fees, NSF fees and interest charges. The majority (82 per cent) of Canadians want a payment card where they would not be charged those fees. • Less than one-third of Canadians set a budget, stick to a budget and have difficulty tracking their spending • Fifteen per cent of Canadians rarely or never stick to a budget and 12 per cent never even set budgets. Almost one-third (30 per cent) cited difficulty in tracking spending. And 40 per cent of Canadians would welcome a payment card with a set spending limit, such as an open-loop prepaid card, so they can stick to a budget. • Canadians starting to look for new ways to manage finances; one-fifth use gift cards to set spending limits; one-in-four want a payment card with a spending limit; more than half would consider using open loop prepaid cards Some Canadians are starting to use and seek out tools that help them set spending limits and budget. One-fifth (21 per cent) of Canadians are using gift cards to help them set personal spending limits when they shop, 40 per cent want a payment card with a set spending limit, and over half (60 per cent) want online services or apps to help them budget. One solution Canadians are considering is open loop prepaid cards as they offer consumers a set spending limit, so they can stick to a budget as well as access online tracking tools and text alerts to help them monitor spending. After learning about the benefits of open loop prepaid cards, over half (55 per cent) would consider using one.
Twenty-five per cent of people would share their DNA for faster mobile authentication The majority of people who use mobile banking want their mobile devices to instantly recognize them through biometric technology rather than ID authentication such as passwords and usernames. The report was carried out by Telstra, an Australian telecommunications company, and it surveyed over 4000 generation X and Y consumers of financial services in seven countries including the US, Australia and the UK. The report found that smartphone is the most frequently used method of banking 4
PAYMENTSBUSINESS
amongst Gen X and Gen Y people. The findings reveal that most people demand instant verification such as facial or fingerprint recognition that requires little interaction on their part. Two-thirds of people surveyed believe that voice, fingerprint and facial recognition are more secure and help reduce fraud. A quarter of people says they would be happy to share their DNA with their bank if it meant it would the authentication process easier. However, at the same time, less than half of the people are satisfied with their bank’s
security and one out of three has actually been a victim of identity theft. On the financial institutions’ side 62 per cent of financial executives say that they do not think they are investing enough in security solutions. However, nearly 90 per cent are planning to change that. “For ‘no-finapp-phobic’ Gen X and Gen Y consumers it’s time to create mobile identity solutions that instantly recognize them for who they are,” says Rocky Scopelliti, Global Industry executive for Banking, Finance & Insurance, Telstra. JULY/AUGUST 2015
Celebrating a world of potential. As a leader in the Advancement of Women, Scotiabank is committed to supporting women in reaching their full potential. Through our Bright Future philanthropic program, we continue to support local communities and women’s initiatives around the world. Today, Scotiabank congratulates all of the Women in Payments Award winners and celebrates the innovators and leaders in the payments industry.
scotiabank.com
Local strength. Global reach. C o r p o r a t e & I n v e s t m e n t B a n k i n g | C o m m e r c i a l B a n k i n g | C a p i t a l M a r k e t s | C a s h M a n a g e m e n t | Tr a d e F i n a n c e ™ Trademark of The Bank of Nova Scotia, used under licence (where applicable). Scotiabank is a marketing name for the global corporate and investment banking and capital markets businesses of The Bank of Nova Scotia and certain of its affiliates and agencies in the countries where they operate, including Scotia Capital Inc. and Scotia Capital (USA) Inc., which are non-bank affiliates of The Bank of Nova Scotia and authorized users of the mark. Scotia Capital Inc. is a Member-Canadian Investor Protection Fund. Scotia Capital (USA) Inc. is a registered broker-dealer with the SEC and is a member of FINRA, NYSE and NFA. Not all products and services are offered in all jurisdictions. Services described are available only in jurisdictions where permitted by law.
NEWS
Banks look at top to bottom reinvention Technology and new game-changing players like Apple Pay are causing a “top to bottom reinvention” of banks and the traditional business model, says Victor Dodig, the chief executive of Canadian Imperial Bank of Commerce. But rather than take a ‘defensive’ approach to technology-driven disruptors in areas such as retail payments and peer-topeer lending, Dodig says CIBC is committed to keeping pace to give customers the ability to bank when, where, and how they want. That means recognizing the bank can’t do everything alone, and ‘embracing and deepening collaboration and strategic partnerships with outside innovators, [and] working with new tech partners and networks, says Dodig. “If you believed all of the doom and gloom being written about banking these days, you would think it’s just about all over for us – that the Apples, Googles and others … are about to put us out of business, and that our clients are set to desert us in droves for new financial services providers, that is simply not the case,” he says. CIBC is committed to investing in modernizing the bank to “transform legacy platforms, organizations and cultures,” and matching the rapid change and innovation of competitors “stride for stride,” says Dodig, who took over as chief executive of Canada’s fifth-largest bank in September. “We intend to be there with our clients as they adopt new technologies and look for secure, easier and more flexible ways to look after their day-to-day banking needs,” he says. CIBC became the first major bank in Canada to participate in Suretap, a new mobile digital wallet that allows clients to store multiple payment cards in a single app and pay with their phone at thousands of retailers in Canada where contactless payments are accepted. “In 18 months’ time, I think all the relevant participants that have relevant technology that are either in the Android space, in the BlackBerry space, in the
6
PAYMENTSBUSINESS
Apple space, will play a role in the financial ecosystem,” he says. Despite his commitment to play in the new game, Dodig says the bank will, for the time being, maintain old ways of doing business that customers want. New entrants might struggle to disrupt some areas of traditional banking because clients “will continue to rely on the safety, strength and security of wellcapitalized banks like CIBC,” he says. Banks will also continue to profit from relationships they have built with their business and personal banking clients. “With all the talk about technology and innovation, you might conclude that relationships are becoming less important; in fact they matter more than ever,” Dodig says in his remarks. “We’re focused on deepening client relationships by being innovative in developing the channels our clients use every day. We are investing in areas that make it easier to do business with us.” Dodig says CIBC has a history of embracing technology and innovation. It was the first Canadian bank to provide an automated teller machine in 1969, and the first to offer telephone and online banking. CIBC also pioneered drive-thru branches in the 1950s and 60s. He predicted that branches will continue to exist, but that the branches of the future will be “smaller and smarter.” Dodig says 80 per cent of all transactions are now conducted outside the branch, a figure that is expected to grow. He also suggested that overall size won’t always matter for the banking industry. “The strongest banks of the future will be more regional than global and will increasingly partner with like-minded organizations to provide their clients with access to global markets and financial transactions,” Dodig says. “In my view, the operational complexity, competitive pressures and varying regulatory frameworks facing global banks has created an environment where, the costs of being a truly global bank far exceed the benefits.”
Bitcoin startup adds Visa founder to its board of advisors Xapo, the bitcoin startup, is continuing to follow the trend of crypto currency companies becoming financially respectable by adding Wall Street veterans to its new advisory board. One of the new advisors is Dee Hock, the founder of Visa. Hock sees bitcoin as the way forward and out of, what he sees as, archaic financial structures. “We live in the 21st century but are still using command and control organizational structures from the 16th century. Bitcoin is one of the best examples of how a decentralized, peerto-peer organization can solve problems that these dated organizations cannot,” said Hock. John Reed is another addition to the board. He’s the former chairman & CEO of Citibank. During his tenure Citibank developed the modern ATM, and ‘helped redefine the modern retail banking experience’. “Bitcoin represents a real opportunity for changing that. Money at its core is simply a ledger for keeping track of debts and bitcoin is truly the best iteration of a universal ledger we’ve ever seen,” said Reed. The final appointment is Lawrence H. Summers, the former Secretary of the Treasury during the Clinton administration. “Bitcoin offers, for the first time, a method for transferring value and making payments from anywhere to anywhere, in real-time, without any intermediary,” said Summers. These appointments come at a time when bitcoin companies are beginning to acquire legitimacy and mainstream acceptance. First, came the bitcoin startups that sought to be recognized as credible financial institutions by submitting to government regulation. Now the interest has been reciprocated by the financial industry.
JULY/AUGUST 2015
News
More Canadians than Americans satisfied with prepaid cards
Virgin Mobile simplifies payments with PAYFORT
Six in 10 Canadians are aware of reloadable open loop prepaid cards but only 29 per cent have used one (compared to 60 per cent in the U.S.). A higher level of Canadians (73 per cent) have expressed satisfaction with reloadable open loop prepaid cards than Americans, where there is a 70 per cent satisfaction rate with open loop prepaid cards. “The survey findings reinforce what we know: Canadians are looking for more payment options that meet their needs. Open loop prepaid cards provide the safety and convenience Canadians are looking for and we have joined the CPPO to help further educate consumers and businesses about the benefits,” said Tom McTague, VP, Prepaid, MasterCard. Because of the growing popularity of open loop prepaid in Canada, and on a global scale, the not-for-profit CPPO has launched with the support of major financial institutions, card networks and other industry players. “Canada’s leading payment players have created an Association that will be the educational resource for open loop prepaid card information, so that consumers and businesses can have the best experience with the products,” said Jennifer Tramontana, CPPO co-founder and executive director. “This industry is expanding by leaps and bounds and the time was right to give it a voice.” Open loop prepaid cards are a cost-effective, flexible and easy-to-use payment tool. The cards can be used anywhere the card network (American Express, MasterCard and Visa) is accepted, including online and around the world. They are rapidly replacing cheques as a less expensive and more secure option for issuing payments. Open loop prepaid cards look and function like traditional credit and debit cards at the point-of-sale and offer the same fraud and loss protections offered by the card network with a significant difference— they access a set amount of funds that have been pre-loaded by a consumer, by a government or by a business. The CPPO is a not-for-profit organization and the collective voice of the open loop prepaid payments industry in Canada. It is the only Association solely focused on this growing industry and is supported by major financial institutions, card networks and other industry players. The CPPO is focused on awareness and education so that consumers and businesses can have the best experience with these popular products. Members of this not-forprofit organization include major financial institutions, payment card networks, program managers and key vendors that support the growth of this industry. Founding members include: American Express (Amex Bank of Canada), Bank of Montreal, Berkeley Payment Solutions, Home Trust Company, Incomm Canada, MasterCard Canada, Peoples Trust Company, RBC, Scotiabank and The Fletcher Group LLC. Supporters include Cassels Brock & Blackwell LLP and Blake, Cassels & Graydon LLP.
Virgin Mobile Saudi Arabia will expand the variety of payment options it offers to mobile subscribers in the Kingdom via an agreement with PAYFORT, the Arab world’s leading online payment service provider. The new Saudi operator, which is on a mission to Make Mobile Better, will be able to provide customers with a seamless payment experience and a wider range of payment options, including secure payment transactions via mobile devices. “PAYFORT’s online payment platform allows us to offer subscribers the option to pay safely and easily via whatever connected device they are using,” said Karim Benkirane , CEO of Virgin Mobile Saudi Arabia . “We have worked hard to provide Saudi subscribers with easy ways to engage with the Virgin Mobile brand including a great user experience via mobile devices. PAYFORT seamlessly integrates with our existing online platforms to provide added convenience for our customers.” Virgin Mobile Saudi Arabia recently won an award for Best Online Experience at the regional Customer Experience Management in Telecoms Middle East Summit in recognition of the operator’s innovative approach to serving members via social media and web channels. “Today’s consumers are looking for easy ways to purchase from brands and increasingly payment via mobile devices, this is particularly true for the tech-savvy youth segment of the market” said Omar Soudodi, Managing Director of PAYFORT. “PAYFORT’s online payment platform will allow Virgin Mobile subscribers in Saudi to pay in the way most convenient to them via any connected device, whilst remaining immersed in Virgin Mobile’s user experience.” PAYFORT has the solutions that meets the needs of the operator’s mobile customers, without forcing subscribers to leave Virgin Mobile’s web experience. ”PAYFORT provides a variety of payment options to help mobile operators offer subscribers more ways to pay, thereby increasing sales,” added Soudodi. “The Middle East’s appetite for mobile services and e-commerce is growing fast and so there’s a clear opportunity for mobile operators to lead the way here.”
JULY/AUGUST 2015
To send press announcements, please direct them to Karen Treml, Editor, at karen@paymentsbusiness.ca
PAYMENTSBUSINESS
7
Event Roundup
Cardware 2015 Were You There? By Catherine Johnston
8
PAYMENTSBUSINESS
I
’m sure you’ve been to your fair share of conferences – some good, some disappointing, and a few that were great. I share those experiences with you. For that reason, I wish there was a word other than ‘conference’ to describe Cardware. Let me describe the event and perhaps you have a word I could use. Take more than 300 senior payment stakeholders who represent issuers, acquirers, merchants, payment networks, regulators, and the industries that supply them with products and services. Bring them from Canada, the United States, Europe, Norway, the UK, Turkey, and New Zealand. Provide them with information from 37 presentations and panels and then watch them take advantage of every minute to share information, insights, and ideas. Payments are not for the faint of heart. The industry is pressed to find business cases for a growing number of form factors, such as mobile phones, tablets, wearables, and even glasses. The investment to make each of these happen can be steep, even though the increase in revenuedriving transactions is modest. Issues of privacy, security, and customer experience all demand attention. Digital currencies and dynamic currency conversion also claim the industry’s
attention. Tokenization and P2P encryption, along with HCE and customer authentication, were all topics of conversation. Delegates talked about the massive amounts of data that will be generated by the Internet of Things and discussed whether that could create privacy issues. Balancing cautions and concerns, were enthusiastic discussions about mobile point of sale, POS applications that drive value for merchants, and in-store mobile payments. Payment networks met with major Canadian merchants to discuss areas of mutual interests. Merchants met to discuss mobile strategy and, at a second meeting, considered a data breach analysis option. ATMIA hosted a town hall meeting where delegates could learn more about issues facing the ATM industry. In addition to all the content, Cardware was once again where people connected with the other stakeholders who work with them to provide secure payment and digital ID. We always say that what happens at Cardware doesn’t stay there! It takes a great number of people to deliver opportunities and overcome barriers that are a part of the daily fabric of payment. ACT Canada is pleased to bring them together to help them meet their goals. So, I still don’t have a word JULY/AUGUST 2015
to describe Cardware, but when I look up the definition of ‘conference’, I find, “the act of conferring or consulting together; consultation, especially on an important or serious matter”. That does describe a large part of Cardware, but it misses one key element. When you listen to the crowd at Cardware you hear excitement, commitment, and enthusiasm for all things payment. You can almost see people’s emotional batteries recharge. They ask questions and share ideas. They build and strengthen relationships for the benefit of their organizations and their careers. So, is there a word for that? If you were at Cardware, we thank you for helping to make it a success and we look forward to seeing you next June as we look at new opportunities and challenges. If you weren’t there – we look forward to also seeing you there next June. Catherine Johnston President & CEO ACT Canada: stakeholders driving the evolution of payment and digital identity Chairman: ISCAN, the International Smart Card Associations Network ca.linkedin.com/in/ catherinejohnstonact/ www.actcda.com
Want to know more about your card programs? Do you issue fleet cards? Manage transactions? Is it vital to keep on top of technology which affects your mobile solutions?
Sign up NOW for a free subscription to Payments Business magazine. Visit our website at www.paymentsbusiness.ca and learn more about the magazine Payments Business is a Lloydmedia, Inc publication. Lloydmedia also publishes Financial Operations magazine, Canadian Treasurer magazine, Canadian Equipment Finance magazine, Direct Marketing magazine and Contact Management magazine.
CYBERSECURITY & COMPLIANCE
The Evolution of Payment Fraud: A Perpetual Game of Catch-up How it works
By Karen Cox
10
PAYMENTSBUSINESS
While the motives for fraud are simple, the execution of fraudulent activities can be complex. By definition, payment fraud is the act of stealing, storing, or selling personal information, including names, addresses, social insurance numbers, and credit card credentials. This information can be collected through a variety of means: hacking into databases, phishing scams, and even by sorting through discarded mail. Once a card number is stolen, the fraudster’s next step is usually to conduct a nonsuspicious transaction, such as a small purchase or a donation to charity, as a means of verifying
that the stolen credentials are still active. Once verified, cards are bundled and sold by brokers. The more pieces of personal information accompanying a card, the higher its value on the black market. Stolen card information often ends up being sold on websites devoted to card fraud. On these sites, stolen information is categorized, classified, and then sold in batches to cyber criminals. Much like content-piracy sites, stolen card marketplaces are hosted on internet sites that are easily accessible to the general public. Typically, these sites are run on servers in countries that suffer from a lack of national and JULY/AUGUST 2015
international regulation making it difficult for other countries with more rigorous controls to clamp down and block access to the malicious sites When conducting a fraudulent transaction online, a shipping address must be provided as part of the checkout process. This involves yet another party – people who knowingly or unknowingly allow products to be shipped to their homes in exchange for a fee. The industry has a name for these accomplices: mules. Mules accept the shipment to their legitimate address and quickly after the shipment arrives, the package is whisked away by a different person to be resold.
Humble beginnings Introduced in 1950, Diners Club was the first general purpose credit card. Bank of America followed and launched the Bank Americard, the first card with revolving credit. Bank Americard would later become the world’s leading card brand, Visa. Before the internet and dial-up modems, merchants prevented fraud through use of a hotlist - a paper list of known stolen or compromised credit card numbers. For each credit card payment, the merchant would compare the numbers on the card against the hotlist. Merchants also had the option to ask the customer to present
identification as another means of verification, or to verify the card over the telephone with the issuer. Long, frustrating lineups at the checkout counter were common. If there was no suspicion of fraud, the merchant would manually take an imprint of the card (now famously remembered by the term “knuckle buster”), have the customer sign the receipt, and the transaction would be complete. This system had serious flaws and was an easy target for fraud. Hotlists took time to publish and distribute resulting in a significant lag between what was published and what was actually going on JULY/AUGUST 2015
in real-time (people reporting their cards as lost or stolen). Of course, asking for a buyer’s signature didn’t stop many fraudsters from perfecting their signature forgery skills. By the 1970s, fraudsters found more opportunities. Credit card companies had been mailing unsolicited cards to millions of people deemed to have good credit. Criminals would open mailboxes, remove the cards, and begin using the stolen cards to make purchases. Because the intended recipient had no way of knowing their card was missing and being used maliciously, it was common for large purchases to be made
using the stolen card before the crime was even detected. In 1979, the first point-ofsale terminal was introduced. For the first time, a merchant could be directly connected— at first by telephone modem— to the credit card networks to verify magnetic stripe cards electronically in real time. With each transaction, the terminal would ask the issuer if the card was valid and if the buyer had sufficient credit available. Verification was still done by signature, but merchants could now access a real-time authorization system. However, cards with magnetic strips were easily copied, and signatures (the PAYMENTSBUSINESS
11
CYBERSECURITY & COMPLIANCE only means of verification) were easily forged. With limited authentication, hackers could easily lift card numbers through a process called card skimming and use the compromised data to produce counterfeit cards. The introduction of personal identification numbers (also known as PINs or PIN codes) as a means of verification, provided an extra layer of authentication. In order to leverage the additional security of PIN codes (a well-protected PIN cannot be forged or skimmed), a mechanism was needed to collect the PIN. The Interac Association launched Interac Direct Payment in 1994, a national PIN-based network connecting Canadians to their bank funds through magnetic stripe debit cards. Of course, it didn’t take much time for the fraudsters to crack the early PIN-entry terminals. In response, the industry created PCI PTS or Payment Terminal Security, a standardscreating organization that, to this day, continues to advance the technology and processes required for secure allow for PIN entry and processing. Card skimming is still active and lucrative for fraudsters in the United States, one of the last countries in the world to adopt a payments technology designed to reduce counterfeit card production –EMV.
Enter EMV EMV was created as a means to reduce fraud losses due to the cloning and counterfeiting of cards. First introduced in Europe in the late 1980s, EMV chip cards include embedded integrated circuits and dynamic cryptographic 12
PAYMENTSBUSINESS
data that makes card cloning nearly impossible, and more importantly unprofitable for fraudsters from a time and investment standpoint. Fraudsters will typically gravitate to the weakest part of any system, and EMV has only demonstrated vulnerability against cloning in highly isolated think tank settings. With embedded microchips, an EMV card is no longer the weakest link in the payment processing chain. Rates of credit card fraud in the United States, where the EMV standard has yet to be implemented, are twice as high as in those countries that have adopted the EMV standard. EMV should by no means be considered as the one and only solution required to prevent fraud. Card data will still be passed through the network in the clear unless other layered security approaches are included. Merchants are encouraged to stop handling and storing payment card numbers in clear text at any time. The technology exists to make this feasible and inexpensive, for example: end-to-end encryption, tokenization, and outsourced PCI card-on-file solutions. These solutions are now mainstream and many are offered in market. As long as plastic payment cards exist, EMV will be an important part of transaction security. However, stolen card credentials as a result of hacking and information security breaches can still be used online to make ecommerce purchases (PINs and embedded chips are not used in online transactions). As many have noted, EMV has pushed
fraud online to ecommerce transactions where card data does not include the physical security offered by EMV. The proliferation of internet connected mobile devices has opened both new opportunities for fraud and new opportunities for fraud prevention. While mobile devices are more difficult to track and secure, they can also be used as an authentication mechanism to secure logins and payment transactions. The new battleground is now mobile, and the struggle continues. Merchants have plenty of choices when it comes to selecting tools to manage online fraud. All of the tools are good, but none are perfect. The card brands offer transaction verification tools with varying degrees of protection and friction at the checkout. These are still not enough, and merchants turn to third-parties for the next generation of tools to further secure transactions. Digital signatures, IP addresses, biometrics, device-wiping, and much more, all play a role in verifying the legitimacy of a payment transaction. Even with the abundance of fraud and risk management solutions, merchants are faced with difficult choices when it comes to configuring these tools to meet their business objectives. How much fraud is acceptable? How many transactions should be declined? How much manual verification is feasible? How much friction can be introduced into the checkout flow? What is an acceptable chargeback rate? Should we approve international transactions? As our ability JULY/AUGUST 2015
to use new data grows, the learnings and tools need to be incorporated not only into industry-wide standards, but also easily implemented and adjusted as fraudsters also adjust their skills to counteract the new tools. We can be certain that those committed to fraud will continue to find and exploit vulnerabilities at a pace that matches innovations in payment processing. As payment processors plug holes, fraudsters find new ones. Payment processors create new solutions (mobile payments, for example), only for fraudsters to attempt to find the weakest part of those solutions and attack. Vigilance, an understanding of risk, and an unwillingness to capitulate are required as we move ahead in payments. As Vice-president of Payments and Retail Solutions at Moneris Solutions, Karen Cox oversees Moneris’ product delivery and end-to-end processing technologies across all merchant segments. Ms. Cox joined Moneris in 2000, following operational roles with the Bank of Montreal. She has held responsibilities for new product introduction and system deliveries for integration into the business. In 2005, Ms. Cox became Moneris’ director of new market solutions and led the delivery of analytics for new market opportunities. As director of POS devices and merchant certification, she brought new POS technologies to market and led consulting initiatives as the payment industry underwent tremendous change. She uses her extensive knowledge of the technical, operational, and regulatory drivers of the industry to introduce optimized solutions and process engineering avenues to clients. Over the course of her 20 year tenure, Ms. Cox played key roles in the development of Moneris’ major brand programs, including EMV, NFC and mobile enablement. She currently sits on the Board of Advisors of Advanced Card Technologies (ACT) Canada and acts as a Technical Associate Member at EMVCo.
CYBERSECURITY & COMPLIANCE
Cybersecurity: Not Just an IT Issue The five main steps to keep your enterprise on guard
T
By David Drury
oday’s technology landscape is undergoing major changes with the emergence of new ways to work through applications such as cloud and analytics. As a result, unprecedented transformations have become some of the greatest driving forces to positive global change. However, with new technology also comes new and complex IT security challenges. Cyber-attacks are progressively targeting our workspace and identifying new vulnerabilities. According to this year’s Ponemon Institute study on the cost of data breach, the average per capita cost of a breach in Canada is $250 and the average total organizational cost is $5.32 million as a result of countless attacks compromising at least hundreds of millions of personal records. Globally, the average total cost of a data breach for the participating companies increased 23 per cent over the past two years to $3.79 million. These attacks include stealing and tampering lucrative property – such as spreading malware and fraudulent emails to acquire sensitive information. In addition to financial harm, JULY/AUGUST 2015
equally as important is brand reputation, and the intangible costs and damages that lie. The study described 2014 as being “remembered for such highly publicized mega breaches,” including Sony Pictures. Last year, the hack of the entertainment giant’s systems led to the release of a number of confidential data and personal information of its employees, their families, correspondence, salaries and more. As a result, staff were laid off, the credibility of its executives was tainted, and questions about the company’s practice began to surface. Various parties involved were subjected to threats, extortion, and humiliation – all in front of the public eye. What’s worse, multiple news reports speculated the breach took place months prior to being exposed. IBM studies and research shows us that, on average, it takes companies eight to nine months before they detect a breach. And, that’s only the tip of the iceberg. Many high profile brands were hacked last year, targeting millions of credit cards for information and personal data.
So what does this all point to? Larry Ponemon, the founder of Ponemon Institute, phrased it perfectly when he described this wakeup call as “an enterprisewide issue, not just a technology problem.” Executives need to realize that risk with such a profound impact on a company requires more than just IT experts – it requires empowered decision-making staff as well. In today’s age, brand reputation and customer loyalty is at the centre of your business, so consider it poor planning when security tools haven’t already been established prior to an attack. Frankly, there is too much at stake to take such high risks. Now, organizations have no choice but to be diligent in the steps they take in order to appropriately manage risk and count themselves successful. Here are the five steps every organization needs to take in order to significantly reduce risk and potential damage from a data security breach:
1. Cultivate a risk-aware community Having a select amount of people follow standard procedure isn’t enough to PAYMENTSBUSINESS
13
CYBERSECURITY & COMPLIANCE prevent a breach affecting your system – it takes the entire company to maintain a risk-aware culture. For Canada, 48 per cent of leave incidents were attributed to employee errors and internal system glitches, according to this year’s Ponemon Institute study. Training programs to educate staff on security measures must be established and available to everyone at work. It’s often said, you’re only as strong as your weakest link – and it couldn’t be more applicable for this scenario.
2. Prepare to respond quickly and efficiently The longer it takes to resolve an attack, the more costly it gets – that applies to both your company’s finance and reputation. Time allows the intrusion to sink deep into your systems and allow even more opportunity for hackers to infiltrate your data. Immediate and impromptu responses to unexpected attacks also tend to require a hefty sum of money. The key to prevention is having a rigorous incident-response plan in place, and continually monitor what is happening across your infrastructure.
3. Safeguard your devices There is a proliferation of personal technology in the workplace, with many employees latching on to ‘bring-your-own-device’ (BYOD) programs – offering members the power to go beyond traditional workstations and use 14
PAYMENTSBUSINESS
their own smartphones, tablets and other devices. Unfortunately, this leaves the company’s assets more vulnerable to external activities.
a data-driven landscape, it’s important to keep your managers accountable for guarding the company’s most crucial information.
5. Fight fire with fire IBM personnel use Maas360 from Fiberlink, an IBM company, to identify, control and secure all mobile devices accessing the enterprise. The system adheres to a containerization approach – ensuring corporate data and personal data remain separate. However, even with the toughest BYOD technology solutions – your company is still at a risk. Similar to the first step, education is foundational to your employees. Define which uses are or are not permissible and clearly outline the business’ conduct guidelines.
4. Prioritize and protect what’s most essential to you Apply everything you know about quality over quantity to proprietary data. Typically, this type of data takes up a very small portion of your overall information – specifically less than two per cent – but it can represent as much as 70 per cent of your market value. This data includes trade secrets, intellectual property and confidential business plans and communications. That’s why overseeing this content is crucial. As a leader, ensure your parties have fully identified and classified the crown jewels of the company, then build a program to safeguard those assets. In what is now
Every day, we create 2.5 quintillion bytes of data, and 90 per cent of the total comes from only the last two years. Data is growing quickly and exponentially in the digital age so it’s no wonder that analyzing data to detect and predict a security breach using old methods has increasingly become a global challenge. Organizations need to acknowledge the fact that examining all that data manually simply isn’t an option. In many cases, by the time the attack has been identified, it’s already taken effect and locked into the system. Big data analytics tools have the ability to trace suspicious behaviour before the alarm goes off. Applying analytics to business data drives new insights and positive transformation in the organization. It provides automated, real-time intelligence and situational awareness about the state of security to help mitigate an attack. Integrated solutions help prevent highly sophisticated threats by implementing the right tools to protect and provide predictive analytics – all in a significantly decreased amount of investigation time. Cyber threats are prevalent now more than ever and they can easily affect everyone from your customers and JULY/AUGUST 2015
employees and, ultimately, the entire company. Just this past June, both networks of the Government of Canada and the United States were hacked. These incidents included the stealing of up to four million personal information files of current and former U.S. federal employees and the crash of Canadian government emails and websites, later claimed to be the responsibility of the hacktivist group, ‘Anonymous’. This alone reflects the extreme severity and sophistication of today’s hackers. Studies have shown an influx of data breaches on a national and global scale – proving to be, not just an IT challenge, but a concern that affects the entire population. Regardless of whether it’s driven by social, political, or personal motives, cyber threats are evolving; therefore C-level staff especially need to raise awareness across the board. Recognize the growing issue and avoid the hiccups, headaches – and more often than not – explosions of malicious cyber-attacks by preparing your enterprise with the correct utilities and exemplary practices. David Drury is the General Manager for IBM Global Technology Services in Canada. Over his 31-year career with IBM, Drury has taken on leadership roles as a Systems Engineer, a Client Director and the Vice President for Financial Services. Drury also serves on the board of directors for the Ontario Research and Innovation Optical Network (ORION), the Foundation Fighting Blindness, and as chair of the Board of Governors, Junior Achievement of Central Ontario. Drury’s focus is on advancing the role of IT for his clients’ organization, using emerging technological solutions and collaborative leadership.
CYBERSECURITY & COMPLIANCE
Gamer Safety from the Merchant to the Consumer By Markus Bergthaler
G
amer Safety Week in February was essential for the online gaming community to collaborate and share information. The safety of gamers is vital and it starts with the merchant. MRC merchants understand this and work hard to educate their consumers on best practices. Account takeovers, which are continually changing and adapting, are one of the largest issues many gaming companies face today. They are one of the leading threats in the eCommerce community and can be very difficult to track.
Account takeovers, false positives The average consumer has numerous online accounts with the same passwords and credentials. This makes it easy for a fraudster to jump from account to account once they’ve figured out the password. Although account takeovers and fraud are not easily tracked, that does not mean merchants should give up. It is important to start monitoring established accounts as well as new ones. Fraudsters are targeting consumers with established brand loyalty, using information found on social media. It is important to know your consumers and use the data you have aggregated to discover their shopping patterns. Although a customer may occasionally stray-away from their typical shopping patterns, it is not likely that their spending habits or the products they buy will be astronomically different from previous purchases. Depending on the shopper, reach out to them for confirmation of the purchase before approving the transaction. New accounts should still be heavily monitored, as the majority of fraud cases come from new accounts. Fraud analysts should create rules for flagging new customers with suspicious orders, which may be as simple as matching customer JULY/AUGUST 2015
credentials such as shipping address or IP address. However, merchants should be aware of their company’s false positive rates. Creating a balance between the rules set for purchases is always a best practice. Furthermore, using key factors from the data on file to set parameters will be conducive to consumer’s needs. Updating fraud rules as frequently as possible to keep up with changing fraud trends will save time and money in the long run. Educate your consumers about online safety and the best ways to secure their online identity. Provide a list of procedures on your account sign-in form and at customer checkout. This way the information will not be missed. Provide basic information on account security, such as password guidelines and the importance of diversifying email addresses. Two-factor authentication is a powerful tool that goes a long way in helping to mitigate account takeovers as well.
Third party fraud Many consumers are smart about what they buy. They perform their due diligence and shop around for the best gaming prices. Competitive third party sites offer exceptionally low prices, so it’s easy for a fraudster to sell stolen products through faulty sites that appear to be legitimate. Here’s how it works. A fraudster sells a stolen game over the third party site to a consumer who doesn’t know it’s stolen. As the consumer starts to play, the software tells the merchant that the game was stolen. The person who unknowingly bought the stolen product is then classified as a thief and suspended from playing. At this point the gamer becomes agitated with the company, and finds another game to play. The best way to combat this situation
is to uncover these sites and shut them down. Once you find a faulty site, be sure to contact your company’s legal team so they can pursue termination. It’s important to never track down a fraudster alone without the assistance of your company’s lawyers. Going after a fraudster on your own can backfire, causing the fraudster to get away. The fraudster is then able to get back online and keep selling illegally. Once you dismantle the third party site, it is important to track the steps you used to find them. Fraudsters work in patterns and may re-appear under a different name. Be sure to educate your consumers by explaining the risks of fraudulent third party sites. Explain that these sites look and feel like an actual retailer, but are in fact scams. With the Gamer Safety Alliance, MRC Members have the ability to network with colleagues within the gaming community. This form of networking allows merchants to develop a complex fraud prevention platform to catch criminals. eCommerce has exploded over the past decade and will continue to boom as more and more companies begin to emerge. Now more than ever, merchants should be vigilant in the pursuit of fraudsters. As the world of commerce continues to grow and adapt, so do fraudsters. Keep your tools sharp so you can protect your consumers as well as the company’s bottom line. Markus Bergthaler, Global Director of Programs and Marketing, joined the Merchant Risk Council (MRC) from Wizards of the Coast where he lead and further developed the company’s fraud department. Prior to Wizards of the Coast, Markus worked as a Fraud Manager at E. Breuninger in Germany; allowing him to gain a vast knowledge on international payments and fraud. Being a native to Germany, Markus started his career in Fraud Management at Amazon where he worked predominantly on German investigations. He brings a variety of skills to the MRC including international fraud security, cross-border payment processing, and marketing and business development.
PAYMENTSBUSINESS
15
Securing Mobile Life.
Creating Confidence. Giesecke & Devrient offers a comprehensive range of payment products and solutions based on the latest EMV, contactless and dual interface technologies. Our smart debit, credit and prepaid products are available on a wide range of platforms based on secure and highly flexible operating systems. Alongside the comprehensive portfolio of easily configurable card products and card solutions, we offer all services related to electronic payments including m-commerce and transit. Our services include personalization, system integration, project management and technical consulting from a single source. For more information, please visit: www.gi-de.com/ca
CYBERSECURITY & COMPLIANCE
Our Files, Our Information – Our Issue By Catherine Johnston
18
PAYMENTSBUSINESS
L
et’s cut to the chase. Recently, we were the victims of malware and this is now personal! For more than 30 years I’ve dealt in the world of cybersecurity, even when it wasn’t my primary focus, so I always knew that it was a case of ‘when, not if’ we were attacked. On that basis, you would think that I was fully prepared – but that wasn’t the case and you may be in the same position.
If you are reading this, I’m going to guess that you aren’t the IT risk manager for your organization. I’m also going to guess that you would be both unhappy and inconvenienced if all your files were to disappear forever. One last guess – you are a busy person with many competing priorities, so a part of your data risk management strategy is based on wishful thinking. All of that is normal.
JULY/AUGUST 2015
Why this isn’t an IT issue If you work in IT security you aren’t likely to learn anything from this article, but it might explain why a lot of people are asking you specific questions. If you don’t work in IT security – keep reading. Let’s start with the fact that your files are valuable tools that you use every day. Have you ever looked at an old document and used it as the basis for a new one. You have – good for you. Your employer
CYBERSECURITY & COMPLIANCE should be pleased that you build on previous work rather than spending valuable time to re-invent the wheel. When cyber terrorists take away your ability to do that, it’s as if they have drained your gas tank and forced you to push your car from place to place. Your car, your files – your issue. Having said that, you certainly need help from the IT department. If you have an IT department, count your blessings. In our case we don’t have staff who handle IT, but we are fortunate to have an external company that provides services and a member who has deep knowledge of how to fight cyber-terrorism. While one was working to limit the damage, the other was very helpful in managing our fear. You can’t count on jumping onto the internet to find information in these cases, because you’ve likely pulled the plug on any of your networked devices.
Circling the wagons isn’t a defense! The traditional approach to data security is the same one we’ve used for buildings – secure the perimeter and keep bad people out. That doesn’t deter most people who have a desire to break in. I used to have some great descriptions of a different approach and I’d be happy to share them, except those files are now encrypted and we haven’t paid the ransom to get the decryption key. As a community, we actually do know how to raise the bar on security and most of us have partially implemented it.
Firewalls and data backups are still important, but they aren’t enough. Why haven’t we finished the job, you ask. I can’t answer for everyone, but it is likely a matter of money. Let’s take a look at what it would take.
Tell me who you are and what you want! Looking back 30 to 40 years, most computing was done on corporate mainframes. Every employee who worked with computer files had access to the mainframe, but had to prove to each program that they were entitled to access it. So, only payroll clerks could access the payroll program. Today we usually do this with passwords. Going back again, even when payroll clerks accessed the program, they were limited in what they could do. For example, they likely could not change anyone’s salary. Today that is sometimes controlled by a password, but often it isn’t. Many companies rely on packaged, not custom written, software. It may have options that allow you to restrict access to certain files, but unless you have an IT resource, you likely don’t set them. The bottom line in that case is that anyone with access to your computer files has the right to do anything they want. In our case, the IT terrorists (yes, I do think of them as that) encrypted all our files and are offering to sell us a key to decrypt them.
JULY/AUGUST 2015
What if…? We could control who has the right to create, read, modify, or delete each file. We could control who can download software, who can print, upload or mail files. I know this is possible because I worked for Bull in the 1980s when we designed and built this functionality.
What can we learn from payment? It’s a good thing that we rely on more than just passwords before we let people access their bank accounts through ATMs. It is an even better thing that the ‘thing we have’ – the card – is now highly counterfeit resistant because of the secure chip that replaced the mag stripe. These two factors, the thing you know (the password) and the thing you have (the chip) provide so much more security than the passwords we use to protect our computer files.
How does two-factor work with computers? Some things are the same as with a card at an ATM. Your data access device, whether it is a pc, tablet, smart phone, wearable, or other device talks with the secure chip. It starts by asking the person with the chip whether they are actually the person to whom the chip was issued. At the ATM, this is done when we provide our PIN. Then the chip is checked
to see if it is legitimate. Both these must happen before customers can do whatever it is that brings them to the ATM. The same can happen with access to electronic files. The secure chip is checked to ensure it is legitimate and the person trying to access files is checked to ensure that they are the person to whom the chip was issued. After that you have many options in how you grant access rights. We’ll leave those for another day, but conclude by saying that you would then be in a position to significantly raise the security bar on who can do what with your data.
Is this new? No, many public and private sector organizations do this and consider it to be base line security, but many more don’t. We need to follow the practices of the people who protect our money and adopt secure chip and two-factor authentication for data access, not just for our corporate data, but even our personal files. Firewalls and data backups are still important, but they aren’t enough. Our files, our information – our issue. Catherine Johnston, President & CEO ACT Canada: stakeholders driving the evolution of payment and digital identity Chairman: ISCAN, the International Smart Card Associations Network ca.linkedin.com/in/ catherinejohnstonact/ www.actcda.com
PAYMENTSBUSINESS
19
INDUSTRY UPDATE
ISO 20022 and Real-Time Domestic Payments ISO 20022 is making strong inroads in financial market infrastructures where an open international messaging standard is required, and gaining traction in domestic markets too, particularly for the next generation of real-time payments systems. Stephen Lindsay, head of standards at SWIFT, looks at the progress made by ISO 20022, the advantages it brings to real-time payments, and the implications of a single standard that replaces proprietary domestic standards, and crosses the traditional boundary between value and volume.
By Stephen Lindsay
20
PAYMENTSBUSINESS
ISO 20022 is not a new standard. Work began on the technology of the standard in 2000, and ISO 20022 was officially recognized by the International Organization for Standardization (ISO) in 2004. But, from the outset, ISO 20022 was positioned as a standard for the future: an open standard that would cover all financial business domains, and be flexible enough to work with the latest technology at all times, adapting to new technological developments as they occurred. Financial standards take a long time to get established, and even the best-designed standards take off only if they meet real and immediate needs in the market. For ISO 20022, the moment seems to have arrived. There are more than 70 major initiatives around the world that have committed to ISO 20022, covering payments, cash management, treasury, and the securities business. Many of these initiatives are paymentsrelated. They are driven by payments market infrastructures (PMIs) or new payments schemes. There are two key aspects to ISO 20022. First, it is a methodology, a ‘recipe’ to be followed to create financial messaging standards. Secondly,
SWIFT and ISO 20022 SWIFT Standards is part of the ISO 20022 story from the beginning. SWIFT drafted the original specification as part of the International Organization for Standardization (ISO) working group that developed the standard, and remains the single largest contributor of content. Under contract to ISO, SWIFT Standards also operates the Registration Authority for ISO 20022, which maintains the technical infrastructure of the standard, ensures technical consistency, and publishes the content in a variety of formats. SWIFT Standards works with the user community to define, formalize and publish market practice guidelines, which describe how messages should be used in particular business contexts, and to specify common recommended implementations. Community representation is through market practice working groups, including the Payments Market Practice Group (PMPG), Securities Market Practice Group (SMPG) and Common Global Implementation (CGI).
it is a body of content. In this context, content means the message definitions themselves and the other content required by the methodology to explain the underlying concepts and processes in the business domain to which the messages will be applied. Importantly, implementation of ISO 20022 is independent of any specific technology. This reflects the sound assumption that technology tends to change faster than the fundamentals of the financial business it supports. The investment users make in the standard is therefore ‘future-proofed’. Users can update to the most appropriate implementation technology JULY/AUGUST 2015
without breaking the link with the underlying standard. The key advantages of ISO 20022 are therefore clear. First, it is an open standard that is not controlled by a single interest, and open to participation from its user community. Secondly, its scope covers the entire financial industry, so consistent end-to-end business processes can be realized via a single standard. Thirdly, ISO 20022 implementations make use of mainstream, well-supported technology and can adapt to new technologies as they emerge. These technologies offer important technical advantages over older proprietary equivalents, such
INDUSTRY UPDATE as support for non-Latin character sets. There are many other reasons why financial market infrastructures (FMIs) in particular have become early adopters of ISO 20022. One is timescale. FMIs tend to plan with longer time-horizons than other businesses, so the appeal of a well-managed, technically advanced and adaptable standard is obvious. A second is regulation. Regulators understand that the services provided by FMIs provide critical steps in wider business processes, and are likely as a result to require the use of ISO 20022 to drive safety and efficiency in those processes. For example, the European Central Bank (ECB) has recommended that the Real Time Gross Settlement System (RTGSs) built by the Eurosystem – TARGET2 – should adopt ISO 20022. This is partly to ensure that the payment leg of a securities transaction will be consistent with the ISO 20022-based settlement process defined for TARGET2Securities (T2S), the single securities settlement system for Europe that is expected to begin operations in 2015. A third reason FMIs are at the forefront of ISO 20022 adoption is the ‘topology’ of their relationship with their customers. Standards are used in many types of business process, some of which are inherently ‘many-to-many’ – that is, they involve many peer organizations interacting with many others – rather than point to point. Finally, FMIs are aware that their participants, such as global banks, have many other infrastructures with which they
The Canadian Payments Association and ISO 20022 “We see ISO 20022 adoption at a tipping point globally. As the payments market infrastructure for Canada, we are adopting ISO 20022 as part of a comprehensive strategy to modernise Canada’s payment system. Our approach capitalizes on the value of the standard for all payment participants in Canada: reduced costs for those managing multiple standards today, greater domestic and global inter-operability and setting the stage for innovation and efficiencies across our economy through enhanced remittance data.” ~ Gerry Gaetz, president and CEO, Canadian Payments Association
need to work. As responsible actors in the global financial system, they recognize that adopting the same ISO 20022 standard as their peers around the world can help to achieve greater safety and economies of scale at the global industry level. The first FMIs to implement ISO 20022 were drawn from the payments industry. The European legislation that led to the creation of the Single Euro Payments Area (SEPA) mandates the use of ISO 20022 as a common format. By standardizing information exchange in this way, ISO 20022 is making a crucial contribution to achieving the SEPA goal of replacing national payments arrangements with an integrated system for euro payments, credit transfers, and direct debits across 28 member-states of the European Union (EU), the four members of the European Free Trade Area (EFTA) plus Monaco and San Marino. Since the migration to SEPA began, a number of other ISO 20022-based initiatives have gone live, in a variety of different markets. They cover a range of payment JULY/AUGUST 2015
schemes, from RTGS systems handling high-value payments (HVPs), such as the Indian RTGS, to low-value payments (LVPs) systems, such as the STEP2 system operated by the Euro Banking Association (EBA) and the New Payments Platform (NPP) proposed by the Reserve Bank of Australia. Importantly, the Canadian Payments Association, which operates the retail payments infrastructure in Canada, will adopt ISO 20022. There are many more ISO 20022 initiatives at different
stages of development, from industry consultation to live operation (see ‘Global ISO 20022 adoption by Payment Market Infrastructures’). In fact, the convergence of the payments industry on the ISO 20022 standard is gathering pace throughout the world. It is a healthy development, because it brings a measure of consistency to a fragmented landscape of overlapping standards. Most standards are proprietary or local or both, and they vary widely in terms of their functionality, notably in their capacity to carry remittance information. The opportunity to compete through innovation is an important one for banks, because the payments industry is undergoing a period of great upheaval. New and non-traditional competitors are emerging, while regulators are pressing FMIs to deliver faster and cheaper payments in response to consumer pressure and in pursuit of economic growth. Many of the conventional
PAYMENTSBUSINESS
21
INDUSTRY UPDATE distinctions in the industry are breaking down. That between ‘value’ (associated with HVPs) and ‘volume’ (associated with LVPs) is blurring, as regulators push LVP payments timetables closer to real-time. The distinction between domestic and cross-border payments is also disappearing, most obviously in the case of SEPA. In their place, new orthodoxies are emerging. One is that ISO 20022 is now the default choice of messaging standard for new or revitalized payments systems, whatever their market position. It is replacing proprietary domestic and international standards. A second is that even domestic payments are now expected to accelerate, as they catch up with consumer expectations and the commercial supply chain. In short, domestic payments are moving towards real-time processing. The market for real-time domestic payments is gathering pace, with 16 systems in operation worldwide, four more in development and at least another five countries exploring how to implement such a system. Most of the systems now live have opened since 2008. They include Faster Payments in the UK, the IMPS system in India, the NIP mobile payments-enabled system in Nigeria, the Bankgirot/SWISH platform in Sweden, Express Elixir in Poland and G3 in Singapore. In addition, the NETS system in Denmark, and National Switch in Palestine, are in development. Countries that have recently announced their intention to build a new real-time retail payments systems (RT-RPS) to 22
PAYMENTSBUSINESS
replace an existing platform, or develop a faster alternative, or are in the process of formal or informal industry consultations on the topic, include Australia, Hong Kong, New Zealand, and the U.S. In the U.S., the Federal Reserve Bank has recently released a strategic consultation paper on real-time retail payments. The evidence suggests that RT-RPS are on the cusp of a period of accelerating growth. In fact, an interesting parallel can be drawn between the potential future development of real-time domestic payment systems and the historical adoption of RTGSs by central
banks. Since the early 1990s, according to the International Bank for Reconstruction and Development (IBRD, or World Bank), RTGS implementations have grown from five markets to more than 110 (see “Will RTRPS follow a similar adoption curve to RTGS?,”). If the development of RTRPS follows a similar trajectory to RTGS, the market is already somewhere between the early adopter and early majority phases of the five categories of adopter outlined by Everett Rogers in Diffusion of Innovations, first published in 1962 (see ‘Will RT-RPS develop faster than RTGS?’). However, JULY/AUGUST 2015
there is a critical difference: RT-RPS has reached this stage in just five years, compared to ten for RTGSs. This reflects a general increase in the pace of innovation observable in many markets. At the risk of over-simplifying, extrapolation suggests that RT-RPS will be adopted twice as fast as RTGS. In the case of RT-RPS, the payments industry is currently in a period of experimentation, with many different approaches being tried. As ‘early adopters’ give way to ‘early majority’, the results of these experiments will become evident. The payments industry will then need to evolve a consensus around the optimum design for RT-RPS, and what aspects of that design can be standardized. However, it is already possible to agree the key characteristics of a successful RT-RPS: round-the-clock availability, and immediate, certain and irrevocable payment (see ‘Key characteristics of an RT-RPS’, page 10). While there is industry consensus around these core characteristics, variations in implementation have emerged. For example, not all RT-RPS offer 24/7 availability (Brazil, Taiwan, and Japan do not) although all systems strive to attain that goal. Notions of immediacy carry different connotations too. In Mexico, banks must post the money to the account of a beneficiary within 30 seconds. In the UK, by contrast, Faster Payments mandates two hours. These (and other) differences are likely to persist for some time. But one common denominator has emerged at all the RT-RPS that are developing now: the
INDUSTRY UPDATE
Key characteristics of an RT-RPS • 24x7 availability: consumers should be able to make a payment at any moment • Immediacy: the transferred amount should be available on the beneficiary’s account in real-time or near real-time • Irrevocability: once a payment has been initiated, it cannot be revoked • Certainty: both ordering and beneficiary customers must be notified that the payment has been accepted or rejected by the beneficiary’s bank
adoption of ISO 20022 as their messaging standard. This is true of Bankgirot/SWISH in Sweden, Elixir Express in Poland and FAST in Singapore. It is also true of Nets in Denmark, which goes live in November 2014, and of the NPP in Australia, which aims to go live in late 2016. ISO 20022 is already delivering significant benefits
to users of payments market infrastructures. It is bringing consistency to the definition of payments data, with the ultimate promise of enabling banks to re-deploy expensive resources, and reduce switching costs, while creating scope for them to compete through innovation on service range and quality. The real-time payments
market has embraced ISO 20022, and that is already driving greater consistency in implementation. However, there is still a great deal of variation in real-time schemes and systems. As the market matures, further convergence of system requirements and design, stretching far beyond data and messaging standards, will open up a new market in re-usable or modular implementations of real-time payment processing. These will further reduce the cost and time-to-market for realtime schemes, accelerating adoption and benefiting many more domestic markets. Stephen Lindsay joined SWIFT in 2007 and currently heads the Standards department. Prior to joining SWIFT, Stephen spent 17 years as a technical
architect and product manager for a financial software vendor, specializing in the design and implementation of payments and integration software for an international market, with a strong emphasis on the implementation of domestic and global financial standards. SWIFT Standards operates the annual maintenance process for the MT message standard, which is used by 10,000 financial institutions around the world and covers diverse financial business areas including international payments, asset servicing, securities settlement, treasury and trade finance. SWIFT Standards is also a key contributor to the ISO 20022 standard. SWIFT initially developed ISO 20022 and SWIFT Standards remains the largest single contributor of content to ISO 20022 and also operates the Registration Authority, responsible for guaranteeing the integrity of the standard and publishing the content. Stephen has gained indepth knowledge of the technology of standards and of the operational, organizational and political aspects of managing a widely used international standard.
WOMEN IN PAYMENTSTM SYMPOSIUM 2015
SAVE THE DATES! SEPTEMBER 15 & 16 New this year: Join us at an exciting Awards Dinner on September 15! Award nominations open until June 15 See womeninpayments.org for program and other information
JULY/AUGUST 2015
PAYMENTSBUSINESS
23
Remote Deposit Capture:
Faster, Easier Cheque Processing A key to more efficiency and increased cash flow
P
By Derek Vernon
24
PAYMENTSBUSINESS
icture this: Being able to deposit cheques anytime, any day, from your office and from your home. Imagine gaining 30 minutes back in your day by no longer having to find parking, wait in line at the bank, and fill out deposit slips. Envision a more efficient and timely cash flow management process for your business. Canadian banks are now making this possible by introducing remote deposit capture services. For businesses of all sizes,
ensuring that the accounts receivables department is able to more efficiently process payments coming in is one of the most vital ways of improving cash flow. While many industry articles shine a light on the need to move away from cheques to electronic payments, cheques remain a critical payment method for Canadian businesses of all sizes. However, remote deposit capture can make the cheque deposit process far less manual and time intensive, JULY/AUGUST 2015
creating greater efficiencies and improving cash flow. While remote deposit capture is a new technology to Canada, U.S. banks have been using remote deposit capture to enhance the cheque clearing process for over a decade. Remote deposit capture technology enables businesses to scan paper cheques from any location using an easy-to-use desktop scanner with cheque imaging software. The cheques are then transmitted to the bank
Pay Channel
As more Canadian banks start to introduce remote deposit capture services, it’s important to understand exactly what your business is getting.
through a secure connection for processing and clearing.
Whenever, wherever The process is quite simple. Once cheques are inserted into the scanner, the scanner automatically captures the cheque images on both sides, along with the remitter bank account information. When the scanning is complete, a summarized view of all the scanned cheques is prepared for your review. The deposits
require no slips or paperwork on the employees’ part, and can be completed at any time. The funds from the processed cheques are then deposited into a designated business account, providing quick access to cash. Businesses can now deposit cheques whenever and wherever it is most convenient for them – even after the bank’s closing time. This increased availability helps improve cash flow and enable extended time for same-day JULY/AUGUST 2015
deposits. Recently, a major agricultural company started to use remote deposit capture and in just one year, reduced the time it took to complete manual deposits by more than 80 per cent. Now, the company can complete the cheque process in just five to 10 minutes per day, saving an average of 1,700 hours per year. In addition to time, paper, courier, and transportation cost savings, remote deposit capture also dramatically reduces the need for deposit adjustments caused by human error. Eliminating manual touch points also helps reduce security and fraud risks. Once scanned, cheques are converted to images and submitted for deposit without user intervention – and any manual entries are validated by the system. While the time saved from using remote deposit capture allows employees to focus on more strategic tasks. In particular, remote deposit capture services have a tremendous impact on businesses in rural communities and areas impacted by harsh weather, where banks are less accessible and trips to and from the bank to make deposits are even more of an inconvenience. As more Canadian banks start to introduce remote deposit capture services, it’s important to understand exactly what your business is getting. Here are a few important
questions to ask when you’re evaluating this type of offering: • How many cheques can be processed at one time? • Is there training and support available for implementing the remote deposit capture system? • Can I deposit U.S. dollar cheques? • What are the deposit cut-off times? Do they differ from branch cut-off times? • How much time and effort is required to get started? • Are you required to purchase a scanner or will one be provided to you? • For those businesses operating in both the U.S. and Canada, you should also ask your bank if they offer a cross-border, remote deposit capture service and what the service looks like for processing cheque payments in both countries. As cheques continue to be the preferred method of business payments, organizations must find new ways to make cheque processing more efficient and less of a drain on resources. Remote deposit capture does just that while also improving cash flow – an important factor of success for any business. Derek Vernon is the North American Head of Treasury Product Management at BMO Financial Group. He supports all of BMO’s North American Commercial Payment segments, from small business to large corporates including international financial institutions. Derek has more than 19 years of product, sales and strategy leadership experience.
PAYMENTSBUSINESS
25
VERTICAL MARKET
Taking the Friction Out of eCommerce Quite evidently, we need to streamline and secure the payment process
D By Derek Colfer
26
PAYMENTSBUSINESS
igital payments and commerce are rapidly changing – welcome to our connected world. Cisco estimates that by 2020 there will be 50 billion Internetconnected devices globally and with the increase of new, innovative devices integrating payment capabilities, digital commerce is very quickly becoming a reality for shoppers worldwide. Canadians are most definitely no exception; 86 per cent of Canadians have made a digital purchase and 59 per cent have done so in the past three months. But, in an increasingly connected world where the digital consumer shops when they want, where they want, on multiple digital devices, consumers are demanding a seamless and secure experience. Despite a growing consumer preference to buy online, BI Intelligence estimates that approximately $4 trillion worth of merchandise will be abandoned in online shopping carts this year, and about 63
per cent of that is potentially recoverable by online retailers. So how do retailers and service providers combat shopping cart abandonment? Below are key trends and opportunities that will transform the digital payments landscape in Canada, both online and in-store, turning browsers into buyers through a more streamlined checkout experience.
The omni-channel world Visa recently sponsored and spoke at eTail Canada and STORE 2015, two multi-channel conferences dedicated to the dynamic needs of the retail industry in Canada. With the consumer now controlling the digital path to purchase, progressive retailers are required to provide shopping experiences that consistently inform and deliver value at both physical and online shopping sites. Indeed, the increase of mobile payments in the world of eCommerce figured prominently at both conferences. No wonder JULY/AUGUST 2015
– today’s computing power in your mobile device is a million times cheaper, a thousand times more powerful and a hundred times smaller than MIT’s lone computer in 1965. Fast forward to projections that global mCommerce (mobile commerce) will reach $14.1 billion by 2017, there are lots of reasons why lots of folks are making some really significant bets on mCommerce. Consider Amazon, with projected 2014 U.S. mobile sales of $16.8 billion. Internet Retailer estimates that 21 per cent of Amazon’s total U.S. sales stem from smartphones and tablets, and comScore Inc. predicts that 29 per cent of Amazon shoppers only shop on mobile devices rather than desktop or laptop. Canada is well positioned to embrace the move to mCommerce. Canada has continually had one of the greatest adoption rates of smartphones in the world with 77 per cent of people never leaving home without them. Our relationship with our mobile is deepening and it’s becoming
VERTICAL MARKET a key source for multiple payment methods, securely digitizing cards through Near Field Communications (NFC). According to the Visa Digital Commerce Index, 68 per cent of smartphone owners are aware of NFC or Quick Response (QR) codes, with 65 per cent likely to make NFC or QR payments in the next six months. Today, approximately seven Visa payWave contactless transactions happen every single second across the country. Further, Canadian banks have established themselves as world leaders in NFC payments. To date, all of the top five Canadian banks – Desjardins, CIBC, RBC, Scotiabank, and TD – have developed and deployed mobile and NFC payments to their consumer base and have embraced NFC more than any other market. Canada is truly unique as it relates to this NFC activity – no other geography or region comes close. Yet, our ‘Digital Commerce Index’ found 42 per cent of smartphone users abandon online-based mobile transactions because entering billing and shipping
information is too difficult and, not surprisingly, security is still a top consideration with only 65 per cent of PC users and 55 per cent of smartphone users trusting the security on their device to make online purchases.
Decreasing the friction of online payments Quite evidently, we need to streamline and secure the payment process. Addressing both payment progression and security is paramount. We are helping spearhead ‘tokenization’ technology that replaces your 16-digit credit card numbers with a digital proxy or ‘token’, identifying who you are without exposing any of your contact details. Tokenization generates a unique digital account number that is a proxy for the primary card number and is used to facilitate the payment. Digital account numbers can be device-specific and are designed to make purchases with a specific mobile device. If the device is lost or stolen, the digital account number can be disabled without the need to reissue the initial payment card.
Completely eliminating friction in the online checkout process is a key goal for retailers who are enhancing their eCommerce websites. We launched Visa Checkout to enable consumers to store and use any major credit or debit card to securely speed through an online checkout using only a username and password. comScore cited that nearly 70 per cent of Visa Checkout users convert to online buyers and they are 66 per cent more likely to complete a transaction than customers who must enter billing and card information in a traditional online checkout process. The newly designed online shopping experience has been successfully offered by Canadian retailers including Cineplex, lululemon athletica, Staples Canada, Indigo, and Ticketmaster. For us, it’s about driving and delivering value based on responsible innovation. We need to first understand consumer needs in order to make our products, services and payment capabilities easier to access. Providing APIs, SDKs, and reference apps will allow clients, partners, and
developers direct and secure access to our network to rapidly integrate new, safe, frictionless payment products and experiences that leverage Visa’s global network. For retailers, it’s about making strategic choices and delivering the fundamental core capabilities, including convenience and security, which power the rapidly evolving mobile and online payments landscape. The purchase experience online has to be as frictionless as a contactless experience in-store. Together, we’re helping enable the transition in payments from the physical world to the digital world, simply and easily – no matter what device consumers are using today or will use tomorrow. With more than 15 years of digital and mobile experience in North America, Europe, and the Middle East, Derek Colfer is currently the Head of Technology & Digital Innovation for Visa Canada, focused on mobile innovations like HCE and NFC, core platform technologies and the recently announced Visa Token Service and Apple Pay initiatives. Since joining Visa in 2010, Derek has led several successful mobile initiatives including Canada’s first commercial NFC deployment in 2012.
The customer experience: the journey from good to great During this interactive discussion on business outcomes derived from improving the customer experience we’ll show you why the key to overall success is providing choices that match customers’ expectations.
Direct Marketing invites you to a Free Breakfast Briefing Visit our website for date details
www.dmn.ca
JULY/AUGUST 2015
Presented by
FREE to register www.dmn.ca
You must be registered in advance to attend.
PAYMENTSBUSINESS
27
2015 Industry Events
April April 2 Lloydmedia Inc. - Payments Business Magazine Mobile Payments Workshop Toronto, ON www.paymentsbusiness.ca April 8-10 Smart International Conferences Inc. International Payment Conference Toronto, ON www.inpayco.com April 13-16 NAPCP Commercial Card and Payment Conference San Antonio, TX www.napcp.org April 19-24 NACHA, The Electronic Payments Association, Payments 201 New Orleans, LA www.nacha.org TBA Finovate Finovate Spring Conference San Jose, CA www.finovate.com
MAY May 5-7 Cartes North America 2015 Washington, DC www.cartes-america.com May 11-12 FC Business Intelligence Analytics for Insurance Canada Summit Toronto, ON www.analytics-for-insurance. com/canada/ May 11-13 WB Research eTail Canada 2015 Toronto, ON www.wbresearch.com May 11-14 IFO Fusion 2015 Forum & Expo Orlando, FL www.financialops.org May 31-June 2 Credit Scoring & Risk Strategy Association 22nd Annual Conference Niagara Falls, ON (TBD) www.csrsa.org
28
PAYMENTSBUSINESS
June June 2-5 Internet Retailer IRC&Exhibition 2015 Chicago, IL www.internetretailer.com June 10-12 FEI Canada Annual Conference Winnipeg, MB www.feicanada.org June 16-17 ACT Canada Cardware 2015: Payment & Digital ID Insights Niagara Falls, ON www.actcda.com June 30 - July 1 EMV User Meeting 2015 EMVCo Seattle, WA www.emvco.com June (TBA) 8th Annual Prepaid & Payments Retreat Toronto, ON www.paymentseXchange.ca
www.financialops.org/ canada2015 September 15-16 Women in Payments Symposium & Women in Payments Awards Toronto, ON www.womeninpayments.ca
October October 4-6 Members Meeting Smart Card Alliance Phoenix, AZ www.smartcardalliance.org October 7-8 Smartcard Alliance NFC Solutions Summit 2015 Phoenix, AZ www.smartcardalliance.org October 12-15 Sibos Annual Conference 2015 Singapore, MY www.sibos.com
October TBA 2015 Global Finance Conference For Finance Executives Toronto, ON GlobalFinanceConference.com
November November 17-19 Comexposium CARTES & Identification Exhibition 2015 Paris, FR www.cartes.com
January 2016 January 20-21 2016 NAPCP Canadian Commercial Card and Payment Conference Toronto, ON www.napcp.org/
February
June (TBA) Payments Awards 2015 Toronto, ON www.paymentseXchange.ca
October 13-15 Electronic Transactions Association 2015 ETA Strategic Leadership Forum Scottsdale, AZ http://electran.org/events/slf15/
February 22-25 Mobile World Congress Barcelona, Spain www.mobileworldcongress.com
June (TBD) ATMIA Canada Annual Canadian Conference 2015 Niagara Falls, ON (TBD) www.atmiaconferences.com
October 13-15 BAI BAI Retail Delivery Conference 2015 Las Vegas, NV www.BAI.org
March 7-9 BAI BAI Payments Connect Conference San Diego, CA www.BAI.org
August August 2-5 Retail Solutions Providers Association RetailNOW 2015 Orlando, FL www.gorspa.org August 11-15 NBPCA Annual Congress-The Power of Prepaid 2015 Planet Hollywood, Las Vegas, NV www.nbpca.com
September September 13-15 IFO Canada 6th Annual Canadian Financial Operations Symposium Toronto, ON
March
October 15-17 Canadian Automatic Merchandising Association CAMA Expo 2015 Niagara Falls, ON www.vending-cama.com October 18-21 Association of Financial Professionals AFP Annual Conference 2015 Denver, CO www.afponline.org October 19-20 Everlink Client Conference CONNECTIONS 2015 Niagara Falls, ON www.everlink.ca October 25-28 Money20/20 Las Vegas, NV www.money2020.com
JULY/AUGUST 2015
Visit us online
www.paymentsbusiness.ca
Service Directory Card Manufactures
Print & Mailing CMS PRINTING SERVICE. For all your printing needs.
Secure Solutions for Payment & Identification
Call 416-755-7761 ext. 227 mdavid@completemailing.com
Since 1852, G&D has been an integral partner that is solutions orientated and trusted by banks, governments and carriers. Our solutions are founded on trust, integrity and the creation of value through Confidence.
NEW LOWER PRICING!!!
• Contact, Contactless and Dual-Interface Smart Cards • Mobile Payment • On-line Secure Authentication • Enhanced Card Identification
www.gi-de.com
Toll Free: 1-800-387-9794 EMV & NFC Consulting
secure payment solutions
Integrated Payments Solutions
Integrated Payment Solutions and Services
Apriva is North America’s Leading Wireless Gateway. SECURE DEVICES | RELIABLE SERVICE | EXCEPTIONAL SUPPORT
One of the most advanced and reliable payment delivery solutions in financial services technology.
www.everlink.ca
Toll Free: 1.866.388.0076
To learn more call Paul DeRosse, Senior Vice President, Sales at 905.530.2351 or visit www.apriva.com.
Talk to Your Target Market.
Guarantee your liquidity
905.670.4838 1.888.503.4528
Advertise today contact Mark Henry, mark@paymentsbusiness.ca
see youR company name here Contact Mark Henry mark@paymentsbusiness.ca 1800-668-1838 x 223
JULY/AUGUST 2015
PAYMENTSBUSINESS
29
Association Update
ACT Canada; Stakeholders Driving Payment Evolution and Digital Identity The payment industry is not for the faint of heart, nor is it boring.
E
xecutives are challenged to balance customer expectations related to new ways to pay with the investments required to support these new channels. Knowing when and how much to invest also keeps many up at night. Once those decisions are made there are security, privacy, and competitive issues, as well as a shifting regulatory landscape. To help answer some of these concerns, presentations from Cardware 2015 and the recent findings of both the Mobile and Customer Authentication Strategic Leadership teams are now available for our delegates and members.
Strategic leadership teams SLTs are designed as think tanks that lead to change in the market. They are formed when ACT Canada members want to collaborate with other senior stakeholders in a neutral forum to help influence market growth, propel key initiatives forward, or overcome issues. This allows our members to move quickly and take advantage of expertise beyond their own internal resources to reduce necessary investments 30
PAYMENTSBUSINESS
and minimize risks. The call for term two of the 2015 Strategic Leadership Teams (SLT) has been sent out to members and we have created a merchant team. This new team is open to all merchant members. We expect that the Mobile team will move forward into a new term and expect to hear from members about additional teams they would like to establish.
Minister of Finance consultation Just before Cardware, we responded to the Minister of Finance outreach concerning risk and oversight. In some cases we did not provide answers as our members are not of a common opinion and they would respond individually. However, we did raise concerns about areas where Canadians are led to believe certain payment protections are in place, when they are not. Terminology plays a big role in this. For example, when a bitcoin kiosk is referred to as an ATM, Canadians may assume that it has the same protection as an Interac ATM, but that is not the case.
A busy fall schedule
Help wanted
We are busy organizing an early fall launch of quarterly, informal networking events. We will also be going across Canada to provide closed door briefings for our members and to talk with other stakeholders. If that wasn’t enough to keep us busy, we will soon open nominations for our annual IVIE awards to celebrate innovation in secure payment and digital ID. We are in the planning stages for our fall awards ceremony. The IVIEs, our AGM, and a Cardware Connections meeting will take place early November. Check our website for the date and details as they come available. Last year sold out, so book your seats early.
ACT Canada is looking for an inside sales rep who has experience selling services. If you know someone who would be interested, please have them visit http://www. actcda.com/information/ careers/ So, we are busy building and defending the markets that matter to more than 150 members. To do so we draw on our 27 years of experience. Could we help you? Give us a call and we can talk about it. Join our market shaping members to advance your goals.
More for our members discounts on upcoming events Money 2020: ACT members receive a 20 per cent registration discount CARTES SECURE CONNEXIONS, now TRUSTECH: ACT members receive a registration discount
Personnel changes In June, we welcomed Sharon Fergusson, our new administrator. JULY/AUGUST 2015
ACT Canada Insights • Networking • Visibility Since 1989, ACT Canada has been internationally recognized as the stakeholder association that drives payment evolution and digital identity. Stakeholder dialogue drives profitable decisions. Join us. For information, please visit www.actcda.com.
Reach marketers & financial executives Our magazines are must-reads for key executives in core corporate competencies.
Can you help our readers: • Create a strong financial structure and healthy economic ecosystem to ensure capital and cash flow keep their engines running? • Determine who their customers should be, how they can reach them most effectively, and how they can turn data-driven marketing into profitable sales? • Build efficient and effective financial systems to enhance payments and billings between their companies and their customers and vendors? • Convert all the data and information they collect from every contact point into tangible benefits that increase revenue and reduce costs? • Equip their companies with the tools, technology, systems and hardware needed to manage their operations, to create new services or products, and deliver them to their market? • Manage their customers with smoothly functioning support departments that are properly staffed and equipped to solve problems, foster loyalty and retain customers? • Make any or every step in that chain better, faster, cheaper, and more profitable?
We can help you tap into the ecosystem at the points that will drive your campaigns. To advertise or get more information and media kits:
905-201-6600 | 1-800-668-1838 | 302-137 Main Street North, Markham ON L3P 1Y2 Visit our websites:
Direct Marketing magazine, www.dmn.ca Contact Management magazine, www.contactmanagement.ca Payments Business magazine, www.paymentsbusiness.ca
Canadian Treasurer magazine, www.canadiantreasurer.com Canadian Equipment Finance magazine, www.canadianequipmentfinance.com Financial Operations magazine, www.financialoperations.ca.