Alexa, how do you spell “competition”? H y p e r -M a r k e t

Michael Buffer is the boxing ring announcer who coined his trademarked catchphrase, “Let’s get ready to rumble!” I could hear Buffer’s distinct announcing style as I read about Amazon’s repositioning pricing at Whole Foods and Wal-Mart which has teamed up with Google. Can you hear him today saying; “This is a special tag- team match between Amazon & Whole Foods in the red tights, fighting Wal-Mart & Google in the blue tights……. Let’s get ready to Rumble!”

What does the paring of these four behemoths’ mean to the rest of the retail market? When these two finish fighting, will there be anything left? Or are these announcements related to something else? In this blog, I’ll explain how these announcements are related to your business and what you need to compete in this new “Hypermarket”

Amazon.com, Inc. & Alphabet Inc (GOOGLE) are two of the world’s biggest tech companies. Their partnership with traditional “Brick and Mortar” (Wal-Mart and Whole Foods) combined with the introduction of smart speakers represents a new, more aggressive, type of competition. What makes these two partnerships so dangerous is that they link world-class, leading-edge technology with major product distribution channels. If Google can get Home right, Wal-Mart’s store based distribution means I put my money on the blue tights.

The Hypermarket links the consumer to their shopping in a subliminal way by simplifying the process, and the processes, between need, order, payment and delivery. The objective is to provide a seamless, consistent shopping experience…and kill your competition. The smart speaker is an early form of Artificial Intelligence (A.I) in the home. Either “Amazon Echo” or “Google Home” links consumers to the retailer in a new way, surpassing Smart Phone apps, TV’s, Tablets’ or PC’s. The scale of these partnerships are immense! As an example, 55% of U.S. adults start their online shopping trips on Amazon and they expect to ship 10 million Amazon Echo speakers in 2017. As for Wal-Mart and Google; well, they are Wal-Mart and Google! Apple will soon announce I-Home and we don’t know yet how it will be marketed. If retailers plan on keeping or growing their market share, competing in the Hypermarket will require new tools and offer new reasons for consumers to visit their store.

To compete, retailers will need to look to new aggressive strategies, innovative solutions and technology. Stephen Covey wrote about “Sharpening the Saw”. Sharpening the Saw is to preserve and enhance your greatest assets. Partnering with others, as these four industry leaders have done, adds speed and expertise. Competing in the Hypermarket will require each retailer to identify its own unique market position and focus on building similar partner and consumer relationships, both with operations and marketing.

“Torch it, Shane. Burn everything”: Snidely K. ‘Whip’ Whiplash. Ransomware and protecting your organization from the bad guys.

In 1986, evolutionary biologist Dr. Joseph Popp infected many people with AIDS, just not the way you might think.  “AIDS Information Introductory Diskette” was the world’s first known ransomware attack and was introduced into systems through a floppy disk which Popp mailed to his victims. 30 years later, the bad guys are still relying on human error to bring forward a new generation of even more dangerous ransomware threats. If you’ve missed out on encryption ransomware, lock screen ransomware, master boot record (MBR) ransomware, consider yourself lucky! Dr. Popp defended his hostage taking by explaining that the money was going to the PC Cyborg Corporation for AIDS research. Today’s hostage takers are harder to find and more interested in stealing your money than social causes. These days, if your network, mobile or desktop computer, falls victim to “ransomware” your financial data and business records could be locked with strong encryption along with a demand that you to pay for a key to unlock the files. Are you familiar with Bitcoin and the dark internet?

The evolution of IP connected devices at retail has changed the nature of threat vectors. Today, retailers must be as concerned with their Non-Card Data environment as they are protecting the card data environment. Ransomware is one of the clearest examples of the expanding data security threats. According to an analysis published by Trend Micro the average ransom demanded was approximately $722. Hollywood Presbyterian Medical Center paid $17,000 and The University of Calgary paid $20,000. Trend Micro found the majority of organizations that are infected by ransomware end up paying the ransom. Three-quarters of companies which had not suffered a ransomware infection reported they would not pay up when presented with a data ransom demand. Clearly, people tend to see things differently when they’re the ones in the hot seat. Retailers have millions of dollars in sales at risk, would you pay if your stores where offline?

How big of a problem is ransomware within the C-store space? During this year’s NACS conference at the “Technical Tools of Data Protection” session, Hugh Williams, CIO of Maverick said: “We focus so much on the CDE, but probably the biggest threat out there is ransomware. It’s looking for ingress right now. They are not some much interested in your card data, they want your other stuff”. When the room was asked who had been attacked by ransomware, nearly a dozen retailers raised their hand.

Protecting yourself from ransomware attacks, or how not to be the next ransomware victim, is a major challenge.  The first step is to understand that this challenge is beyond the scope of PCI and your POS. Ransomware finds its way into your environment in a number of ways. Two common threat vectors are leveraging iOT devices or tricking people to inadvertently undermining the security of their device, like enabling a marco on a windows document.

Stopping employees from opening the door to the bad guys takes “people and process”. Maintaining a secure network that closes the door to the bad guys requires good tools and proper scanning and patching. Management often doesn’t prioritize internet security until it’s too late. CIO’s work to develop ROI analysis to drive budget for investment network security. CEO’s need be educated on protecting the business from internet threats like ransomware, and having a full disaster recovery scenario that is fully backed up and periodically tested.  To harden defenses against ransomware attacks, retailers can adopt policy changes. IT departments can close the door by expanding the objectives of data security beyond PCI with an emphasis on scanning and patching outside of the card data environment. In the c-store business, iOT is only growing. Are your pumps IP enabled?

Untangling Internal Scanning: how zone routers impact PCI scanning requirements

Retailers who are evaluating how to maintain PCI compliance are likely to hear the word “scan” from third party compliance providers, or as a part of a letter from your acquiring bank.  The evolution of the POS EPS and move to POS IP connectivity for payment and loyalty has introduced new complexity to PCI scanning requirement. Retailers with newer POS now have an EPS as a part of their system. The EPS sits between the POS and the Front-End Processors and separates the card processing from the POS system creating both the Card Data Environment and Non-Card Data Environment. One result of this configuration is the need for a “Zone Router”. The Zone Router is typically installed behind the Store Router/Firewall/Gateway and Store LAN and in front of the POS/EPS. Retailers with Zone Routers need to consider how this technology impacts their responsibility for Internal Scanning

 PCI DSS v3.0 chapter 11.2 says that you must “Run internal and external network vulnerability scans at least quarterly and after any significant change in the network”. What “significant change” means is open to interpretation by the QSA, but could mean; new system component installations, changes in network topology, firewall rule modifications, product upgrades or almost anything touching the network.

For many Retailers, their expectation is that a single scan will satisfy PCI DSS requirements. For most merchants, however, the requirement is to conduct at least two separate scans: one from the inside (i.e., an “internal scan”) and one from the outside (i.e., an “external scan”). External vulnerability scans look for holes in the store perimeter firewall(s), where malicious outsiders can break in and attack the network. Internal vulnerability scans operate inside the store perimeter firewall to identify real and potential vulnerabilities inside the business network. Retailers with a Zone Router installed must perform three scans; external, and internal scans both within the CDE and Non-CDE.

Internal and External scans are critical components to maintaining PCI and protecting the network and hence, the business from attack by data thieves.  Like loss prevention, internal scanning is a hedge against disgruntled employees who have targeted systems from the inside, or malware, such as viruses or Trojans, that are downloaded onto a networked computer via the Internet or a USB stick. Once the malware is on the internal network, it sets out to identify other systems and services on the internal network—especially services it would not have been able to “see” from the Internet. Internal scans search the internal network for threats to assure the business valuable assets are properly secured.

The challenges of scanning within the CDE for POS systems with Zone Router is new and not all POS systems have defined how to manage this requirement. Retailers seeking managing a new set of scans, particularly for organizations managing centralized scanning engines, will find this requirement adds cost and time to compliance activities. When implementing a Zone Router, Retailers should consider how they will manage all three separate scanning requirements inside of a single actionable approach to their vulnerability scanning.

The EMV illusion: the connection between EMV and mobile payment.

Dai Vernon, “The Professor”, who died in 1992 was a Canadian magician and the greatest sleight of hand figure in the history of the art. He rarely performed, but he invented magic and had an enormous influence on the whole range of “sleight of hand”. And so often, the magic he was doing was to fool other magicians. Such is the case with yesterday’s announcement that the EMV AFD mandate, scheduled for 2017, is moved to 2020. The “sleight of hand”; create a crisis, propose a solution and when the true motivation for the project evaporates, move the requirement far enough into the future that its purpose fades until the need is so obscured as to not be necessary. The Professor would be proud, but for the many retailers, hardware manufactures and professionals betting on EMV at the pump, this is a cruel trick.

A few years back I wrote that EMV, while being presented as an antifraud tool, was really a disguised methodology to bring NFC to the pump. After all, if the goal was simply to eliminate counterfeit card use, swipe and PIN would have essentially eliminated that counterfeit card fraud.  So, why was EMV/NFC so important, if there were cheaper ways to reduce fraud? The answer lies in mobile payment.

During the last five years the world has witnessed the conversion to a mobile digital society. Initially the card associations sought to enable mobile through the use of NFC. This was critical because the Card Brands sought to protect their business model against disruptive models and bake bank issued cards into payment terminals and the AFD.  The ROI on mobile payment is elusive and so the EMV liability shift was created (the sleight of hand) to create the ROI needed to drive NFC to the pump. What went wrong?

Two major issues have pulled the curtain back from the EMV illusion; cost (how) and need (way). There is little to say about the cost of EMV, other than prohibitive. One MOC showed me an estimate where the cost was north of $100M, WOW!

The “why” is more complicated. Over the last two years, cloud based payment models that leverage the POS, rather than NFC at payment terminal are now proving themselves in the market. MasterCard and Visa’s agreement with PayPal, the release of standards and multiple pilots, are an indicator of their belief that cloud based solutions will lead the way in mobile. Cloud based systems do not require communication between the payment terminal  the phone, and therefore many of the arguments about NFC are eliminated.  Further, there are many use cases, like vehicle based payment or drive-troughs where cloud based solutions are more effective than NFC. If cloud-based solutions become wide spread, then NFC is no longer relevant. Further, if you believe, as many do, that millions of consumers will adopt mobile, and mobile payment will be cloud based, then as card based usage at the pump declines, the rational for the investment in EMV evaporates.

 

ApplePay User Review: The Default Card process and Top of Wallet Implications.

Last week, First Annapolis Consulting released “Tracking Apple Pay: 11//13/2014. First Annapolis has been tracking Apple Pay and keeping their professional community informed. The key focus of this review is to outline how consumers enter and select payment cards; the “Default Card Process”. I was intrigued by the implications of the review. Most intriguing is how the Default Card Process alters the relationship between the consumer, their default card and “Top of Wallet” position. Top of Wallet position is one of the most significant factors when a consumer chooses a method of payment. If ApplePay impacts which method of payment a consumer chooses by virtue of the “user experience” and the “default card feature”, then many new questions arise. Perhaps the most important question is how this alters the consumer payment relationship and fees between the issuers and merchants. As importantly, since ApplePay charges the issuer and controls the user experience, could this create a new layer of competition between issuers for the Top of Wallet Position? The obvious result is higher transactions fees.

Setting out to understand how ApplePay and the User Experience might alter the consumer’s payment behavior requires actually using the product and for that I turned to one of my mist trusted associates, Mile Kuzel, Client Solutions Executive, Toth Consulting. Mike was good enough to listen to my questions. He agreed to help out on this blog, here is his review. I’ll look forward reading about your experience with ApplePay.

Mike Kuzel: My ApplePay Adventures, Part I

I’m an admitted tech geek and willingly drink the Cupertino Kool-Aid. I’m also a professional in the retail technology field with some experience in the mobile payments world. My motivation to get the iPhone 6 was in no small part because of ApplePay and the promise of a world class mobile payment / digital wallet user experience from the people who make things I love to use and want to use all the time.

Once ApplePay launched I scanned my cards into my iPhone 6’s Passbook and the first card was a Delta SkyMiles AMEX, which went in automatically as my default. Then I loaded a Citi MasterCard Credit Card and lastly my USAA MasterCard Debit Card that is tied to my checking account.

I was ready to experience the future! My first stop was Walgreens, as I needed some allergy medicine. I approached the counter; handed the item over, presented my Walgreens loyalty card (from Apple Passbook of course) and that first beep sounded a lot like “Gentlemen, start your engines!” to me. The cashier then rang up my item…beep! Now was the moment I’d been waiting for, my inaugural ApplePay transaction. I touched the phone to the pin pad and the iPhone presented the picture of my default AMEX and the prompt to hit Touch ID. Thumbprint and done! It was easy and quick and it felt as great as I imagined. Over the coming weeks I repeated this process a few more time at Walgreens, once at Office Depot and ApplePay life was good. Then came yesterday. The day I decided I wanted to pay with a different card than my default AMEX. I made this decision, quite normally, at the checkout while my items were ringing up at my local Whole Foods. My glorious happy “Apple is Awesome” song playing on loop in my head hit the proverbial record scratch moment and ApplePay fell back to earth for this user.

The cashier was almost finished scanning. Beep, beep, beep… I’d made my decision to use my checking via my USAA card loaded into my ApplePay. I hit the card in my Passbook to pick it and assumed that would do the trick.

“That will be $21.41 sir” I’m not sure when I graduated to sir but I’ll take what pleasantries I can get these days in the world of retail service.

“Sure thing let me just…” I hit the USAA card picture one more time in the Passbook app then touched the phone to the pin pad. I fully expected another awesome ApplePay transaction. Wait…“Hmmmm”… the AMEX, not the USAA card presented itself as payment on the screen. My inner voice that normally whispers seemed to yell at me “does not compute”!

I’m standing there a little confused and politely asked for just a second longer. I glance behind me and realize the woman queued up next had noticed my inability to pay quickly. You’ve all experienced the body language of judgment upon holding others up in a grocery line, no? I fumble with the phone. Home button, go to settings… let’s see…where is it? Oh yeah “Passbook & ApplePay” I’ll just hit that, pick my card and all good. Not perfect but can’t be harder than that right? I mean this is Apple, their stuff just works! Bingo! I see all the cards listed I hit the one I want and it takes me to a screen to either open my USAA app or remove the card… nope…that’s not what I need to switch payment. Tick, tick, tick… already way to long for a normal checkout. Body language lady behind me has shifted into the verbal realm, “Why don’t you just pay the old fashioned way?” I laugh at what I presume is humor and agree with her that she might be onto something there. I’m determined to do this now, if for no other reason than geek pride. My neighborhood legacy shall not remain Whole Foods ApplePay version of the Star Trek “redshirts”!

Now I’m back to settings. How do I switch cards…? Aha! “Default Card” maybe I make the choice there. Thumb of fury… tap, tap, tap and I pick the USAA card which actually changes my default card. This is different from what I expected or wanted and a seemingly extreme measure, so final, but I’m already on borrowed time. I back out of screen and hold the phone to the pin pad feeling a little like a gambler on his last bit of luck “just one last bet”. Jackpot! The USAA card picture shows on the iPhone. I Touch ID and on I’m finally on my way. Walking out I’m a little bewildered and frustrated by the user experience cooked up by the normally on point Apple folks.

I wasn’t timing the transaction yet by any measure it took way too long to pay simply because I chose to use a different card. I’m tech savvy and an early adopter; I knew intuitively what steps I should be looking to take to solve this issue but what about the general public using Apple Pay? Would they give up and pay with cash or a card from their wallet or just keep the default even though it wasn’t their desire?

My experience with switching cards for payment in ApplePay proved less than stellar, as it was too clunky and involved with too many steps. Critics might say now that I know the process it will prove faster and they’d be correct yet they’d be missing the proverbial point, it shouldn’t be that cumbersome.

If Apple has designs on Passbook as a true digital wallet, and all signs point to that, then they need to rethink how it works. I’m focused on user experience here, which doesn’t even touch the implication for who gets and how they get the coveted “top of wallet” status in the digital wallet. I believe the success (and by that I mean adoption by actual people) of mobile payments via digital wallets rides on user experience. A poor design could stunt enthusiasm as more people make the natural choice to use another card from their ApplePay wallet and wonder why it’s so much harder than the old fashioned way.

“Contractual conflict”; Apple Pay and MCX, the new front in the mobile payments war.

A few years ago, while at one of the major POS annual user conferences, I had the opportunity to socialize with one of the initial members to MCX. At the time, I was with PayPal and mobile payments was more of an idea than a technology. MCX had just been announced and I was learning about the “hush hush, MCX Exclusivity” requirements. I was floored. How could that be good for either the merchant or the consumer? His answer; “They really did not care if MCX ever conducted a single transaction. If allowing Visa/MC into the mobile wallet forced lower overall fees (read cards as well) then MCX would have done its job”. When asked about how profitable CurrentC would be, Lee Scott, former CEO of Walmart said, “I don’t know that it will, and I don’t care. As long as Visa suffers”. It never seemed like much of a business plan to me.

It was all such a secret. I can’t count the number of times I heard; “The first rule of MCX is; you don’t talk about MCX”. Well, judging from the news, things appear not to have worked as planned. The veil was lifted on the MCX story when Rite Aid and CVS Health pushed aside Apple Pay and in doing so revealed a new wrinkle in the mobile payment war, contractual conflict. The notion that an exclusive MCX mobile payment solution might be a lever to force card acceptance fees down seems to have reached its apex. Are retailers willing to say no to Apple Pay? The consumer is caught in the middle.

One of the ingredients in the MCX secret sauce is the idea that retailers will adhere to an exclusive arrangement thus locking out competing payments systems in the mobile channel. As Karen Webster speculates in her 10/27 blog, MCX is likely to have told both Rite Aid and CVS “You simply can’t do it. And, the fact of the matter is that you’ve been caught two-timing with Apple Pay, and that’s clearly a violation of your contract with us.” In doing so MCX is leveraging its big stick, not its economics, product features, or consumer demand, but the strength of its legal teams and the adverse contract its members have signed. “This act by CVS and Rite Aid heralds the advent of the imminent battle in the mobile payment system,” said Anindya Ghose, a marketing and information-technology professor at New York University. Now that lines have been drawn, we will learn if MCX can drive the cost of payment down, or will its own member retailers instead chose to provide their consumers with choice. Call the lawyers.

The Battle of the Titans continues as NACS squares off with the ETA over mobile payment.

Greek Mythology and the payments industry seem to have a lot in common. There’s something similar about CVS and Rite Aids decision not to accept Apple Pay that reminds me of when “Cronus attacked Uranus, and, with the sickle cut off his”…..well, you get the point.

There has been a lot of noise about mobile payment over the last few years. Confusion about technology and economics clouds the issues. Now, in the same tradition of Durbin (legislation) and Brooklyn (litigation), banks and retailers are setting the stage for another battle over mobile payment. The new issue is; does Apple Pay, Softcard and other NFC based solutions simply enable the traditional payment providers (read fees), or is MCX just an anti-competitive alliance of retailers created for no other reason to leverage the emerging consumer acceptance of mobile payment systems to drive the cost of payments down? In the middle is the consumer who simply wants convenience and choice.

The Apple Pay launch opened the latest salvo in the fee/service war. The Electronic Transactions Association is saying that the decision by CVS and Rite Aid to block mobile payments services like Apple Pay, Google Wallet, and Softcard is “anti-consumer and anti-competitive”. NACS, apparently in support of the Retailers MCX relationship is saying that Apple Pay essentially allows “Visa/MasterCard monopoly into mobile payments”. saying “Those two dominant credit card networks have faced a lengthy series of antitrust actions from the U.S. Department of Justice and merchants over the years due to their anticompetitive conduct. Now, they are working feverishly to require merchants to accept their preferred technology, near-field communications (NFC), so that they can extend their dominance into the future.” How supporting MCX, a program that requires exclusivity within the mobile payment channel, even the exclusion of non-VISA/Mastercard 3rd parties is not Anti-Competitive is a bit of a mystery.

Let’s be clear, MCX could allow either Visa or Mastercard into the CurrentC wallet, it’s a business decision, not a technology issue. Apple was clever enough to shift costs (at least for now) to the issuer, rather than the merchant. This opened the door to many merchants avoiding the interchange conversation. Why many merchants have chosen not to join MCX might have something to do with membership fees, product availability, or perhaps that it is an ACH program rather than a new low cost 4^th network. After all, there are many ACH providers, why spend a lot of money joining a coalition only to pay a high membership fee for a product that is already available from other providers?

The reason the industry is lining up to fight over the CVS & Rite Aid decision is because this is another skirmish in a multi-year battle over the fees retailers pay, or banks earn, when consumers make a payment. For retailers simply wanting mobile payment at low cost, the program is available today. Retailers can compete with banks for consumer’s method of payment, that’s the “Competitors Code”. The point is, Retailers don’t need legislation or litigation to drive fees down, competition will do the job. If CVS and Rite Aid don’t want to accept Apple Pay, so be it. On the other hand, how does a restrictive exclusive contract with MCX serve the consumer?

“For their return home, the Greeks dedicate this offering to Athena”. Apple Pay and increased mobile payment fees.

The Blogosphere has been alive with information on mobile payment and Apples introduction of Apple Pay. The flame-out of PayPal Off-line, Google, Amazon, ISIS (or whatever), and MCX (whenever) have the experts writing and talking about how, when and where mobile payment will become common place.

Enter Apple. While Apple may indeed be the first broad based mobile wallet to achieve consumer adoption, Retailers will remember Apple as Odysseus’ and Apple Pay as a wooden horse bearing higher payment fees. New fees may start arriving in the first statements and no doubt merchants will be asking about the tokenization, wallet storage and API fees. According to legend, “after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of men inside. Once inside the walls of Troy, the Greek force crept out of the horse and opened the gates to allow the Greeks to enter and destroy the city of Troy.” A fruitless siege might be a good way to describe the tug of war between retailers and banks; abetted by the technology, to describe the painful march to mobile payment. Apple brings scale and technology, but it is their Trojan Horse approach to payments fees and merchants opening the doors to Apple Pay seems eerily like the Troy opening it gates.

Apple deserves applause for devising a strategy that hides their transaction costs within the issuer as a share of interchange rather than charging the merchant directly. Herein the lies the “Trojan Horse” and the promise of higher fees in the future. Published reports indicate Apple will be paid 15 basis points by the issuer (Banks). Retailers need to ask themselves, how long before this cost is shifted to the merchant by way of a higher acceptance fees? My guess, about the same time Apple reaches 10 million Apple Pay consumers.

The big unknown is how high will fees go? The answer is as high as possible. Merchants often say there is little competition in the card fee world and therefore it’s a monopolistic business. Apple Pay can only add cost and another partner that needs to earn profit. 20 years ago banks convinced retailers to accept card based payment using low fees, the results are clear. As merchants open the gates and let Apple Pay in, they should hardly be surprised when Apple Pay is earning 100 basis points rather than 15, and it won’t be the issuer paying the bill.

Right to the “3rd” power”: Mobile Payment the POS and ROI

The arc of loyalty/payment programing, particularly as it relates to mobile, is now mature enough for retailers to set long-term strategic goals. The high level strategy is about consumer engagement. The objective is to create a more intimate consumer shopping experience that is contextual in nature. The requirement being: “Right to the 3rd power”; the right offer, to the right person, at the right time. The tool set for loyalty, payment and the integration of omni-channel marketing in the mobile channel is the POS.

Mobile is the most important next generation service, in many ways it is here today. Consumer adoption of mobile services is exploding. The consumer is willing and ready, even waiting for the retailer to catch up. First to market retailers will be in the lead and have an advantage. Ignore mobile and you risk losing both the Millennials and the X-er’s. Is there any doubt that the next group will only be more mobile? Cards, checks and cash will exist, and will require attention, but having a mobile strategy is the key to future success.

While EMV will drive NFC to the POS, consumer engagement will be driven by merchant rewards. The days when retailers give over control of their customers to banks and associations will end as mobile payment becomes the norm. In this war for the mobile consumer, the POS and cloud-based mobile payment is supreme. The transaction is changing from the legacy model of capture/authorize and settle to a robust IP based dialogue. This dialogue is between the consumer and the POS and is about the relationship between the retailer and the consumer. Unlike today where the transaction begins when the item, coupon or loyalty card is scanned, tomorrow’s consumer will begin the engagement long before they arrive at the location. Mobile app based solutions will leverage Geo Fencing, Wireless, and BLE to engage the consumers according to their preference. The IT environment required to deliver these services must be tightly coupled to the POS at the Transaction Services Layer (TSL). This important change in the transaction flow means that payment, rather than being outside of the TSL, is now a part of the TSL. This change means that the entire legacy payments network may be disintermediated from the mobile transaction. We see this with companies like National Payment Card Association and believe MCX shares this goal.

Retailers are understandably concerned about ROI. ROI is a result of more profitable shopping. ROI is more than a function of “frequency and shopping basket”, it is about shaping the consumers purchasing decisions. People are asking about ROI and Mobile and reluctant to allow legacy payment fees into the branded app. To the extent that consumers react through the use of offers, coupons, push notifications, points etc in the mobile channel, payment is required to close the transaction within the same user experience. The notion that the mobile consumer will be interactive with the mobile experience and then be asked to use a card for payment does not make sense. Using a card in the mobile channel would destroy the user experience and make it impossible to measure conversion.

Certainly, there are many issues impacting retailers and the POS environment. The key questions is: which IT solution makes the most sense and how does it set the retailer on the road towards a larger goal of implementing a successful consumer acquisition and retention program that is “Right to the 3rd Power”?

The Target Breach: what it means to card and mobile ACH payment:

In the aftermath of the Target Breach, David Heun at American Banker writes that ACH decoupled debit could be the big winner saying “security may have suddenly become the product’s biggest selling point.” He tiled the story, “Target’s Redcard Proves Less Vulnerable to Data Breach than Bank Cards”. Today Richard Crone, chief executive of consulting firm Crone Consulting LLC is quoted in PYMTS.com saying “Skimming the 16 digits on Target’s proprietary decoupled debit Redcard will probably not even be pursued by the fraudsters who captured that number because it can only be used inside Target”, he went on to say; “The proprietary Target card represents another reason merchants may want their own card because it can mitigate risk, too.”

National Payment Card Association is the leading provider of ACH decoupled debit card services at the POS and the world’s largest processor of mobile ACH transactions at the fuel pump. ACH decoupled debit is safer than legacy payment because the actual payment credentials are not being passed through the POS. Instead the consumer links their financial account to a card or phone as a psydo number/Token across our database. This process isolates the consumer’s financial data from the payment processing network. This differs from legacy payments where the payment credential is on the card; given the choice, “no one would pass actual payment credentials through the point of sale”, says Richard Crone

Retailers can lower their liability to payment data loss by implementing ACH decoupled debit programs. At the 2013 Pinnacle Users Conference in Dallas, I quote Gray Taylor; Executive Director of PCATS, where he said that ACH programs lower the retailer’s exposure to payment data liability. Retailers are rightly concerned about the liability associated with payment data loss. Target is not the first to be a victim of this crime and watching the media reminds me of, with my apologies to the family; Kitty Genovese.

The debate about payment data is hardly new, who can forget the transition to 3dez. Target has announced that stolen PINS are safe behind a processor based encryption key, one win in the data protection business. Proponents of EMV, and by its extension, those involved with NFC mobile payments will point to Target as another justification for their systems. Meanwhile thieves will work on new man in the middle attack strategies. As long as the payment credential passes through the POS and processing network, it will be a target for theft.

Mobile payment is impacted as well. Data security is also a consideration as the retailer evaluates cloud-based mobile payment or NFC at the POS. Some proponents argue that the payment data can be stored on the secure element and be safe. The growth of mobile payment will capture millions of users as consumers choose mobile payment. Retailers have a unique opportunity to lower payment liability by shifting consumers to card and mobile ach decoupled debit.