Do IBM POWER users require a payment solution that supports Tokenization and EMV?
The following Payment Card Processing flowchart depicts many of the fundamental concerns and requirements for Merchants wanting to avoid the shift in liability (from the processor to the Merchant) related to credit card processing.
One of the critical concepts we are attempting to point out is that Merchants continuing to process payment transaction via an In-Scope solution (Non-EVM and Non-Tokenization) are operating in a high-risk environment. As a result, their incidence of potential fraud, identity theft, fee increases, fines from an acquirer, a shift in liability and legal action are all real looming threats.
Also, for card present transactions, if you are not capturing the card data using EMV enabled payment terminals, you are exposing yourself to being held liable for any fraud resulting from that transaction. To put it another way, if you process a charge for $2,500 which is proven to be fraud, the $2,500 comes out of your pocket in addition to any fines or fees.
By moving to an EMV solution, you are shifting the burden of liability away from the Merchant to the Processor.
Unlike magnetic stripe cards, EMV chip cards send data that changes with each transaction. EMV chip cards transmit a variable algorithm with each transaction, making the data more secure than the static data found on magnetic stripe cards, thus reducing the potential for fraud.
If your organization is still on the fence or moving at a snail’s pace adopting an Out-Of-Scope EMV solution, one other key factor to consider is your brand reputation! If your company gets hacked and a data breach occurs the resulting loss of your brand and reputation could be a potential ongoing nightmare. The extent of how long it might take your business to recover is almost impossible to predict or gauge!
If your organization is considering implementing an Out-of-Scope EMV payment solution we would appreciate the opportunity to learn more about your company and the goals you are trying to achieve.
The following flow chart summarizes key issues that need to be considered:
(1) PCI-DSS Scope:
Do you need an Out-Of-Scope or In-Scope payment solution? Please see out blog entry “Questions you need to ask your management team before purchasing a new, or upgrading an existing, payment card solution for your IBM POWER processor? Coming soon …
(2) Customer Present:
If the customer is present, card data can be captured by inserting an EMV enabled card, swiping the card to read the data recorded on the magnetic strip, or tapping an NFC / contactless digital wallet with a stored card, like a smartphone with Apple Pay enabled. All other payment methods are considered “card-not-present” even if the card is physically with the customer at the time of the transaction.
(3) Shift In Liability Impact:
Must your payment solution provide you with a way to avoid exposure to the Shift-In-Liability issue? Please see out blog entry “Questions you need to ask your management team before purchasing a new, or upgrading an existing, payment card solution for your IBM POWER processor”. Coming soon …
(4) Market Segment:
What payment industry market segments do you require support for. Please see out blog entry “Questions you need to ask your management team before purchasing a new, or upgrading an existing, payment card solution for your IBM POWER processor”. Coming soon …
(5) Card Data Capture:
How do you plan to capture card data? What payment industry market segments do you require support for. Please see out blog entry “Questions you need to ask your management team before purchasing a new, or upgrading an existing, payment card solution for your IBM POWER processor”. Coming soon …
(6) Do You Need:
The answer to “Do You Need?”.
(7) Investment Dollars Required:
How much will you have to invest to upgrade or install a new payment solution?
Payment Card Observations
- Accepting payment cards (credit and debit) is a cross-industry requirement! Is there any business that can survive without accepting payment cards?
- As transaction volumes (TPS – transactions per second) fluctuate, response times fluctuate (latency)! Customers are very sensitive to response times. Choose a platform to host your payment solution this is capable of scaling, without solution re-write, to respond to you needs.
- The cost of integrating your payment solution with your front and back office systems is likely to be one of the most skill and resource intensive issues you will have to deal with. Carefully examine the integration options offered by your solution provider.
- If you run your business on IBM POWER, then it is likely you would integrate your payment solution with front and back office systems running on POWER!
- Over time, your requirements, resource availability, and technologies change. Change may result in your need to switch platforms. Keep your options open! CFXWorks’ payment solutions run on any Java 1.8 enabled platform capable of running Apache Tomcat. This includes Windows, Non-IBM Linux, and IBM all three IBM POWER environments (AIX, Linux, and IBMi)!