Skip navigation
All Places > In the News > Blog > 2017 > January
2017

Amie Jackson, Leader Merchant and Partner Compliance for Vantiv, repeatedly fields questions from developers on anything PCI DSS or PA DSS. It would be reckless to assume that everyone in our space understands all the standards and guidelines and also keeps up with the ever-changing landscape. It’s worth noting, however, that it takes more than just knowledge of what these standards entail to implement them in your application.

 

Seeking a PA DSS validation is not only complex but also expensive and can range anywhere from $15,000 up to $45,000. These validations are provided by an independent auditor called a ‘Payment Application Qualified Security Assessor’ (PA-QSA), and cost is determined by the complexity of the application and payment implementation. Then, there’s a $1,250 fee required to list your validated application on the PCI Council website.

 

After that, there are several re-validations that must be done over time. First, a re-validation is required each time a significant change is made to your application that deals with cardholder data and payment functionality. Then, there is an annual re-validation even if there were no changes to the payment application. Cost for re-validation depends on the number of software versions and supported operating systems.

 

Beyond all of these fees, the biggest cost you’ll incur is simply building and/or modifying your application to meet all of the PCI and PA DSS compliance requirements in the first place. Building and maintaining all of this can take anywhere from a couple man-months to several man-years.

 

All of this explains why we’ve developed solutions that help reduce developers from the scope of PA-DSS compliance. Vantiv Integrated Payments, not you, handles sensitive cardholder information, which can reduce the number of PA DSS requirements you have to consider. And keep in mind, our implementation consultants are always on standby willing to work with you to understand your requirements and help alleviate some of the stress.

Payments security is a common topic in the news these days.  From the migration to EMV chip card technology to reports of high profile data breaches, security concerns dominate much of the conversation about payments. What is most concerning is the misinformation that can confuse and overwhelm small business owners.  I want to take the opportunity to clarify some of the terms so payments solution developers can evaluate their options and take action.  Let’s start by reviewing the following:

 

  • EMV chip card – The first important thing to understand is that EMV does not protect businesses from data compromises.  Instead, chip cards are designed to help stop card-present-counterfeit  fraud.  When a merchant adopts EMV technology, they are helping to protect their business against the potential fraud liability of accepting a counterfeit card to complete a transaction– not preventing card data from being compromised.

 

  • Network security –  To prevent a breach that compromises sensitive card data, merchants and solution providers need to enable strong network security.  This includes firewalls as well as segmenting communication networks that transmit sensitive information that hackers want to access. It is also critical to run continuous scans of these networks to detect and patch vulnerabilities.

 

  • Data security – Unfortunately, even the best network security measures may still get hacked. If it can happen to the U.S. government, it could happen to anyone.  Implementing data security will help make the data stolen worthless.  We typically address this issue with two technologies: encryption to help protect data in flight, and tokenization to help protect data at rest. We have seen more and more POS solutions coming to market that enable EMV with encryption and tokenization. This is a great strategy for a small merchant looking to invest in a POS technology upgrade.

 

  • Physical security – This item often goes overlooked, but it is a critical component. Businesses need to make sure that physical access to the POS is limited and secure.  Merchants can do simple things to help improve their physical store security, like not writing down card numbers and other customer information.

 

If any of this seems very complex, it’s because it can be.  It is very important that merchants make the decision to either create an internal discipline around security, or find a trusted technology partner to handle security on their behalf.  This is the first step in protecting their business from the financial and reputational damage that security vulnerabilities can cause.

 

As a solution provider that enables payments it is paramount to offer some type of security solution to your customers.  Security can be positioned as a differentiator for your business by how easy the solutions can be implemented and used, and by making sure that the solution does not impact other critical business functions like reporting, reconciliation, and analytics.

 

To learn about the payment security solutions Vantiv offers that you can leverage for your solution, contact us.

Every month, Vantiv and PYMNTS.com team up to deliver the latest news in the developer space. Here's an overview of the Developer TrackerTM published in December 2016.

 

Paying rent with personal checks made sense not too long ago, before new payment methods started to change consumer expectations. But these days many renters, especially younger ones typically in the market for apartment rentals, want and expect more options.

 

A survey from the Federal Reserve reported that the number of checks in circulation declined by more than 50 percent from 2000 to 2012 as card payments and new payment methods more than tripled. Despite that, according to the same research from the Fed, checks still reign supreme when it comes to paying rent. But new players, like mobile rent-paying app YapStone, want to change the playing field.

 

The company is looking to answer renters’ requests for another way to pay by offering the most ubiquitous solution possible — one that accepts a wide range of payment types, according to Bruce Dragt, YapStone’s senior vice president of product. December’s Developer Tracker features an interview with Dragt discussing the payment platform and what he sees as a rent revolution.

 

Checks have been around for a long time, but they can be expensive and time-consuming for property management companies to process. Dragt explains that YapStone is looking to replace checks with more modern forms of payments such as credit/debit cards and mobile wallets. The company’s solution accepts not just modern methods like card and mobile payments, but also ACH Payment processing, international payments and other acceptance methods. Renters with roommates can also share or split payments across multiple accounts.

 

“We provide as many mechanisms as possible for renters to pay their rent so that it can be as simple and easy as possible for everyone to use the solution to make a payment,” Dragt says. “We also provide integration, backing and tools for the property management companies, so they can update their records and keep track of who has and has not paid.”

 

But the solution is not just designed for making payments on a full-time home. YapStone can be used to facilitate short-term rentals, such as a week at a beach house or a cottage on the slopes. The company has even powered payment processing for HomeAway, a popular vacation rental app and website, for over 10 years.

 

Most recently, the company announced a new integration and collaboration with Vantiv that will allow YapStone to offer single-touch payment acceptance for Apple Pay, Apple’s mobile wallet. Dragt said that the partnership was part of the company’s effort to add integrations for new payment methods as they become more widely used.

 

“The ability to add new payment methods to our platform is really important,” Dragt explains. “The operating model that we use to support all these different payment ecosystems and to add new payment types is to make it very simple and seamless for our end client. So we want to make it available to the consumer as quickly as possible without disrupting the core operating environment for property managers.”

 

Given the changing state of rental payments, perhaps it won’t be too long before checks are given a permanent eviction notice.

 

Here’s a snapshot of other notable developer-focused news items:

  • According to a report from Pew Charitable Trusts, mobile payments awareness reached all-time highs in the US. More than 40 percent of respondents said they were familiar with four different mobile payment capabilities. Despite this awareness, no more than 32 percent of consumers had performed any mobile payments action.
  • Apple recently announced it will partner with the Blackhawk Network to integrate gift and loyalty cards into its mobile payment system. Blackhawk will allow Apple Pay users to make payments using prepaid gift cards and to earn and use rewards/loyalty points from participating merchants.
  • Google recently launched its Android Pay mobile wallet in Ireland. The nation has been a fairly early adopter of mobile payments, with half of consumers using contactless payments, including 1.9 million customers a week.
  • Amazon unveiled its new grocery store design, Amazon Go. The store allows customers to enter the store using a paired smartphone app, pick up their items and exit the store without waiting in line or visiting a cashier. The app works with a variety of sensors to detect what shoppers have selected and charges their Amazon accounts for the items they take home.

Download the report

It seems that every time we turn around, there is more news about digital wallets and their potential impact on payments. Whether you’re a merchant or an application developer, with so many players, and new developments coming at a furious pace, the digital wallet landscape is become confusing indeed. If your organization is like most, you have limited resources, so choosing the right wallet strategy is important. For most, the technology promises to improve customer convenience, conversions, loyalty, revenue and profitability. For readers unfamiliar with digital wallets, hopefully this short article will serve as a helpful primer.

 

GettyImages-473330616.jpgDefining the term digital wallet seems like a good place to start. Definitions vary, but digital wallets are usually viewed as a way of storing or referencing payment credentials on an electronic device, such that the device can be used to make a payment.  Most wallets allow you to place credit cards, debit cards or other payment sources into a virtual wallet, and use that wallet to make purchases on-line, in mobile applications (in-app), or in the store depending on the wallet and how and whether merchants support it.

 

Beyond these basic capabilities, wallet features can vary widely:

 

  • Types of payments supported: in-store, in-app, mobile web, traditional eCommerce
  • Technologies used: NFC (tap), MST, QR codes, barcodes
  • Payment methods allowed: debit, credit, alternative payment types
  • Specialty cards: pre-paid, gift cards, loyalty cards
  • Device compatibility: phone, tablet, OS, web browser, other devices
  • Vendor or wallet specific value-added features: e-coupons, shopping lists, pay ahead

 

With so many potential points of comparison, and hundreds of wallets on the market, it can be difficult to compare wallets directly. It's possible to group wallets into some broad categories however, and one way of doing this is to look at the types of organizations providing the wallets and their business motivations.  While there are exceptions to any rule, most wallets fall into one of these categories:

 

  • Mobile wallets (from mobile device manufacturers) - Wallets provided by device manufacturers are meant to provide convenience, and bias a consumer to a manufacturer’s phone, tablet or other device as well as the software, service and partner ecosystems that surround them. These types of wallets are generally agnostic as to the underlying method of payment. Examples are Apple Pay, Android Pay and Samsung Pay. Most support in-store payments (using NFC or QR codes) as well as in-app payments. Mobile wallet providers are busily adding support for one-touch payments for participating eCommerce merchants, to simplify the payment process on mobile websites and compete with other wallet providers like PayPal and Amazon Pay traditionally focused in this area. There is some blurring of the lines between the terms mobile wallet and digital wallet, but mobile wallets are usually understood to be wallets provided by a mobile device provider.
  • Issuing banks – While most banks will support one or more of the mobile wallets described above, some banks also provide their own wallets for the convenience of their banking customers. These wallets typically provide capabilities that bias users in some fashion toward payment methods and services friendly to the bank – either by restricting the payment cards supported, by providing incentives to use bank-issued credit or debit cards, or by providing access to additional bank services in a convenient, consolidated app. Examples of wallets in this category are Chase Pay and CapitalOne. These wallets can generally be used at selected retail locations, and some (like Chase Pay) provide support for on-line purchases as well.
  • Credit card companies – The card brands play a key enabling role for other wallets, but they also offer their own wallets. Not surprisingly, card brands want to make it easier for consumers and merchants to use their payment cards regardless of the issuing bank, so wallets provided by these organizations reflect a bias to their own payment cards while being device, bank, payment processor and retailer agnostic. Examples of wallets in this category are Masterpass, Visa Checkout and AMEX Express Checkout. Credit card companies are working to make it easier for retailers to integrate eCommerce web stores and mobile apps with their respective wallets to help them capture a larger share of commerce. While most of the action is around on-line purchases today, the card brands clearly have their eyes on wallet-enabled in-store payments as well.
  • Merchant provided wallets – Large merchants sometimes provide their own wallets. Merchants want to promote loyalty to their own-brand, cross-sell and up-sell products and services, and avoid intermediaries in the payment processing chain that might erode revenue and margin. Wallets provided by merchants are typically agnostic of the device used for payment and are intended to bias consumers toward doing more business with that specific merchant by providing a variety of convenience features and incentives. Examples are wallets like Walmart Pay and the Starbucks app. Another large retailer, Amazon.COM with their Amazon Pay wallet has gone a slightly different direction allowing their wallet technology developed for their own on-line store to be used by other merchants as well, essentially competing with not only other retailers, but with other payment providers also. Other retailers not offering their own wallets are leveraging third party mobile wallets and incorporating these into their own apps and mobile websites.
  • Alternative Payment Providers – Some payment providers also provide their own wallets. Providers like PayPal and AliPay are well established in eCommerce payments, and store payment credentials for millions of users. Not surprisingly, they’re aiming to leverage their large base of existing users to gain further market share in mobile web and in-app transactions, and are providing features that compete with banks like peer to peer payments. Some of these providers are seeking to gain a foothold in in-store / card present payments as well. Other alternative payment players like Coinbase provide wallets focused on storing and facilitating payments using digital currencies like bitcoin and ethereum enabling both consumers and merchants and facilitating both consumer to business and peer to peer transfers. Social platform providers (like China's WeChat) are squarely in the game, augmenting their capabilities with wallets for peer-to-peer, on-line and in-store payments, helping solidify their position as a hub for on-line activity.
  • Specialty / Independent Providers – In addition to the wallet categories above, there are additional digital wallets types more focused or specialized capabilities. For our purposes we’ve lumped a few different types of wallets together in the interests of brevity. Some wallet providers focus specifically on the challenge of collecting, storing and managing the redemption of gift cards, loyalty cards and coupons. Managing these cards and ensuring that balances are fully spent is a challenge understood by all of us who have received gift cards or other program incentives. Examples are providers like Gyft (acquired by First Data), CardStar and Keyring. Other providers like eWallet take a different approach, focusing less on the challenge of payments, and more on the challenge of organizing credentials of all types (payment cards, web-site / social-media logins, insurance cards, passports) into a secure cloud-based service accessible from multiple devices. Providers in this category address another twenty-first century challenge, familiar to all of us with multiple cards and dozens or even hundreds of login accounts for various websites and on-line services. Other providers like LevelUp focus in important niche areas like quick-serve restaurants allowing consumers to order ahead and skip the line by paying on their phone. The Chinese market is likely the model where the use of digital wallets is widespread. According to Inside Retail Asia, 76.1% of respondents to a survey of smartphone users in China indicate that they have made a purchase from their smartphone.

 

For years, pundits have been claiming that “this will be the year of the digital wallet”.  Despite a fragmented market, and relatively slow market adoption (at least in North America) the growth trajectory appears clear. Major technology providers and retailers now have well-articulated strategies, and are moving quickly to roll out the technology and promote it. While McKinsey estimates put mobile payments at less than two percent of consumer spending in the US in 2015, their analysis suggests that this will grow to 9% by 2020 (a 350% increase) with the majority of these payments involving stored credentials. Importantly, some industries will see much higher penetration for mobile payments and wallets.

 

As competition heats up, and consumers demand convenient payment options, especially from mobile devices, the use of digital wallets is expected to grow dramatically. If you’re not already thinking about how to serve your customer with more convenient payment options, chances are good that your competitor is.

 

For Vantiv customers and partners interested in embracing digital wallets as part of their payment acceptance strategy, 2017 is shaping up to be an exciting year. Vantiv is busily rolling out additional technical resources for developers of wallet-enabled payment applications across Vantiv’s payment platforms. Join the Vantiv O.N.E. community, and follow our Mobile & Digital Wallets sub-community to stay abreast of new developments.

 

Do you have thoughts on mobile wallets? I’d welcome your thoughts and perspectives!

 

The table below provides a brief summary and comparison of some of the mobile and digital wallets mentioned in this article as well as links to more on-line resources.

 

WalletTypeIn-storeeComm / In-appCredit / DebitLoyalty / GiftPeer-to-peerDevices
Apple PayMobile walletYes (NFC)YesBothYesNoApple
Android PayMobile walletYes (NFC)Yes - In-app, mobile web announcedBothYesGoogle walletAndroid
Samsung PayMobile walletYes (NFC,MST)Yes - In-app, mobile web announcedBothYesNoGalaxy, Gear S3
PayPalPayment providerselect POS solutionsYesBothYesYesApple, Android, Web
MasterPassCredit cardannounced (HCE)YesBothYesMastercard SendApple, Android, Web
Visa CheckoutCredit cardNoYesBothNoVisa directApple, Android, Web
Walmart PayMerchantYes (QR code)NoBothWalmart onlyNoApple, Android
Amazon PayMerchant / Payment ProviderNoYesBothat Amazon store onlyNoWeb only
LevelUpSpecialtyYes (QR code)Yes (in-app)BothMerchant branded, whitelabelNoApple, Android
GyftSpecialtyYes (barcode)Gift cards onlyGift card purchases onlyYesNoApple, Android
KeyringSpecialtyYes (barcode, ecoupons)Coupons + loyalty onlyNoYesNoApple, Android
AlipayPayment ProviderYes (QR code, barcode)YesBothBothYesApple, Android, Web
WeChat walletPayment Provider / Social Platformes (QR code, barcode)YesBothBothYesApple, Android, Web
Capital OneBankYesNoCapital One onlyNoYesApple, Android
Chase PayBankYes (QR code)YesChase onlyChase offersYesApple, Android
CoinbaseSpecialityNoYesBitcoin onlyNoYesApple, Android, Web
eWalletSpecialityNoNoStorage onlyStorage onlyNoApple, Android, Web, Windows, Mac OS X
Amex Express CheckoutCredit cardLimitedYesAmex onlyNoNoApple, Android, Web