integrating pos systems with mobile payments · developed and published by a guide from mobile...

Developed and published by

A guide from Mobile Payments Today

Mobile payments sure to become increasingly popular, but many restaurateurs and retailers wonder just how to integrate a POS system with a mobile payment solution. In this guide, learn best practices, ROI benefits, how to keep expenses down and PCI requirements.

Sponsored by

Integrating POS Systems with Mobile Payments

2© 2011 NetWorld Alliance LLC | Sponsored by DevStudios America Inc.

Contents

Integrating POS Systems with Mobile Payments

Page 3 About the sponsors

Page 4 Chapter 1 | The growth in mobile payments Who uses mobile payments?

Page 7 Chapter 2 | Benefits of mobile POS Sales lift Lower transaction fees Increase merchant acceptance rates Deeper customer relationships

Page 9 Chapter 3 | Integrated mobile POS solution Decrease work Multichannel communication Ease of implementation Better customer service Faster checkout Cost-effectiveness Page 14 Chapter 4 | Cloud-based mobile POS Flexibility Information management Page 15 Chapter 5 | Security considerations Theft PCI compliance Best practices Page 18 Chapter 6 | Choosing a mobile POS solution

http://www.mobilepaymentstoday.com/showcase/592/DevStudios-America-Inc


About the sponsors

Published by NetWorld Alliance© 2011 NetWorld Alliance LLCWritten by Gary Wollenhaupt, contributing writer, MobilePaymentsToday.comDick Good, CEOTom Harper, president and publisherJoseph Grove, vice president and executive editor

DevStudios America Inc., based in Cincinnati, Ohio, specializes in fully integrated, cloud-based point of sale solutions for restaurants and retail. Their hosted leapfrogpos.com solution is available on a scalable subscription basis and includes fully managed In-Store Point of Sale plus an extensive suite of add-ons that include: Online Ordering, Call Center, Inventory Management, Supply Chain Integration, Enterprise Reporting, Business Intelligence and more. The Company was founded in 2003.

MobilePaymentsToday.com, published by Louisville, Ky.-based NetWorld Alliance, is an information resource focusing on mobile payments projects and technology. The site publishes content on topics ranging from banking, retail, restaurants, remittance, apps, online gaming and mobile POS. The aim of the site is to help organizations realize the cost savings and operational benefits promised by mobile payments.



While much industry attention is focused on turning smart-phones into electronic wallets

for consumers, there’s a quiet revolution on the other side of the equation. To-day, turning a smartphone into a mobile payments-acceptance device is available to merchants of all sizes and shapes.

Perhaps the most visible example of mobile POS in retail can be seen at Apple stores, where there are no traditional checkout lanes or cash wraps. Instead, associates equipped with iPod-based devices roam the store, assisting customers with product information and accepting payments on the spot. While Apple uses a proprietary system running on the iPod Touch, similar devices are within reach of many businesses that can afford a smartphone and a low-cost or even free card reader.

Mobile-payment acceptance opens up electronic payments to a segment of mer-chants who do not experience the level of transaction volumes that justify signing up as a traditional acceptance location. Some merchants may have in fact been solely mobile, working exclusively at client sites, which made standard electronic payments impossible. For instance, Intuit equipped a Girl Scout troop with its GoPayment mobile application and card reader to support their annual door-to-door cookie sales.

In addition to small-volume merchants, mobile acceptance makes sense for larger re-tailers and restaurants as well. In many cases, mobile acceptance is simply an extension of a merchant’s capabilities. It’s not seen as the disruptive market force that consumer pay-ments conducted via near field communica-tions (NFC) is expected to become when that mode is widely available in the U.S. market.

Who uses mobile payments?

While the technology and systems are still in development for NFC implementa-tion, widespread adoption also will require a change in consumer habits. Although smartphone market penetration continues to grow, consumers have a strong affinity for using plastic cards for most transactions.

According to Federal Reserve Bank of Boston, only about 21 percent of Americans have some form of contactless credit card. However, 80 percent of consumers currently own a debit card, 78 percent own a credit card and 17 own a prepaid card, according to the bank.

That means the demand for mobile pay-ments acceptance is growing, and it needs to be in formats that are affordable and scalable to most businesses using the most com-mon form of electronic payment available to consumers.

Chapter 1 The growth of mobile payments

According to Mercator Advisory Group, smartphone payments are a viable, growing market. In its recent report “Squares and Sleds: Wireless POS Plays a Smarter Game,” Mercator estimated the potential market for smartphone-based payment products is over 16 million merchants. The report indicated this market is composed of enterprise, service professionals, sole proprietors, direct sellers and a new classification: a “level 5” casual merchant or seller, which can include part-time entrepreneurs, and micro-businesses. Mercator estimates by 2014 the smartphone-based mobile card acceptance will exceed 1.4 million users.

Mobile payments acceptance market looks strong

By Gary WollenhauptContributing writer, MobilePaymentsToday.com



“Allowing a payment to be accepted on a mobile phone is a natural extension of what most of us in the payments ecosystem already do,” said David Talach, vice president of global product marketing for San Jose, Calif.-based VeriFone, a leader in secure electronic payment technologies. “We see this is as a way to target a really diverse group of people who haven’t had the means or the business to justify a purpose-built device.”

Retailers are hedging their bets, looking at the adoption of NFC payments by consum-ers in the future and also opting for mobile card acceptance now.

“Consumer smartphones and their use in-store are hardly pervasive,” said Greg Belkin, retail point of sale analyst for the Boston-based consulting firm the Aberdeen Group. “However, their increased use has caused top retailers to stop and pause. The need for a more interactive in-store experi-ence is becoming more defined, and retailers are looking toward mobility to deliver this experience.”

A recent Aberdeen study also shows that retailers are giving equal strategic weight to both consumer-operated and retailer-oper-ated mobile devices. For example, 76 percent of retailers are embracing employee-operat-ed handheld mobile POS devices, whereas 74 percent of these organizations are invest-ing in mobile applications on smartphones, and an additional 63 percent are looking at the consumer-operated handheld device.

“Although consumer adoption of smart-phones still has different issues to work out (such as lack of industry-accepted or applied standards, or pricing) before it becomes per-vasive, retailers know that growing interest

CHAPTER 1 The growth of mobile payments

in the smartphone platforms is likely to ac-celerate adoption in short order,” Belkin said.

With affordable mobile point-of-sale solu-tions, mobile payments have come to the local plumber and weekend craftsperson, as well as independent restaurants and special-ty retailers. Card readers range from small swipe devices that plug into a smartphone’s headphone jack to larger wrap-around units often called sleds or sleeves. These larger devices, while more expensive, also offer capabilities for encrypting PIN pads and printers.

Because there are a number of mobile pay-ment acceptance solutions available in the marketplace, businesses face a decision pro-cess in deciding which solution best fits their situation. The obvious variables include us-ing a smartphone-based device or a purpose-built device, and the level of relationship with card processor.

Source: Federal Reserve Bank of Boston

100

80

60

40

20

0

U.S. consumer cardholders

Credit card Debit card Prepaid card



“If a merchant is not a sole proprietor, he may not want to use a phone but instead may want a purpose-built device for his store,” Talach said. “If he’s doing over a certain number of transactions he may want a lower interchange rate and may prefer a purpose-built device.”

A number of companies have entered the mobile POS marketplace, including Apriva, VeriFone, Intuit, Infogain, Global Bay, TY-SYS and DevStudios, among many others. Merchants can choose from a variety of mobile POS software and hardware solu-tions compatible with all major flavors of smartphone operating systems, including Apple, Android, Blackberry and Windows. But in the buzz of a new payment system, one critical factor may be overlooked for retailers and restaurants: integration with the point of sale.

CHAPTER 1 The growth of mobile payments



For retailers or restaurant owners, a mobile point of sale can return tan-gible and intangible benefits. In some

segments, such as electronics or fashion apparel, consumers expect their favorite brands to use technology at least equal to their own.

“For the retailer there is the element of the cool factor, having the mobile screens in the store,” VeriFone’s Talach said.

That cool factor can be important to certain customer market segments. That’s why VeriFone announced it would integrate Pay-Pal payment acceptance into its PAYware mobile card encryption sleeve for iPhones.

PayPal’s merchant acceptance application will support traditional card-based pay-ments using VeriFone’s PAYware Mobile card encryption. And that app will be up-graded to support PayPal’s Bump technolo-gy that enables iPhone users to bump their phones together to transfer money between them. The planned integration by VeriFone will enhance its PAYware Connect payment gateway service to provide merchants with integrated transaction reports for PayPal and traditional card payments.

“Online and offline are quickly converging and, with this new business relationship, both merchants and consumers will ben-efit, upon integration, from the ability to use the mobile wallet anytime, anywhere,” said Osama Bedier, PayPal’s vice president of platform, mobile and new ventures.

Sales lift

There may also be a sales lift for mer-chants. For instance, Disney implemented

iPod Touch-based devices in 40 of its revamped stores using an integrated POS solution from Oracle that includes the mobile POS ap-plication from Los Gatos, Calif.-based Infogain, a provider of end-to-end retail solutions. Using the devices, store as-sociates can look up products, print gift receipts and sus-pend the transac-tion if the customer has to complete it at the traditional point of sale. During the last holiday season, mobile POS sales accounted for 15 percent to 18 per-cent of total sales. Disney expects to roll out the system to 140 of its 200 U.S. stores by the 2011 holiday season.

Lower transaction fees

For many merchants, one of the most im-portant advantages is the opportunity for lower transaction fees. Using a mobile card reader means a merchant can complete a card-present transaction compared to a card-not-present transaction. That typi-cally means lower fees for the merchant due to the higher level of security inherent in a card-present transaction.

Chapter 2 Benefits of mobile POS

Mobile point of sale applications, such as leapfrogpos.com’s (shown above), can lift sales for merchants and increase convenience for consumers.



“The convenience and security for the customer is that you swipe their credit card right in front of them and it’s a quicker transaction”, said Bob Vergidis, president of Cincinnati, OH-based cloud POS provider DevStudios, makers of leapfrogpos.com. “For a restaurant, you can turn tables faster and if you can make just one more table turn a day the system more than pays of itself.”

Increase merchant acceptance rates

For small businesses that previously could not justify accepting card payments or were too mobile to do so, the push in the marketplace to draw in customers has changed the equation for becoming a card-accepting merchant.

For instance, to bring card acceptance to small businesses, Mountain View, Calif.-based payments provider Intuit offered its GoPayment application with a free credit-card reader and no monthly fee. The idea was to bring card acceptance capabilities to small businesses, such as dog walkers, nannies and jewelry makers who could affordably process credit cards on their mobile phones.

“With our original announcement of GoPayment’s free credit card reader and no monthly fee, we hoped to make it more affordable for any person in business no matter how small,” said Chris Hylen, vice president and general manager of Intuit’s Payment Solutions division.

The offer tripled the number of customers signing up for the GoPayment option each day, a clear indication of the market for af-fordable credit card acceptance.

“The strong demand we’ve seen confirmed our beliefs,” Hylen said. “We are therefore continuing the offer as we now know for certain that it’s meeting the mobile pay-ment needs of both the person who makes an occasional sale to the hundreds of thou-sands of small businesses that have relied on us for years to get paid.”

Deeper customer relationships

Mobile devices also offer opportunities for deeper customer relationships. “For instance, you can now capture the cus-tomer’s email address to send a receipt, the customer can also opt-in to join a loyalty program or receive a newsletter.

“There are more things you can do right in front of the customer that you couldn’t do before,” Vergidis said.

CHAPTER 2 Benefits of mobile POS

“For a restaurant, you can turn tables faster and if you can make just one more table turn a day the system more than pays of itself.”

— Bob Vergidis, president of cloud POS provider DevStudios



Chapter 3 The benefits of an integrated mobile POS solution

I n a recent study, the Aberdeen group found that 42 percent of retailers are prioritizing POS integration with

enterprise systems such as CRM, market-ing and inventory management. At the same time, nearly two-thirds (65 percent) of retailers have identified the mobile POS device as central to this initiative, extend-ing this integrated experience outside of the traditional shopping lane, and onto the selling floor, decreasing wait time, and in-creasing employee/consumer interactivity.

The impetus for this integration comes directly from the desire to manage a rapid evolution of consumer preferences (43 per-cent), and the growing consumer depen-dence on the mobile device (40 percent), according to the report “Retailers Target POS Mobility for Engagement, Interactivity and Revenue” from the Aberdeen Group.

If the respective app store of any mobile device is searched, there are many mobile payment acceptance options available. But few are truly integrated with an existing enterprise-capable point-of-sale system.

“Most of what’s in the market place is non-integrated, it’s kind of generic,” said Vergidis. “Most of the software vendors for mobile solutions do not have some-thing that is deep enough to include full integration with the point of sale. They don’t make point-of-sale systems, they just accept payments using an iPhone or some sort of mobile device. It’s no different than the old-style dialup terminals that used to be offered by banks – they are not integrat-ing with the point of sale.”

In fact, lack of integration between mobile and standard POS environments is a top concern for retailers, according to “Hype

An integrated mobile solution, such as leapfrogpos.com’s (shown above), will communicate with the merchant’s point-of-sale system and recognize existing POS systems as another terminal.

Cycle for Retail Technologies 2010,” a re-port from Stamford, Conn.-based technol-ogy research firm Gartner Inc.

Vergidis considers a non-integrated mobile POS solution as “prehistoric.” On the other hand, an integrated system is more evolved.

“I see integrated payments as the next stage, which is how you have a device that seamlessly speaks with the rest of your POS systems and becomes a mobile exten-sion of it,” he said.

An integrated mobile solution means a system that communicates with the merchant’s enterprise-wide or location-wide point-of-sale system. That means the mobile POS devices appear to the existing POS systems as just another terminal.

Of course, that concept assumes the merchant has a POS system. For smaller



CHAPTER 3 The benefits of an integrated mobile POS solution

merchants, such as service companies, sea-sonal merchants, small restaurants and so on, there’s no POS system to speak of any way. However, large and small merchants could benefit from an integrated mobile POS solution.

Integration of the mobile channel with the POS system may appear in a few differ-ent formats. The mobile system may be a stand-alone product with the capability to be linked with a POS application. Or, the mobile acceptance capability may be a part of the enterprise POS system.

Save time

With a non-integrated solution, a mer-chant may actually create more work by accepting mobile payments. For example, in a restaurant situation that uses a pay-at-the-table mobile device, a non-integrated system forces the server to manually input the payment amount, and then record the payment in the POS system. Then the transactions have to be manually recon-ciled at the end of the day.

“What good is it to accept mobile pay-ments if you have to spend hours trying to reconcile the credit cards with your sales,” Vergidis said.

By contrast, DevStudios’ integrated leapfrogpos.com Quick2Pay module integrates right into the cloud-based POS solution.

For smaller merchants and those with a low volume of payments through the mo-bile POS, a non-integrated system may be acceptable. For merchants with an existing POS system and large volumes, integration is the next logical step.

As the mobile application shares the inventory database, all sales staff have access to the same information and

the database tracks sales and transactions for inventory control and accounting purposes.

Multichannel communication

Vergidis said the leapfrogpos.com mobile payment app for Apple iOS integrates with the enterprise leapfrogpos.com system, which can handle sales in the store, from a call center and via online sales. As the mobile application shares the inventory database, all sales staff have access to the same information and the database tracks sales and transactions for inventory control and accounting purposes.

With the integrated system, sales staff can use a device that accepts payments at the table in a restaurant or at the door in a retail or delivery environment. Or a customer could place an order online in come into the store for pickup. That’s a common multi-channel scenario for retail and restaurants.

“That payment will seamlessly integrate with the order the consumer has placed either online or in the restaurant or in the retailer’s four-wall environment,” Vergidis said.

VeriFone’s PAYware mobile solution also includes the capability to integrate with a retailer’s existing systems. Talach cited the example of a footwear retailer, in which a mobile POS system connects employees with up-to-the-minute inventory for better customer service.




“They can answer the question ‘Do you have the size nine in brown?’ without leav-ing the customer,” he said.

Ease of implementation

South Plainfield, N.J.-based mobile retail software provider Global Bay says integrat-ed mobile POS improves store operations by providing retailers with mobile solu-tions that drive in-store traffic, streamline operations, increase sales and enhance the customer experience.

Global Bay’s solution offers an online real-time connected solution as well as a batch or off-line solution. The back-end agnostic Global Bay offering integrates with popular inventory management and POS systems, such as Oracle, Epicor, SAP, Island Pa-cific and Raymark, and allows retailers to leverage their previous investments, while enjoying the sophistication and intuitive-ness of Apple-based devices.

“The increasing availability of peripherals, such as bar-code scanners, printers and de-vice security for Apple iOS devices coupled with the overall ease of use of Apple offers a new option for in-store mobility for today’s retailers,” said Sandeep Bhanote, Global Bay CEO.

Global Bay Mobile Technologies also took the integrated tack with Apple iOS4 sup-port for its GBmobile Inventory Manage-ment module for the Global Bay Retail Suite. The inventory management module has already been widely deployed in the marketplace by retailers including Timber-land, Golfsmith and Crocs on the Win-dows mobile platform.

To allow users to integrate mobile POS into their e-commerce solutions, Global Bay joined Demandware LINK, a tech-nology partner community that helps members integrate mobile point-of-sale solutions with the Demandware Com-merce platform. Retailers that utilize the Demandware Commerce platform as the infrastructure behind their e-commerce websites will now be able to implement Global Bay’s mobile POS, inventory man-agement or enterprise software solutions.

“Retailers have seen the phenomenal suc-cess of the mobile POS deployment in the Apple stores and want to figure out how to they can replicate the Apple experi-ence in their stores,” said Bhanote. “In the past, retailers deploying mPOS have been constrained because they had to integrate with their in-store POS technology, which is costly and technically challenging.”

In Apple stores, the mobile POS allows associates to move freely about the store to conduct retail operations.

Flickr_Christopher N

eugebauer




Better customer service

For users of the Oracle Retail system, Los Gatos, Calif.-based Infogain, a provider of end-to-end retail solutions, developed a mobile POS that uses the iPod Touch plat-form to enables store associates to handle customer purchases from any location in the store.

“Customer expectations for a superior shopping experience have never been higher,” said Ray Allen, vice president and general manager of retail solutions, In-fogain. “Our mobile POS solution encour-ages sales associates to get out from behind the counter and interact closely with cus-tomers, resulting in happy customers and increased sales.”

The Infogain solution was developed specifically for Oracle Retail customers. It is composed of a client application that runs on an iPod touch-based hardware platform. The platform is connected to a virtual point-of-service J2EE application that interfaces with a server-based version of Oracle Retail Point-of-Service.

“By teaming with Infogain, Oracle Retail is extending the reach and capabilities of our Point-of-Service solution to the revolution-ary iPod touch mobile device,” said Andrea Morgan-Vandome, vice president product strategy, Oracle Retail. “We are enabling retailers to offer a compelling and differen-tiated service experience in their stores.”

Infogain’s mobile POS supports a variety of sales floor functionality, including inven-tory look-up and transfer, customer data acquisition and line busting. It also facili-tates remote printing and can be used with Apple-based terminals.

Faster checkout

nstead of smartphones, Toronto, Ontario-based enterprise retail solutions provider Magstar’s Total Mobile POS uses Motoro-la’s MC75A lightweight handheld wireless devices as full-featured POS checkouts. Freed up by the mobile device, associates can roam the store for line busting inside or outside and offer parking lot or drive-through checkout.

With integration into the POS, Total Mo-bile POS can also serve as a mobile returns desk. The system is fully integrated into stores and the head office in real-time, and with the Motorola device’s capabili-ties, allows employees to do standard retail floor and store functions such as inven-tory counts, receiving and shelf price and enterprise-wide inventory verification.

Montreal, Quebec-based Xsilva Systems Inc., a provider of retail solutions, offers Lightspeed Mobile that integrates with the LightSpeed POS system for the Mac platform. Retail sales staff can use Light-Speed Mobile to connect to a LightSpeed database and process sales from anywhere in the store with an iPod Touch and a Linea Pro “sled,” the same mobile hardware employed by Apple in its retail stores. The sled adds the capability to scan barcodes and swipe credit cards. Once the payment is approved, customers simply sign on-screen and receive their receipt instantly by email.

“Before LightSpeed Mobile, integration between mobile retail and the POS and inventory systems was limited to big-box players with high-priced custom systems,” said Dax Dasilva, founder and CEO of Xsil-va Systems. “Now store staff can capture




the moment when interest in the purchase is at its peak with one-to-one service that builds customer rapport and loyalty.”

Cost-effectiveness

For smaller merchants, a low-cost non-integrated mobile POS may make sense. For instance, Merchant Warehouse, a Boston-based independent ATM deployer, launched its MerchantWare smartphone application. It combines the mobile app with the services of the IAD.

Another non-integrated option is available from Scottsdale, Ariz.-based mobile pay-ments provider Apriva, which in early 2011 partnered with EVO Merchant Services, a large credit-card processor based in Mel-ville, N.Y., to offer EVO Mobile Pay. Based on Apriva’s earlier offering, EVO Mobile Pay was designed for mobile businesses for to allow merchants to conduct real-time credit card transactions from any location. It is available for Android, Apple, Black-berry and Windows Mobile devices and browser-based phones.

EVO Mobile Pay provides merchants with a number of features suitable for swiped or keyed transactions, including signature capture, and printing receipts through optional reader/printers.

“Every month, more and more mobile mer-chants are looking at card-based payments as an affordable and cost-effective option to increase sales, expand margins, improve customer service, and grow profitability,” said Bill Clark, Apriva’s executive vice president and general manager for North America.

Looking for an integrated mobile solution, apparel chain Urban Outfitters tapped Starmount, which developed a product that later became Engage. Urban Outfitters was looking for a mobile POS solution that provided store associates a tool to complete transactions as with the full functionality of a fixed-base POS system, as well as integration with in-store databases. The platform was also scalable to new media such as interactive kiosks and digital signage, enabling customers to focus on their changing business needs instead of the underlying technology.

“Starmount’s solution will deliver a platform to drive efficiency in-store while enabling us to create the differentiated customer experience Urban Outfitters is known for,” said John Devine, Executive Director of Information Technology, Urban Outfitters Inc.

By extending POS beyond the typical cash wrap environment, Engage enables store associates to do more through richer customer interactions and service, targeted cross-sell and up-sell of products, and efficient store operations to reduce long wait times and lines, Devine said.

Case study: Urban Outfitters



Chapter 4 Benefits of cloud-based mobile POS

To be a truly mobile payment accep-tance system, the integrated solu-tion should connect to a point-of-

sale system based in the cloud. Then the mobile device is simply an extension of the POS, communicating with the cen-tral database regarding transactions and inventories.

“That way the payment will seamlessly integrate with the order the customer has placed, whether it’s online, in the restau-rant or in the retailer’s four-wall environ-ment,” DevStudios’ Vergidis said.

Cloud-based solutions offer a wide range of benefits, including durability and data redundancy.

Flexibility

Flexibility that enables growth or frequent location changes is one advantage of a cloud-based system. For instance, a retailer or restaurant can instantly turn on service at a new location, Vergidis said, or a mobile merchant can be connected to the POS regardless of location. All that’s needed is wireless phone service or a Wi-Fi connec-tion to allow payments to be accepted on or off premises.

“You can accept payments any place, you don’t have to be tied to the four walls of a store,” Vergidis said. “The mobile device talks to the cloud to process the payment, and also inventories and orders are in the cloud and all information you need to integrate with is in the cloud and you can access that and attach payments to it from anywhere.”

Information management

Using a single cloud-based database sim-plifies management of information and ensures all POS locations have the same data. The data can be managed from any location with Internet access.

“Once the inventory is in the cloud, every store that sells from the inventory has only the single list,” Vergidis said. “When you’re looking at reporting or rolling up the store’s data to look at profitability, that’s automatic, there’s nothing else to integrate or copy data from.”

A point-of-sale system based in the cloud, such as leapfrogpos.com’s (shown above), allows merchants to connect with only a wireless phone service or a Wi-Fi connection.



Theft

With mobile acceptance, consumers ex-perience a higher level of security in the sense that the card does not have to leave their sight to be swiped. Often in a table-service restaurant setting, the server has to take the card from the table to the terminal to complete the transaction. This opens up the card to fraud when it leaves the cus-tomer’s presence.

“If someone steals a card number because they take it in the back room to run in like at a restaurant, then ultimately the mer-chant is liable for that issue,” Vergidis said.

PCI compliance

Currently, PCI compliance applies only to credit and debit card payments. PCI does not certify or list any mobile POS system at this time. However, it’s reasonable to assume that PCI compliance will become a require-ment as mobile payments become more common, and some companies are already working to ensure they meet PCI standards. For instance, VeriFone’s Payware Mobile Enterprise solution encrypts card data when it is swiped, and the mobile device transmits only the encrypted card information.

PAYware Mobile Enterprise incorporates a PCI-approved PIN debit keypad, which al-lows merchants to lower transaction costs. In addition, PAYware Mobile Enterprise features built-in NFC and EMV smartcard capabilities, ensuring North American re-tailers are ready to embrace NFC-enabled mobile phones and the anticipated rollout of EMV smartcards.

“With PAYware Mobile Enterprise, retail-ers can revolutionize customer service

and store operations by utilizing versatile mobile applications and secure payment acceptance integrated with existing POS infrastructure,” said Erik Vlugt, VeriFone vice president of product marketing. “Veri-Fone’s card encryption and tokenization solution for smart devices isolates payment actions to ensure retailers can maintain a secure payment environment.”

Smartphones and WiFi-equipped PDAs, while rich application platforms, were not designed for use as payment acceptance devices and thus generally do not adhere to payment industry security requirements, VeriFone’s Talach said.

To keep these otherwise vulnerable mo-bile devices out of PCI scope, PAYware Mobile Enterprise incorporates VeriFone’s VeriShield Total Protect, which provides encryption and tokenization in one solu-tion framework to protect data in-flight and at-rest and to isolate payment activi-ties from device applications and storage.

Chapter 5 Security considerations

Mobile payments offer merchants and customers a higher sense of security.



Best practices

In recognition of the growth of mobile POS and the inherent data-security chal-lenges, Visa Inc. in April 2011 released a set of mobile acceptance best practices for merchants, software developers and device manufacturers who are using consumer mobile devices, such as smartphones and tablet computing platforms, to facilitate the acceptance of card payments.

Visa’s best practices call for important security considerations such as encryp-tion and tokenization of cardholder data. The guidelines were designed to clarify the responsibilities of the merchant and service providers regarding security of cardholder data when a mobile phone is used as an acceptance device instead of a traditional terminal.

“Mobile devices that can facilitate accep-tance of payments are an important ad-vancement in payments that must balance the promise of an enhanced consumer and retailer shopping experience with enhanced security measures to protect sensitive card-holder information,” said Eduardo Perez, head of global payment system risk, Visa Inc.

Perez said that because mobile devices and acceptance attachments today are not de-signed to the same security requirements as traditional payment terminals, and merchants do not control the security of the network environments to which their acceptance devices connect wirelessly, there are important security considerations above and beyond those for traditional ac-ceptance solutions.

Visa’s best practices impact two distinct audiences: mobile acceptance application

and software solution providers as well as merchants who use these solutions. Among the best practices guidance:

• Encrypt all account data including at the card-reader level and in transmission between the acceptance device and the processor - especially important given the use of wireless or public networks.

• Enable truncation or tokenization of card numbers, allowing the merchant to identify the cardholder without storing the full account data.

“Building security into the DNA of mobile acceptance solutions is necessary to help grow the channel and encourage innova-tion,” said Bill Gajda, head of global mobile product, Visa Inc. “Providing security guidance to retailers and the industry, as mobile phones used as card acceptance devices are still emerging, will help ensure acceptance solutions are secure, provide a strong foundation for future growth of this channel and foster consumer trust in mobile commerce.”

However, beyond the best practices for mobile acceptance, vendors, merchants and acquirers are expected to follow all Visa requirements for magnetic stripe, chip and contactless acceptance. Gajda noted that vendors, merchants and acquirers should also adhere to the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standards (PA-DSS). Additionally, on top of following Visa Operating Regulations, acquirers must also be in compliance with all local laws and regulations regarding sponsored merchants, including adequate Know Your Customer (KYC) and Anti-Money Laundering (AML) due diligence.

CHAPTER 5 Security considerations



CHAPTER 5 Security considerations

Vendors

Goal Best Practice

Mobile acceptance best practices from Visa

Design and implement secure mobile payment acceptance solutions.

1. Provide payment acceptance applications and any associated updates in a secure manner with a known chain of trust.

2. Develop mobile payment acceptance applications based on secure coding guidelines.

3. Protect encryption keys that secure account data against disclosure and misuse in accordance with industry-accepted standards.

Ensure the secure use of mobile payment acceptance solutions.

1. Provide the ability to disable the mobile payment acceptance solution.

2. Provide functionality to track use and key activities within the mobile payment acceptance solution.

Limit exposure of account data that could be used to commit fraud.

1. Provide the ability to encrypt all public transmission of account data.

2. Ensure that account data electronically read from a payment card is protected against fraudulent use by unauthorized applications in a consumer mobile device.

3. Provide the ability to truncate or tokenize the Primary Account Number (PAN) after authorization to facilitate cardholder identification by the merchant.

4. Protect stored PAN data and/or sensitive authentication data.

MerCHAnTs

Goal Best Practice

Ensure the secure use of mobile payment acceptance solutions.

1. Only use mobile payment acceptance solutions as originally intended by an acquiring bank and solution provider.

Limit the exposure of account data that may be used to commit fraud.

1. Limit access to the mobile payment acceptance solution.

2. Immediately report the loss or theft of a consumer mobile device and/or hardware accessory.

Prevent software attacks on consumer mobile devices.

1. Install software only from trusted sources.

2. Protect the consumer mobile device from malware.

Source: Visa Inc.



Choosing the correct program for a merchant comes down to the amount and volume of mobile

transactions that a merchant expects to use each month. For what are called micro or seasonal merchants, which may be sole proprietors, artisans, construction trades or seasonal retailers, a simple mobile prod-uct may make it possible to accept credit cards for the first time. Larger retailers may want more sophisticated services such as an encrypting card reader, PIN pad, a contactless reader, a barcode scanner and a printer to accept cards in a high-volume environment.

If a merchant already accepts credit card payments, some programs allow them to add the mobile channel to the existing ac-count or sign up for an account. For mer-chants with smaller volumes, a relation-ship with a processor such as Square that doesn’t require monthly fees but has higher per-transaction fees may make more sense.

Some processors offer varying account lev-els based on transaction amounts or volume. For instance, Intuit’s fee structure offers to tiers of pricing, one below $1,000 per month and one for volumes over that level.

The rule of thumb is that lower the upfront costs, such as with Square that provides a free app and a free card reader, there will be higher transaction fees. Conversely, higher upfront costs or monthly fees typically translate to lower per-transaction fees.

“It’s important to understand the profile of the business, how many transactions you are going to do and the amount of those transactions, then look at what solutions are more conducive to your business,” said VeriFone’s Talach.

Another decision is whether to accept debit cards in addition to credit cards. VeriFone, for instance, offers different solutions for merchants that will accept both debit and credit cards and credit cards alone.

Mobile acceptance takes advantage of the consumer habit to use credit and debit cards for payment, but makes it easier for merchants to use it and increases con-sumer convenience. An integrated mobile payment-acceptance solution is a proven technology available for merchants now.

“As we can reduce merchant fees on transactions, help restaurants turn tables or retailers complete more sales, increase security and provide better customer ser-vice, we have something that’s practical and affordable today,” DevStudios’ Vergidis said.

As the development of smartphone pay-ment infrastructure continues in the United States, mobile credit card accep-tance represents a technology and business process that’s immediately available for merchants of all sizes.

Chapter 6 Choosing a mobile POS solution

It’s important to understand the profile of the business, how many transactions you are going to do and the amount of those transactions, then look at what solutions are more conducive to your business.

— David Talach, vice president of global product marketing for VeriFone


integrating pos systems with mobile payments · developed and published by a guide from mobile...

Documents