payments business magazine jul/aug 2015

PM40050803

July

/Au

g 2

015

INSIDE: OUR 2015 CYBERSECURITY REPORT

The Merchant’s Guide to Transactions, Cards & eCommerce

❱ Albert Gonzalez who pled guilty last year to breaking into computer systems of major retailers.

alSO In ThIS ISSUE:

❱ Vertical Market Taking the friction out of ecommerce

❱ Industry Update ISO 20022 and real-time domestic payments

The Real Face

oF STolen DaTaThe Real Face

oF STolen DaTa

3 JULY/AUGUST 2015 PAyMENTSBUSINESS

TAblE Of CONTENTS

4 News28 Events

8 Event Roundup - Cardware30 ACT Canada Update

COLUMNS & DEPARTMENTS

FEATURES

10The Evolution of Payment fraudHow it works, where it began, and the impact of EMV

13Cybersecurity: Not Just An IT Issue New technology also comes with new and complex IT security challenges

15Gamer Safety from the Merchant to the Consumer A look at gamer safety from account takeovers to third party fraud

July/August 2015 Volume 6 Number 4

Editor Karen Treml [email protected]

Publisher Mark Henry [email protected]

Contributors Markus Bergthaler; Derek Colfer;

Karen Cox; David Drury; Catherine Johnston; Stephen Lindsay; Derek Vernon

Creative Direction Jennifer O’Neill [email protected]

Photographer Gary Tannyan

President Steve Lloyd [email protected]

For subscription, circulation and change of address information, contact [email protected]

Publications Mail Agreement No. 40050803

Return undeliverable Canadian addresses to: Circulation Department302-137 Main Street North Markham ON L3P 1Y2 t: 905.201.6600 f: 905.201.6601 [email protected] www.paymentsbusiness.caSubscriptions available for $40.00 year or $60.00 two years.

©2015 Lloydmedia Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of the publisher. Printed in Canada. Reprint permission requests to use materials published in Payments Business should be directed to the publisher.

Made possible with the support of the Ontario Media Development Corporation

Next issue…SEPT/ocT — An acknowledgement and celebration of the women that are the inspiration,

innovators, and rising stars of the payments industry.

18Our files, Our Information – Our IssueACT shares its experience with a malware attack

REGULAR COLUMNS

20INDUSTRY UPDATEISO 20022 and real-time domestic payments

24PAY CHANNElRemote deposit capture: faster, easier cheque processing

26VERTICAl MARKETTaking the friction out of eCommerce – streamlining and securing the process

The Real face of Stolen Data

This month’s

feature

section

deals with

cybersecurity.

For the most part,

cybercrime is nameless -

and it is faceless. Unlike

Ponzi scheme criminals

and serial killers where

everyone is familiar with

those names and the faces,

few of us could actually

name any cybercriminals or

identify them in a photo.

Yet, behind every incident,

there is indeed a name and

a face. Albert Gonzalez,

alias ‘Soupnazi’, featured

on the cover, is one of the

real faces of stolen data.

Gonzalez pled guilty to

breaking into the computer

systems of major retailers,

including TJX Companies

and BJ’s Wholesale Club.

He was sentenced to 20

years in prison after being

a part of one of the largest

thefts of credit and debit

card numbers in American

history. In cybercrime, the

names are real, the faces

are real, and their activities

result in massive costs

to both businesses and

individuals.


NEWS

CPPO to support high-growth, multi-billion dollar prepaid market in CanadaWith a highly banked population and a reputation around the world for being fiscally responsible, a new survey reveals that many Canadian consumers face challenges with the current ways they manage their finances, budget and pay for goods. As a result, Canadians from coast to coast are considering new financial tools to help them solve these problems and take control of their financial lives.

Entitled “How Canadians Pay Today,” the survey of 1,003 Canadian consumers was conducted by Leger and commissioned by the Canadian Prepaid Providers Organization (CPPO), the voice of the rapidly growing open loop prepaid payments industry in Canada. The cards look and function like traditional credit and debit cards and can be used anywhere the card network (American Express, MasterCard and Visa) is accepted, including online and around the world. However, they do have a significant difference to credit and debit cards: they access a set amount of funds that have been pre-loaded for a consumer by a consumer, business or government. According to MasterCard Canada the industry is expected to reach CDN$ 4.9 billion in merchant spend in Canada in 2015.

“While Canada has one of the most progressive populations with respect to adoption of financial services, this study shows that there are still concerns with payment security, budgeting and managing finances, and open loop prepaid cards can help alleviate those problems,” said David Eason, CPPO co-founder and Chairman of the CPPO and Berkeley Payment Solutions. “Open loop prepaid products are the fastest growing form of electronic payment in the U.S., with USD$200B in merchant spend in 2014. Canada’s market is expected to follow this growth trend as many Canadians look for secure and convenient ways to manage their finances, budget and reduce debt.“

Other survey results:Three quarters of Canadians prefer not to carry a lot of cash; •current financial products aren’t fully meeting their needsThree quarters (74 per cent) of Canadians prefer not to carry a lot •of cash and 78 per cent use less cash than they used to. Despite

this fact, 65 per cent are concerned about using their debit and credit cards at online retailers and 45 per cent are worried about security of their cards.Vast majority of Canadians (82 per cent) want payment cards that •avoid overdraft or interest chargesOpen loop prepaid cards access a set amount of funds, so •Canadians can avoid overdraft fees, NSF fees and interest charges. The majority (82 per cent) of Canadians want a payment card where they would not be charged those fees.Less than one-third of Canadians set a budget, stick to a budget •and have difficulty tracking their spendingFifteen per cent of Canadians rarely or never stick to a budget •and 12 per cent never even set budgets. Almost one-third (30 per cent) cited difficulty in tracking spending. And 40 per cent of Canadians would welcome a payment card with a set spending limit, such as an open-loop prepaid card, so they can stick to a budget.Canadians starting to look for new ways to manage finances; •one-fifth use gift cards to set spending limits; one-in-four want a payment card with a spending limit; more than half would consider using open loop prepaid cards

Some Canadians are starting to use and seek out tools that help them set spending limits and budget. One-fifth (21 per cent) of Canadians are using gift cards to help them set personal spending limits when they shop, 40 per cent want a payment card with a set spending limit, and over half (60 per cent) want online services or apps to help them budget.

One solution Canadians are considering is open loop prepaid cards as they offer consumers a set spending limit, so they can stick to a budget as well as access online tracking tools and text alerts to help them monitor spending. After learning about the benefits of open loop prepaid cards, over half (55 per cent) would consider using one.

Twenty-five per cent of people would share their DNA for faster mobile authenticationThe majority of people who use mobile banking want their mobile devices to instantly recognize them through biometric technology rather than ID authentication such as passwords and usernames.

The report was carried out by Telstra, an Australian telecommunications company, and it surveyed over 4000 generation X and Y consumers of financial services in seven countries including the US, Australia and the UK.

The report found that smartphone is the most frequently used method of banking

amongst Gen X and Gen Y people.The findings reveal that most people

demand instant verification such as facial or fingerprint recognition that requires little interaction on their part. Two-thirds of people surveyed believe that voice, fingerprint and facial recognition are more secure and help reduce fraud.

A quarter of people says they would be happy to share their DNA with their bank if it meant it would the authentication process easier.

However, at the same time, less than half of the people are satisfied with their bank’s

security and one out of three has actually been a victim of identity theft.

On the financial institutions’ side 62 per cent of financial executives say that they do not think they are investing enough in security solutions. However, nearly 90 per cent are planning to change that.

“For ‘no-finapp-phobic’ Gen X and Gen Y consumers it’s time to create mobile identity solutions that instantly recognize them for who they are,” says Rocky Scopelliti, Global Industry executive for Banking, Finance & Insurance, Telstra.

Celebrating a world of potential.As a leader in the Advancement of Women, Scotiabank is committed to supporting women in reaching their full potential. Through our Bright Future philanthropic program, we continue to support local communities and women’s initiatives around the world.

Today, Scotiabank congratulates all of the Women in Payments Award winners and celebrates the innovators and leaders in the payments industry.

scotiabank.com

™ Trademark of The Bank of Nova Scotia, used under licence (where applicable). Scotiabank is a marketing name for the global corporate and investment banking and capital markets businesses of The Bank of Nova Scotia and certain of its affiliates and agencies in the countries where they operate, including Scotia Capital Inc. and Scotia Capital (USA) Inc., which are non-bank affiliates of The Bank of Nova Scotia and authorized users of the mark. Scotia Capital Inc. is a Member-Canadian Investor Protection Fund. Scotia Capital (USA) Inc. is a registered broker-dealer with the SEC and is a member of FINRA, NYSE and NFA. Not all products and services are offered in all jurisdictions. Services described are available only in jurisdictions where permitted by law.

C o r p o r a t e & I n v e s t m e n t B a n k i n g | C o m m e r c i a l B a n k i n g | C a p i t a l M a r k e t s | C a s h M a n a g e m e n t | Tr a d e F i n a n c e

Local strength. Global reach.


NEWS

banks look at top to bottom reinventionTechnology and new game-changing players like Apple Pay are causing a “top to bottom reinvention” of banks and the traditional business model, says Victor Dodig, the chief executive of Canadian Imperial Bank of Commerce.

But rather than take a ‘defensive’ approach to technology-driven disruptors in areas such as retail payments and peer-to-peer lending, Dodig says CIBC is committed to keeping pace to give customers the ability to bank when, where, and how they want.

That means recognizing the bank can’t do everything alone, and ‘embracing and deepening collaboration and strategic partnerships with outside innovators, [and] working with new tech partners and networks, says Dodig.

“If you believed all of the doom and gloom being written about banking these days, you would think it’s just about all over for us – that the Apples, Googles and others … are about to put us out of business, and that our clients are set to desert us in droves for new financial services providers, that is simply not the case,” he says.

CIBC is committed to investing in modernizing the bank to “transform legacy platforms, organizations and cultures,” and matching the rapid change and innovation of competitors “stride for stride,” says Dodig, who took over as chief executive of Canada’s fifth-largest bank in September.

“We intend to be there with our clients as they adopt new technologies and look for secure, easier and more flexible ways to look after their day-to-day banking needs,” he says.

CIBC became the first major bank in Canada to participate in Suretap, a new mobile digital wallet that allows clients to store multiple payment cards in a single app and pay with their phone at thousands of retailers in Canada where contactless payments are accepted.

“In 18 months’ time, I think all the relevant participants that have relevant technology that are either in the Android space, in the BlackBerry space, in the

Apple space, will play a role in the financial ecosystem,” he says.

Despite his commitment to play in the new game, Dodig says the bank will, for the time being, maintain old ways of doing business that customers want. New entrants might struggle to disrupt some areas of traditional banking because clients “will continue to rely on the safety, strength and security of well-capitalized banks like CIBC,” he says.

Banks will also continue to profit from relationships they have built with their business and personal banking clients.

“With all the talk about technology and innovation, you might conclude that relationships are becoming less important; in fact they matter more than ever,” Dodig says in his remarks.

“We’re focused on deepening client relationships by being innovative in developing the channels our clients use every day. We are investing in areas that make it easier to do business with us.”

Dodig says CIBC has a history of embracing technology and innovation. It was the first Canadian bank to provide an automated teller machine in 1969, and the first to offer telephone and online banking. CIBC also pioneered drive-thru branches in the 1950s and 60s.

He predicted that branches will continue to exist, but that the branches of the future will be “smaller and smarter.”

Dodig says 80 per cent of all transactions are now conducted outside the branch, a figure that is expected to grow.

He also suggested that overall size won’t always matter for the banking industry.

“The strongest banks of the future will be more regional than global and will increasingly partner with like-minded organizations to provide their clients with access to global markets and financial transactions,” Dodig says.

“In my view, the operational complexity, competitive pressures and varying regulatory frameworks facing global banks has created an environment where, the costs of being a truly global bank far exceed the benefits.”

bitcoin startup adds Visa founder to its board of advisorsXapo, the bitcoin startup, is continuing to follow the trend of crypto currency companies becoming financially respectable by adding Wall Street veterans to its new advisory board.

One of the new advisors is Dee Hock, the founder of Visa. Hock sees bitcoin as the way forward and out of, what he sees as, archaic financial structures.

“We live in the 21st century but are still using command and control organizational structures from the 16th century. Bitcoin is one of the best examples of how a decentralized, peer-to-peer organization can solve problems that these dated organizations cannot,” said Hock.

John Reed is another addition to the board. He’s the former chairman & CEO of Citibank. During his tenure Citibank developed the modern ATM, and ‘helped redefine the modern retail banking experience’.

“Bitcoin represents a real opportunity for changing that. Money at its core is simply a ledger for keeping track of debts and bitcoin is truly the best iteration of a universal ledger we’ve ever seen,” said Reed.

The final appointment is Lawrence H. Summers, the former Secretary of the Treasury during the Clinton administration.

“Bitcoin offers, for the first time, a method for transferring value and making payments from anywhere to anywhere, in real-time, without any intermediary,” said Summers.

These appointments come at a time when bitcoin companies are beginning to acquire legitimacy and mainstream acceptance. First, came the bitcoin startups that sought to be recognized as credible financial institutions by submitting to government regulation. Now the interest has been reciprocated by the financial industry.


NEWS

Virgin Mobile simplifies payments with PAYfORTVirgin Mobile Saudi Arabia will expand the variety of payment options it offers to mobile subscribers in the Kingdom via an agreement with PAYFORT, the Arab world’s leading online payment service provider. The new Saudi operator, which is on a mission to Make Mobile Better, will be able to provide customers with a seamless payment experience and a wider range of payment options, including secure payment transactions via mobile devices.

“PAYFORT’s online payment platform allows us to offer subscribers the option to pay safely and easily via whatever connected device they are using,” said Karim Benkirane , CEO of Virgin Mobile Saudi Arabia . “We have worked hard to provide Saudi subscribers with easy ways to engage with the Virgin Mobile brand including a great user experience via mobile devices. PAYFORT seamlessly integrates with our existing online platforms to provide added convenience for our customers.”

Virgin Mobile Saudi Arabia recently won an award for Best Online Experience at the regional Customer Experience Management in Telecoms Middle East Summit in recognition of the operator’s innovative approach to serving members via social media and web channels.

“Today’s consumers are looking for easy ways to purchase from brands and increasingly payment via mobile devices, this is particularly true for the tech-savvy youth segment of the market” said Omar Soudodi, Managing Director of PAYFORT. “PAYFORT’s online payment platform will allow Virgin Mobile subscribers in Saudi to pay in the way most convenient to them via any connected device, whilst remaining immersed in Virgin Mobile’s user experience.”

PAYFORT has the solutions that meets the needs of the operator’s mobile customers, without forcing subscribers to leave Virgin Mobile’s web experience.

”PAYFORT provides a variety of payment options to help mobile operators offer subscribers more ways to pay, thereby increasing sales,” added Soudodi. “The Middle East’s appetite for mobile services and e-commerce is growing fast and so there’s a clear opportunity for mobile operators to lead the way here.”

More Canadians than Americans satisfied with prepaid cardsSix in 10 Canadians are aware of reloadable open loop prepaid cards but only 29 per cent have used one (compared to 60 per cent in the U.S.). A higher level of Canadians (73 per cent) have expressed satisfaction with reloadable open loop prepaid cards than Americans, where there is a 70 per cent satisfaction rate with open loop prepaid cards.

“The survey findings reinforce what we know: Canadians are looking for more payment options that meet their needs. Open loop prepaid cards provide the safety and convenience Canadians are looking for and we have joined the CPPO to help further educate consumers and businesses about the benefits,” said Tom McTague, VP, Prepaid, MasterCard.

Because of the growing popularity of open loop prepaid in Canada, and on a global scale, the not-for-profit CPPO has launched with the support of major financial institutions, card networks and other industry players.

“Canada’s leading payment players have created an Association that will be the educational resource for open loop prepaid card information, so that consumers and businesses can have the best experience with the products,” said Jennifer Tramontana, CPPO co-founder and executive director. “This industry is expanding by leaps and bounds and the time was right to give it a voice.”

Open loop prepaid cards are a cost-effective, flexible and easy-to-use payment tool. The cards can be used anywhere the card network (American Express, MasterCard and Visa) is accepted, including online and around the world. They are rapidly replacing cheques as a less expensive and more secure option for issuing payments. Open loop prepaid cards look and function like traditional credit and debit cards at the point-of-sale and offer the same fraud and loss protections offered by the card network with a significant difference— they access a set amount of funds that have been pre-loaded by a consumer, by a government or by a business.

The CPPO is a not-for-profit organization and the collective voice of the open loop prepaid payments industry in Canada. It is the only Association solely focused on this growing industry and is supported by major financial institutions, card networks and other industry players. The CPPO is focused on awareness and education so that consumers and businesses can have the best experience with these popular products. Members of this not-for-profit organization include major financial institutions, payment card networks, program managers and key vendors that support the growth of this industry. Founding members include: American Express (Amex Bank of Canada), Bank of Montreal, Berkeley Payment Solutions, Home Trust Company, Incomm Canada, MasterCard Canada, Peoples Trust Company, RBC, Scotiabank and The Fletcher Group LLC. Supporters include Cassels Brock & Blackwell LLP and Blake, Cassels & Graydon LLP.

To send press announcements, please direct them to Karen Treml, Editor, at

[email protected]


EVENT ROUNDUP

Cardware 2015 -Were You There?

I’m sure you’ve been to your fair share of conferences – some good, some

disappointing, and a few that were great. I share those experiences with you. For that reason, I wish there was a word other than ‘conference’ to describe Cardware. Let me describe the event and perhaps you have a word I could use.

Take more than 300 senior payment stakeholders who represent issuers, acquirers, merchants, payment networks, regulators, and the industries that supply them with products and services. Bring them from Canada, the United States, Europe, Norway, the UK, Turkey, and New Zealand. Provide them with information from 37 presentations and panels and then watch them take advantage of every minute to share information, insights, and ideas.

Payments are not for the faint of heart. The industry is pressed to find business cases for a growing number of form factors, such as mobile phones, tablets, wearables, and even glasses. The investment to make each of these happen can be steep, even though the increase in revenue-driving transactions is modest.

Issues of privacy, security, and customer experience all demand attention. Digital currencies and dynamic currency conversion also claim the industry’s

attention. Tokenization and P2P encryption, along with HCE and customer authentication, were all topics of conversation. Delegates talked about the massive amounts of data that will be generated by the Internet of Things and discussed whether that could create privacy issues.

Balancing cautions and concerns, were enthusiastic discussions about mobile point of sale, POS applications that drive value for merchants, and in-store mobile payments.

Payment networks met with major Canadian merchants to discuss areas of mutual interests. Merchants met to discuss mobile strategy and, at a second meeting, considered a data breach analysis option. ATMIA hosted a town hall meeting where delegates could learn more about issues facing the ATM industry.

In addition to all the content, Cardware was once again where people connected with the other stakeholders who work with them to provide secure payment and digital ID. We always say that what happens at Cardware doesn’t stay there! It takes a great number of people to deliver opportunities and overcome barriers that are a part of the daily fabric of payment. ACT Canada is pleased to bring them together to help them meet their goals.

So, I still don’t have a word

to describe Cardware, but when I look up the definition of ‘conference’, I find, “the act of conferring or consulting together; consultation, especially on an important or serious matter”. That does describe a large part of Cardware, but it misses one key element. When you listen to the crowd at Cardware you hear excitement, commitment, and enthusiasm for all things payment. You can almost see people’s emotional batteries recharge. They ask questions and share ideas. They build and strengthen relationships for the benefit of their organizations and their careers.

So, is there a word for that?If you were at Cardware, we

thank you for helping to make it a success and we look forward to seeing you next June as we look at new opportunities and challenges. If you weren’t there – we look forward to also seeing you there next June.

Catherine JohnstonPresident & CEOACT Canada: stakeholders driving the evolution of payment and digital identity

Chairman: ISCAN, the International Smart Card Associations Networkca.linkedin.com/in/catherinejohnstonact/www.actcda.com

BY CAThERiNE JohNSToN

Want to know more about your card programs?Do you issue fl eet cards? Manage transactions?

Is it vital to keep on top of technology which affects your mobile solutions?

Sign up NOW for a free subscription to Payments Business magazine.

Visit our website at www.paymentsbusiness.ca and learn more about the magazine

Payments Business is a Lloydmedia, Inc publication. Lloydmedia also publishes Financial Operations magazine, Canadian Treasurer magazine,

Canadian Equipment Finance magazine, Direct Marketing magazine and Contact Management magazine.


BY KAREN Cox

How it worksWhile the motives for fraud are simple, the execution of fraudulent activities can be complex. By definition, payment fraud is the act of stealing, storing, or selling personal information, including names, addresses, social insurance numbers, and credit card credentials. This information can be collected through a variety of means: hacking into databases, phishing scams, and even by sorting through discarded mail. Once a card number is stolen, the fraudster’s next step is usually to conduct a non-suspicious transaction, such as a small purchase or a donation to charity, as a means of verifying

that the stolen credentials are still active. Once verified, cards are bundled and sold by brokers. The more pieces of personal information accompanying a card, the higher its value on the black market.

Stolen card information often ends up being sold on websites devoted to card fraud. On these sites, stolen information is categorized, classified, and then sold in batches to cyber criminals. Much like content-piracy sites, stolen card marketplaces are hosted on internet sites that are easily accessible to the general public. Typically, these sites are run on servers in countries that suffer from a lack of national and

international regulation making it difficult for other countries with more rigorous controls to clamp down and block access to the malicious sites

When conducting a fraudulent transaction online, a shipping address must be provided as part of the checkout process. This involves yet another party – people who knowingly or unknowingly allow products to be shipped to their homes in exchange for a fee. The industry has a name for these accomplices: mules. Mules accept the shipment to their legitimate address and quickly after the shipment arrives, the package is whisked away by a different person to be resold.

The Evolution of Payment Fraud: A Perpetual Game of Catch-up

CYbERSECURITY & COMPlIANCE


Humble beginningsIntroduced in 1950, Diners Club was the first general purpose credit card. Bank of America followed and launched the Bank Americard, the first card with revolving credit. Bank Americard would later become the world’s leading card brand, Visa.

Before the internet and dial-up modems, merchants prevented fraud through use of a hotlist - a paper list of known stolen or compromised credit card numbers. For each credit card payment, the merchant would compare the numbers on the card against the hotlist. Merchants also had the option to ask the customer to present

identification as another means of verification, or to verify the card over the telephone with the issuer. Long, frustrating lineups at the checkout counter were common. If there was no suspicion of fraud, the merchant would manually take an imprint of the card (now famously remembered by the term “knuckle buster”), have the customer sign the receipt, and the transaction would be complete.

This system had serious flaws and was an easy target for fraud. Hotlists took time to publish and distribute resulting in a significant lag between what was published and what was actually going on

in real-time (people reporting their cards as lost or stolen). Of course, asking for a buyer’s signature didn’t stop many fraudsters from perfecting their signature forgery skills.

By the 1970s, fraudsters found more opportunities. Credit card companies had been mailing unsolicited cards to millions of people deemed to have good credit. Criminals would open mailboxes, remove the cards, and begin using the stolen cards to make purchases. Because the intended recipient had no way of knowing their card was missing and being used maliciously, it was common for large purchases to be made

using the stolen card before the crime was even detected.

In 1979, the first point-of-sale terminal was introduced. For the first time, a merchant could be directly connected—at first by telephone modem—to the credit card networks to verify magnetic stripe cards electronically in real time. With each transaction, the terminal would ask the issuer if the card was valid and if the buyer had sufficient credit available. Verification was still done by signature, but merchants could now access a real-time authorization system.

However, cards with magnetic strips were easily copied, and signatures (the



only means of verification) were easily forged. With limited authentication, hackers could easily lift card numbers through a process called card skimming and use the compromised data to produce counterfeit cards.

The introduction of personal identification numbers (also known as PINs or PIN codes) as a means of verification, provided an extra layer of authentication. In order to leverage the additional security of PIN codes (a well-protected PIN cannot be forged or skimmed), a mechanism was needed to collect the PIN. The Interac Association launched Interac Direct Payment in 1994, a national PIN-based network connecting Canadians to their bank funds through magnetic stripe debit cards. Of course, it didn’t take much time for the fraudsters to crack the early PIN-entry terminals. In response, the industry created PCI PTS or Payment Terminal Security, a standards-creating organization that, to this day, continues to advance the technology and processes required for secure allow for PIN entry and processing.

Card skimming is still active and lucrative for fraudsters in the United States, one of the last countries in the world to adopt a payments technology designed to reduce counterfeit card production –EMV.

Enter EMVEMV was created as a means to reduce fraud losses due to the cloning and counterfeiting of cards. First introduced in Europe in the late 1980s, EMV chip cards include embedded integrated circuits and dynamic cryptographic

data that makes card cloning nearly impossible, and more importantly unprofitable for fraudsters from a time and investment standpoint. Fraudsters will typically gravitate to the weakest part of any system, and EMV has only demonstrated vulnerability against cloning in highly isolated think tank settings. With embedded microchips, an EMV card is no longer the weakest link in the payment processing chain. Rates of credit card fraud in the United States, where the EMV standard has yet to be implemented, are twice as high as in those countries that have adopted the EMV standard.

EMV should by no means be considered as the one and only solution required to prevent fraud. Card data will still be passed through the network in the clear unless other layered security approaches are included. Merchants are encouraged to stop handling and storing payment card numbers in clear text at any time. The technology exists to make this feasible and inexpensive, for example: end-to-end encryption, tokenization, and outsourced PCI card-on-file solutions. These solutions are now mainstream and many are offered in market.

As long as plastic payment cards exist, EMV will be an important part of transaction security. However, stolen card credentials as a result of hacking and information security breaches can still be used online to make ecommerce purchases (PINs and embedded chips are not used in online transactions). As many have noted, EMV has pushed

fraud online to ecommerce transactions where card data does not include the physical security offered by EMV.

The proliferation of internet connected mobile devices has opened both new opportunities for fraud and new opportunities for fraud prevention. While mobile devices are more difficult to track and secure, they can also be used as an authentication mechanism to secure logins and payment transactions. The new battleground is now mobile, and the struggle continues.

Merchants have plenty of choices when it comes to selecting tools to manage online fraud. All of the tools are good, but none are perfect. The card brands offer transaction verification tools with varying degrees of protection and friction at the checkout. These are still not enough, and merchants turn to third-parties for the next generation of tools to further secure transactions. Digital signatures, IP addresses, biometrics, device-wiping, and much more, all play a role in verifying the legitimacy of a payment transaction.

Even with the abundance of fraud and risk management solutions, merchants are faced with difficult choices when it comes to configuring these tools to meet their business objectives. How much fraud is acceptable? How many transactions should be declined? How much manual verification is feasible? How much friction can be introduced into the checkout flow? What is an acceptable chargeback rate? Should we approve international transactions? As our ability

to use new data grows, the learnings and tools need to be incorporated not only into industry-wide standards, but also easily implemented and adjusted as fraudsters also adjust their skills to counteract the new tools.

We can be certain that those committed to fraud will continue to find and exploit vulnerabilities at a pace that matches innovations in payment processing. As payment processors plug holes, fraudsters find new ones. Payment processors create new solutions (mobile payments, for example), only for fraudsters to attempt to find the weakest part of those solutions and attack. Vigilance, an understanding of risk, and an unwillingness to capitulate are required as we move ahead in payments.

As Vice-president of Payments and Retail Solutions at Moneris Solutions, Karen Cox oversees Moneris’ product delivery and end-to-end processing technologies across all merchant segments. Ms. Cox joined Moneris in 2000, following operational roles with the Bank of Montreal. She has held responsibilities for new product introduction and system deliveries for integration into the business. In 2005, Ms. Cox became Moneris’ director of new market solutions and led the delivery of analytics for new market opportunities. As director of POS devices and merchant certification, she brought new POS technologies to market and led consulting initiatives as the payment industry underwent tremendous change. She uses her extensive knowledge of the technical, operational, and regulatory drivers of the industry to introduce optimized solutions and process engineering avenues to clients. Over the course of her 20 year tenure, Ms. Cox played key roles in the development of Moneris’ major brand programs, including EMV, NFC and mobile enablement. She currently sits on the Board of Advisors of Advanced Card Technologies (ACT) Canada and acts as a Technical Associate Member at EMVCo.



Cybersecurity: Not Just an IT IssueThe five main steps to keep your enterprise on guard

BY DAviD DRURY

Today’s technology landscape is undergoing major changes with the

emergence of new ways to work through applications such as cloud and analytics. As a result, unprecedented transformations have become some of the greatest driving forces to positive global change.

However, with new technology also comes new and complex IT security challenges.

Cyber-attacks are progressively targeting our workspace and identifying new vulnerabilities. According to this year’s Ponemon Institute study on the cost of data breach, the average per capita cost of a breach in Canada is $250 and the average total organizational cost is $5.32 million as a result of countless attacks compromising at least hundreds of millions of personal records.

Globally, the average total cost of a data breach for the participating companies increased 23 per cent over the past two years to $3.79 million. These attacks include stealing and tampering lucrative property – such as spreading malware and fraudulent emails to acquire sensitive information.

In addition to financial harm,

equally as important is brand reputation, and the intangible costs and damages that lie.

The study described 2014 as being “remembered for such highly publicized mega breaches,” including Sony Pictures. Last year, the hack of the entertainment giant’s systems led to the release of a number of confidential data and personal information of its employees, their families, correspondence, salaries and more.

As a result, staff were laid off, the credibility of its executives was tainted, and questions about the company’s practice began to surface. Various parties involved were subjected to threats, extortion, and humiliation – all in front of the public eye.

What’s worse, multiple news reports speculated the breach took place months prior to being exposed. IBM studies and research shows us that, on average, it takes companies eight to nine months before they detect a breach.

And, that’s only the tip of the iceberg. Many high profile brands were hacked last year, targeting millions of credit cards for information and personal data.

So what does this all point to?Larry Ponemon, the founder of Ponemon Institute, phrased it perfectly when he described this wakeup call as “an enterprise-wide issue, not just a technology problem.”

Executives need to realize that risk with such a profound impact on a company requires more than just IT experts – it requires empowered decision-making staff as well.

In today’s age, brand reputation and customer loyalty is at the centre of your business, so consider it poor planning when security tools haven’t already been established prior to an attack. Frankly, there is too much at stake to take such high risks. Now, organizations have no choice but to be diligent in the steps they take in order to appropriately manage risk and count themselves successful.

Here are the five steps every organization needs to take in order to significantly reduce risk and potential damage from a data security breach:

1. Cultivate a risk-aware communityHaving a select amount of people follow standard procedure isn’t enough to



prevent a breach affecting your system – it takes the entire company to maintain a risk-aware culture. For Canada, 48 per cent of leave incidents were attributed to employee errors and internal system glitches, according to this year’s Ponemon Institute study.

Training programs to educate staff on security measures must be established and available to everyone at work. It’s often said, you’re only as strong as your weakest link – and it couldn’t be more applicable for this scenario.

2. Prepare to respond quickly and efficientlyThe longer it takes to resolve an attack, the more costly it gets – that applies to both your company’s finance and reputation. Time allows the intrusion to sink deep into your systems and allow even more opportunity for hackers to infiltrate your data. Immediate and impromptu responses to unexpected attacks also tend to require a hefty sum of money.

The key to prevention is having a rigorous incident-response plan in place, and continually monitor what is happening across your infrastructure.

3. Safeguard your devicesThere is a proliferation of personal technology in the workplace, with many employees latching on to ‘bring-your-own-device’ (BYOD) programs – offering members the power to go beyond traditional workstations and use

their own smartphones, tablets and other devices. Unfortunately, this leaves the company’s assets more vulnerable to external activities.

IBM personnel use Maas360 from Fiberlink, an IBM company, to identify, control and secure all mobile devices accessing the enterprise. The system adheres to a containerization approach – ensuring corporate data and personal data remain separate.

However, even with the toughest BYOD technology solutions – your company is still at a risk. Similar to the first step, education is foundational to your employees. Define which uses are or are not permissible and clearly outline the business’ conduct guidelines.

4. Prioritize and protect what’s most essential to youApply everything you know about quality over quantity to proprietary data. Typically, this type of data takes up a very small portion of your overall information – specifically less than two per cent – but it can represent as much as 70 per cent of your market value. This data includes trade secrets, intellectual property and confidential business plans and communications. That’s why overseeing this content is crucial.

As a leader, ensure your parties have fully identified and classified the crown jewels of the company, then build a program to safeguard those assets. In what is now

a data-driven landscape, it’s important to keep your managers accountable for guarding the company’s most crucial information.

5. Fight fire with fireEvery day, we create 2.5 quintillion bytes of data, and 90 per cent of the total comes from only the last two years. Data is growing quickly and exponentially in the digital age so it’s no wonder that analyzing data to detect and predict a security breach using old methods has increasingly become a global challenge. Organizations need to acknowledge the fact that examining all that data manually simply isn’t an option. In many cases, by the time the attack has been identified, it’s already taken effect and locked into the system.

Big data analytics tools have the ability to trace suspicious behaviour before the alarm goes off. Applying analytics to business data drives new insights and positive transformation in the organization. It provides automated, real-time intelligence and situational awareness about the state of security to help mitigate an attack.

Integrated solutions help prevent highly sophisticated threats by implementing the right tools to protect and provide predictive analytics – all in a significantly decreased amount of investigation time.

Cyber threats are prevalent now more than ever and they can easily affect everyone from your customers and

employees and, ultimately, the entire company. Just this past June, both networks of the Government of Canada and the United States were hacked. These incidents included the stealing of up to four million personal information files of current and former U.S. federal employees and the crash of Canadian government emails and websites, later claimed to be the responsibility of the hacktivist group, ‘Anonymous’. This alone reflects the extreme severity and sophistication of today’s hackers.

Studies have shown an influx of data breaches on a national and global scale – proving to be, not just an IT challenge, but a concern that affects the entire population. Regardless of whether it’s driven by social, political, or personal motives, cyber threats are evolving; therefore C-level staff especially need to raise awareness across the board.

Recognize the growing issue and avoid the hiccups, headaches – and more often than not – explosions of malicious cyber-attacks by preparing your enterprise with the correct utilities and exemplary practices.

David Drury is the General Manager for IBM Global Technology Services in Canada. Over his 31-year career with IBM, Drury has taken on leadership roles as a Systems Engineer, a Client Director and the Vice President for Financial Services. Drury also serves on the board of directors for the Ontario Research and Innovation Optical Network (ORION), the Foundation Fighting Blindness, and as chair of the Board of Governors, Junior Achievement of Central Ontario. Drury’s focus is on advancing the role of IT for his clients’ organization, using emerging technological solutions and collaborative leadership.



Gamer Safety from the Merchant to the Consumer

Gamer Safety Week in February was essential for the online gaming community to collaborate and share

information. The safety of gamers is vital and it starts with the merchant. MRC merchants understand this and work hard to educate their consumers on best practices.

Account takeovers, which are continually changing and adapting, are one of the largest issues many gaming companies face today. They are one of the leading threats in the eCommerce community and can be very difficult to track.

Account takeovers, false positivesThe average consumer has numerous online accounts with the same passwords and credentials. This makes it easy for a fraudster to jump from account to account once they’ve figured out the password.

Although account takeovers and fraud are not easily tracked, that does not mean merchants should give up. It is important to start monitoring established accounts as well as new ones. Fraudsters are targeting consumers with established brand loyalty, using information found on social media. It is important to know your consumers and use the data you have aggregated to discover their shopping patterns. Although a customer may occasionally stray-away from their typical shopping patterns, it is not likely that their spending habits or the products they buy will be astronomically different from previous purchases. Depending on the shopper, reach out to them for confirmation of the purchase before approving the transaction.

New accounts should still be heavily monitored, as the majority of fraud cases come from new accounts. Fraud analysts should create rules for flagging new customers with suspicious orders, which may be as simple as matching customer

credentials such as shipping address or IP address. However, merchants should be aware of their company’s false positive rates. Creating a balance between the rules set for purchases is always a best practice. Furthermore, using key factors from the data on file to set parameters will be conducive to consumer’s needs.

Updating fraud rules as frequently as possible to keep up with changing fraud trends will save time and money in the long run.

Educate your consumers about online safety and the best ways to secure their online identity. Provide a list of procedures on your account sign-in form and at customer checkout. This way the information will not be missed. Provide basic information on account security, such as password guidelines and the importance of diversifying email addresses. Two-factor authentication is a powerful tool that goes a long way in helping to mitigate account takeovers as well.

Third party fraudMany consumers are smart about what they buy. They perform their due diligence and shop around for the best gaming prices. Competitive third party sites offer exceptionally low prices, so it’s easy for a fraudster to sell stolen products through faulty sites that appear to be legitimate.

Here’s how it works. A fraudster sells a stolen game over the third party site to a consumer who doesn’t know it’s stolen. As the consumer starts to play, the software tells the merchant that the game was stolen. The person who unknowingly bought the stolen product is then classified as a thief and suspended from playing. At this point the gamer becomes agitated with the company, and finds another game to play.

The best way to combat this situation

is to uncover these sites and shut them down. Once you find a faulty site, be sure to contact your company’s legal team so they can pursue termination. It’s important to never track down a fraudster alone without the assistance of your company’s lawyers. Going after a fraudster on your own can backfire, causing the fraudster to get away. The fraudster is then able to get back online and keep selling illegally.

Once you dismantle the third party site, it is important to track the steps you used to find them. Fraudsters work in patterns and may re-appear under a different name. Be sure to educate your consumers by explaining the risks of fraudulent third party sites. Explain that these sites look and feel like an actual retailer, but are in fact scams.

With the Gamer Safety Alliance, MRC Members have the ability to network with colleagues within the gaming community. This form of networking allows merchants to develop a complex fraud prevention platform to catch criminals.

eCommerce has exploded over the past decade and will continue to boom as more and more companies begin to emerge. Now more than ever, merchants should be vigilant in the pursuit of fraudsters. As the world of commerce continues to grow and adapt, so do fraudsters. Keep your tools sharp so you can protect your consumers as well as the company’s bottom line.

Markus Bergthaler, Global Director of Programs and Marketing, joined the Merchant Risk Council (MRC) from Wizards of the Coast where he lead and further developed the company’s fraud department. Prior to Wizards of the Coast, Markus worked as a Fraud Manager at E. Breuninger in Germany; allowing him to gain a vast knowledge on international payments and fraud. Being a native to Germany, Markus started his career in Fraud Management at Amazon where he worked predominantly on German investigations. He brings a variety of skills to the MRC including international fraud security, cross-border payment processing, and marketing and business development.

BY MARKUS BERGThALER

Securing Mobile Life.

Creating Confidence. Giesecke & Devrient offers a comprehensive range of payment products and solutions

based on the latest EMV, contactless and dual interface technologies. Our smart debit, credit and prepaid products are

available on a wide range of platforms based on secure and highly flexible operating systems. Alongside the comprehensive

portfolio of easily configurable card products and card solutions, we offer all services related to electronic payments

including m-commerce and transit. Our services include personalization, system integration, project management and

technical consulting from a single source. For more information, please visit: www.gi-de.com/ca



Our Files, Our Information – Our Issue

BY CAThERiNE JohNSToN Let’s cut to the chase. Recently, we were the victims of malware and

this is now personal! For more than 30 years I’ve dealt in the world of cybersecurity, even when it wasn’t my primary focus, so I always knew that it was a case of ‘when, not if’ we were attacked. On that basis, you would think that I was fully prepared – but that wasn’t the case and you may be in the same position.

If you are reading this, I’m going to guess that you aren’t the IT risk manager for your organization. I’m also going to guess that you would be both unhappy and inconvenienced if all your files were to disappear forever. One last guess – you are a busy person with many competing priorities, so a part of your data risk management strategy is based on wishful thinking. All of that is normal.

Why this isn’t an IT issueIf you work in IT security you aren’t likely to learn anything from this article, but it might explain why a lot of people are asking you specific questions.

If you don’t work in IT security – keep reading. Let’s start with the fact that your files are valuable tools that you use every day. Have you ever looked at an old document and used it as the basis for a new one. You have – good for you. Your employer



should be pleased that you build on previous work rather than spending valuable time to re-invent the wheel.

When cyber terrorists take away your ability to do that, it’s as if they have drained your gas tank and forced you to push your car from place to place.

Your car, your files – your issue. Having said that, you certainly need help from the IT department.

If you have an IT department, count your blessings. In our case we don’t have staff who handle IT, but we are fortunate to have an external company that provides services and a member who has deep knowledge of how to fight cyber-terrorism. While one was working to limit the damage, the other was very helpful in managing our fear.

You can’t count on jumping onto the internet to find information in these cases, because you’ve likely pulled the plug on any of your networked devices.

Circling the wagons isn’t a defense! The traditional approach to data security is the same one we’ve used for buildings – secure the perimeter and keep bad people out. That doesn’t deter most people who have a desire to break in.

I used to have some great descriptions of a different approach and I’d be happy to share them, except those files are now encrypted and we haven’t paid the ransom to get the decryption key.

As a community, we actually do know how to raise the bar on security and most of us have partially implemented it.

Why haven’t we finished the job, you ask. I can’t answer for everyone, but it is likely a matter of money. Let’s take a look at what it would take.

Tell me who you are and what you want!Looking back 30 to 40 years, most computing was done on corporate mainframes. Every employee who worked with computer files had access to the mainframe, but had to prove to each program that they were entitled to access it. So, only payroll clerks could access the payroll program. Today we usually do this with passwords. Going back again, even when payroll clerks accessed the program, they were limited in what they could do. For example, they likely could not change anyone’s salary. Today that is sometimes controlled by a password, but often it isn’t. Many companies rely on packaged, not custom written, software. It may have options that allow you to restrict access to certain files, but unless you have an IT resource, you likely don’t set them.

The bottom line in that case is that anyone with access to your computer files has the right to do anything they want. In our case, the IT terrorists (yes, I do think of them as that) encrypted all our files and are offering to sell us a key to decrypt them.

What if…?We could control who has the right to create, read, modify, or delete each file. We could control who can download software, who can print, upload or mail files. I know this is possible because I worked for Bull in the 1980s when we designed and built this functionality.

What can we learn from payment?It’s a good thing that we rely on more than just passwords before we let people access their bank accounts through ATMs. It is an even better thing that the ‘thing we have’ – the card – is now highly counterfeit resistant because of the secure chip that replaced the mag stripe. These two factors, the thing you know (the password) and the thing you have (the chip) provide so much more security than the passwords we use to protect our computer files.

How does two-factor work with computers?Some things are the same as with a card at an ATM. Your data access device, whether it is a pc, tablet, smart phone, wearable, or other device talks with the secure chip. It starts by asking the person with the chip whether they are actually the person to whom the chip was issued. At the ATM, this is done when we provide our PIN. Then the chip is checked

to see if it is legitimate. Both these must happen before customers can do whatever it is that brings them to the ATM.

The same can happen with access to electronic files. The secure chip is checked to ensure it is legitimate and the person trying to access files is checked to ensure that they are the person to whom the chip was issued. After that you have many options in how you grant access rights. We’ll leave those for another day, but conclude by saying that you would then be in a position to significantly raise the security bar on who can do what with your data.

Is this new?No, many public and private sector organizations do this and consider it to be base line security, but many more don’t. We need to follow the practices of the people who protect our money and adopt secure chip and two-factor authentication for data access, not just for our corporate data, but even our personal files.

Firewalls and data backups are still important, but they aren’t enough.

Our files, our information – our issue.

Catherine Johnston, President & CEO ACT Canada: stakeholders driving the evolution of payment and digital identity Chairman: ISCAN, the International Smart Card Associations Network ca.linkedin.com/in/catherinejohnstonact/ www.actcda.com

Firewalls and data backups are still important, but they aren’t enough.


INDUSTRY UPDATE

ISO 20022 and Real-Time Domestic PaymentsISO 20022 is making strong inroads in financial market infrastructures where an open international messaging standard is required, and

gaining traction in domestic markets too, particularly for the next generation of real-time payments systems. Stephen Lindsay, head of

standards at SWIFT, looks at the progress made by ISO 20022, the advantages it brings to real-time payments, and the implications of a

single standard that replaces proprietary domestic standards, and crosses the traditional boundary between value and volume.

BY STEphEN LiNDSAY

ISO 20022 is not a new standard. Work began on the technology of the standard in 2000, and ISO 20022 was officially recognized by the International Organization for Standardization (ISO) in 2004. But, from the outset, ISO 20022 was positioned as a standard for the future: an open standard that would cover all financial business domains, and be flexible enough to work with the latest technology at all times, adapting to new technological developments as they occurred.

Financial standards take a long time to get established, and even the best-designed standards take off only if they meet real and immediate needs in the market. For ISO 20022, the moment seems to have arrived. There are more than 70 major initiatives around the world that have committed to ISO 20022, covering payments, cash management, treasury, and the securities business. Many of these initiatives are payments-related. They are driven by payments market infrastructures (PMIs) or new payments schemes.

There are two key aspects to ISO 20022. First, it is a methodology, a ‘recipe’ to be followed to create financial messaging standards. Secondly,

it is a body of content. In this context, content means the message definitions themselves and the other content required by the methodology to explain the underlying concepts and processes in the business domain to which the messages will be applied.

Importantly, implementation of ISO 20022 is independent of any specific technology. This reflects the sound assumption that technology tends to change faster than the fundamentals of the financial business it supports. The investment users make in the standard is therefore ‘future-proofed’. Users can update to the most appropriate implementation technology

without breaking the link with the underlying standard.

The key advantages of ISO 20022 are therefore clear. First, it is an open standard that is not controlled by a single interest, and open to participation from its user community. Secondly, its scope covers the entire financial industry, so consistent end-to-end business processes can be realized via a single standard. Thirdly, ISO 20022 implementations make use of mainstream, well-supported technology and can adapt to new technologies as they emerge. These technologies offer important technical advantages over older proprietary equivalents, such

SWIfT and ISO 20022SWIFT Standards is part of the ISO 20022 story from the beginning.

SWIFT drafted the original specification as part of the International

Organization for Standardization (ISO) working group that developed

the standard, and remains the single largest contributor of content.

Under contract to ISO, SWIFT Standards also operates the Registration

Authority for ISO 20022, which maintains the technical infrastructure

of the standard, ensures technical consistency, and publishes the

content in a variety of formats.

SWIFT Standards works with the user community to define,

formalize and publish market practice guidelines, which describe

how messages should be used in particular business contexts, and

to specify common recommended implementations. Community

representation is through market practice working groups, including

the Payments Market Practice Group (PMPG), Securities Market

Practice Group (SMPG) and Common Global Implementation (CGI).


INDUSTRY UPDATE

as support for non-Latin character sets.

There are many other reasons why financial market infrastructures (FMIs) in particular have become early adopters of ISO 20022. One is timescale. FMIs tend to plan with longer time-horizons than other businesses, so the appeal of a well-managed, technically advanced and adaptable standard is obvious. A second is regulation. Regulators understand that the services provided by FMIs provide critical steps in wider business processes, and are likely as a result to require the use of ISO 20022 to drive safety and efficiency in those processes.

For example, the European Central Bank (ECB) has recommended that the Real Time Gross Settlement System (RTGSs) built by the Eurosystem – TARGET2 – should adopt ISO 20022. This is partly to ensure that the payment leg of a securities transaction will be consistent with the ISO 20022-based settlement process defined for TARGET2-Securities (T2S), the single securities settlement system for Europe that is expected to begin operations in 2015.

A third reason FMIs are at the forefront of ISO 20022 adoption is the ‘topology’ of their relationship with their customers. Standards are used in many types of business process, some of which are inherently ‘many-to-many’ – that is, they involve many peer organizations interacting with many others – rather than point to point.

Finally, FMIs are aware that their participants, such as global banks, have many other infrastructures with which they

need to work. As responsible actors in the global financial system, they recognize that adopting the same ISO 20022 standard as their peers around the world can help to achieve greater safety and economies of scale at the global industry level.

The first FMIs to implement ISO 20022 were drawn from the payments industry. The European legislation that led to the creation of the Single Euro Payments Area (SEPA) mandates the use of ISO 20022 as a common format. By standardizing information exchange in this way, ISO 20022 is making a crucial contribution to achieving the SEPA goal of replacing national payments arrangements with an integrated system for euro payments, credit transfers, and direct debits across 28 member-states of the European Union (EU), the four members of the European Free Trade Area (EFTA) plus Monaco and San Marino.

Since the migration to SEPA began, a number of other ISO 20022-based initiatives have gone live, in a variety of different markets. They cover a range of payment

schemes, from RTGS systems handling high-value payments (HVPs), such as the Indian RTGS, to low-value payments (LVPs) systems, such as the STEP2 system operated by the Euro Banking Association (EBA) and the New Payments Platform (NPP) proposed by the Reserve Bank of Australia. Importantly, the Canadian Payments Association, which operates the retail payments infrastructure in Canada, will adopt ISO 20022.

There are many more ISO 20022 initiatives at different

stages of development, from industry consultation to live operation (see ‘Global ISO 20022 adoption by Payment Market Infrastructures’). In fact, the convergence of the payments industry on the ISO 20022 standard is gathering pace throughout the world. It is a healthy development, because it brings a measure of consistency to a fragmented landscape of overlapping standards. Most standards are proprietary or local or both, and they vary widely in terms of their functionality, notably in their capacity to carry remittance information.

The opportunity to compete through innovation is an important one for banks, because the payments industry is undergoing a period of great upheaval. New and non-traditional competitors are emerging, while regulators are pressing FMIs to deliver faster and cheaper payments in response to consumer pressure and in pursuit of economic growth.

Many of the conventional

The Canadian Payments Association and ISO 20022“We see ISO 20022 adoption at a tipping point globally. As the

payments market infrastructure for Canada, we are adopting ISO

20022 as part of a comprehensive strategy to modernise Canada’s

payment system. Our approach capitalizes on the value of the

standard for all payment participants in Canada: reduced costs for

those managing multiple standards today, greater domestic and

global inter-operability and setting the stage for innovation and

efficiencies across our economy through enhanced remittance

data.”

~ Gerry Gaetz, president and CEO, Canadian Payments

Association


INDUSTRY UPDATE

distinctions in the industry are breaking down. That between ‘value’ (associated with HVPs) and ‘volume’ (associated with LVPs) is blurring, as regulators push LVP payments timetables closer to real-time. The distinction between domestic and cross-border payments is also disappearing, most obviously in the case of SEPA.

In their place, new orthodoxies are emerging. One is that ISO 20022 is now the default choice of messaging standard for new or revitalized payments systems, whatever their market position. It is replacing proprietary domestic and international standards. A second is that even domestic payments are now expected to accelerate, as they catch up with consumer expectations and the commercial supply chain. In short, domestic payments are moving towards real-time processing.

The market for real-time domestic payments is gathering pace, with 16 systems in operation worldwide, four more in development and at least another five countries exploring how to implement such a system.

Most of the systems now live have opened since 2008. They include Faster Payments in the UK, the IMPS system in India, the NIP mobile payments-enabled system in Nigeria, the Bankgirot/SWISH platform in Sweden, Express Elixir in Poland and G3 in Singapore. In addition, the NETS system in Denmark, and National Switch in Palestine, are in development.

Countries that have recently announced their intention to build a new real-time retail payments systems (RT-RPS) to

replace an existing platform, or develop a faster alternative, or are in the process of formal or informal industry consultations on the topic, include Australia, Hong Kong, New Zealand, and the U.S. In the U.S., the Federal Reserve Bank has recently released a strategic consultation paper on real-time retail payments.

The evidence suggests that RT-RPS are on the cusp of a period of accelerating growth. In fact, an interesting parallel can be drawn between the potential future development of real-time domestic payment systems and the historical adoption of RTGSs by central

banks. Since the early 1990s, according to the International Bank for Reconstruction and Development (IBRD, or World Bank), RTGS implementations have grown from five markets to more than 110 (see “Will RT-RPS follow a similar adoption curve to RTGS?,”).

If the development of RT-RPS follows a similar trajectory to RTGS, the market is already somewhere between the early adopter and early majority phases of the five categories of adopter outlined by Everett Rogers in Diffusion of Innovations, first published in 1962 (see ‘Will RT-RPS develop faster than RTGS?’). However,

there is a critical difference: RT-RPS has reached this stage in just five years, compared to ten for RTGSs. This reflects a general increase in the pace of innovation observable in many markets. At the risk of over-simplifying, extrapolation suggests that RT-RPS will be adopted twice as fast as RTGS.

In the case of RT-RPS, the payments industry is currently in a period of experimentation, with many different approaches being tried. As ‘early adopters’ give way to ‘early majority’, the results of these experiments will become evident. The payments industry will then need to evolve a consensus around the optimum design for RT-RPS, and what aspects of that design can be standardized.

However, it is already possible to agree the key characteristics of a successful RT-RPS: round-the-clock availability, and immediate, certain and irrevocable payment (see ‘Key characteristics of an RT-RPS’, page 10). While there is industry consensus around these core characteristics, variations in implementation have emerged. For example, not all RT-RPS offer 24/7 availability (Brazil, Taiwan, and Japan do not) although all systems strive to attain that goal. Notions of immediacy carry different connotations too. In Mexico, banks must post the money to the account of a beneficiary within 30 seconds. In the UK, by contrast, Faster Payments mandates two hours.

These (and other) differences are likely to persist for some time. But one common denominator has emerged at all the RT-RPS that are developing now: the


INDUSTRY UPDATE

adoption of ISO 20022 as their messaging standard. This is true of Bankgirot/SWISH in Sweden, Elixir Express in Poland and FAST in Singapore. It is also true of Nets in Denmark, which goes live in November 2014, and of the NPP in Australia, which aims to go live in late 2016.

ISO 20022 is already delivering significant benefits

to users of payments market infrastructures. It is bringing consistency to the definition of payments data, with the ultimate promise of enabling banks to re-deploy expensive resources, and reduce switching costs, while creating scope for them to compete through innovation on service range and quality.

The real-time payments

market has embraced ISO 20022, and that is already driving greater consistency in implementation. However, there is still a great deal of variation in real-time schemes and systems. As the market matures, further convergence of system requirements and design, stretching far beyond data and messaging standards, will open up a new market in re-usable or modular implementations of real-time payment processing. These will further reduce the cost and time-to-market for real-time schemes, accelerating adoption and benefiting many more domestic markets.

Stephen Lindsay joined SWIFT in 2007 and currently heads the Standards department. Prior to joining SWIFT, Stephen spent 17 years as a technical

architect and product manager for a financial software vendor, specializing in the design and implementation of payments and integration software for an international market, with a strong emphasis on the implementation of domestic and global financial standards. SWIFT Standards operates the annual maintenance process for the MT message standard, which is used by 10,000 financial institutions around the world and covers diverse financial business areas including international payments, asset servicing, securities settlement, treasury and trade finance. SWIFT Standards is also a key contributor to the ISO 20022 standard. SWIFT initially developed ISO 20022 and SWIFT Standards remains the largest single contributor of content to ISO 20022 and also operates the Registration Authority, responsible for guaranteeing the integrity of the standard and publishing the content. Stephen has gained in-depth knowledge of the technology of standards and of the operational, organizational and political aspects of managing a widely used international standard.

Key characteristics of an RT-RPS24x7 availability: consumers should be able to make a payment •

at any moment

Immediacy: the transferred amount should be available on the •

beneficiary’s account in real-time or near real-time

Irrevocability: once a payment has been initiated, it cannot be •

revoked

Certainty: both ordering and beneficiary customers must be •

notified that the payment has been accepted or rejected by the

beneficiary’s bank

WOMEN IN PAYMENTSTM

SYMPOSIUM 2015

SEPTEMBER 15 & 16

SAVE THE DATES!New this year: Join us at an exciting Awards Dinner on September 15! Award nominations open until June 15

See womeninpayments.org for program and other information


BY DEREK vERNoN

Picture this: Being able to deposit cheques anytime, any day, from your office

and from your home. Imagine gaining 30 minutes back in your day by no longer having to find parking, wait in line at the bank, and fill out deposit slips. Envision a more efficient and timely cash flow management process for your business. Canadian banks are now making this possible by introducing remote deposit capture services.

For businesses of all sizes,

ensuring that the accounts receivables department is able to more efficiently process payments coming in is one of the most vital ways of improving cash flow. While many industry articles shine a light on the need to move away from cheques to electronic payments, cheques remain a critical payment method for Canadian businesses of all sizes. However, remote deposit capture can make the cheque deposit process far less manual and time intensive,

creating greater efficiencies and improving cash flow.

While remote deposit capture is a new technology to Canada, U.S. banks have been using remote deposit capture to enhance the cheque clearing process for over a decade. Remote deposit capture technology enables businesses to scan paper cheques from any location using an easy-to-use desktop scanner with cheque imaging software. The cheques are then transmitted to the bank

Remote Deposit Capture:Faster, Easier Cheque ProcessingA key to more efficiency and increased cash flow


PAY CHANNEl

through a secure connection for processing and clearing.

Whenever, whereverThe process is quite simple. Once cheques are inserted into the scanner, the scanner automatically captures the cheque images on both sides, along with the remitter bank account information. When the scanning is complete, a summarized view of all the scanned cheques is prepared for your review. The deposits

require no slips or paperwork on the employees’ part, and can be completed at any time. The funds from the processed cheques are then deposited into a designated business account, providing quick access to cash.

Businesses can now deposit cheques whenever and wherever it is most convenient for them – even after the bank’s closing time. This increased availability helps improve cash flow and enable extended time for same-day

deposits.Recently, a major agricultural

company started to use remote deposit capture and in just one year, reduced the time it took to complete manual deposits by more than 80 per cent. Now, the company can complete the cheque process in just five to 10 minutes per day, saving an average of 1,700 hours per year.

In addition to time, paper, courier, and transportation cost savings, remote deposit capture also dramatically reduces the need for deposit adjustments caused by human error. Eliminating manual touch points also helps reduce security and fraud risks. Once scanned, cheques are converted to images and submitted for deposit without user intervention – and any manual entries are validated by the system. While the time saved from using remote deposit capture allows employees to focus on more strategic tasks.

In particular, remote deposit capture services have a tremendous impact on businesses in rural communities and areas impacted by harsh weather, where banks are less accessible and trips to and from the bank to make deposits are even more of an inconvenience.

As more Canadian banks start to introduce remote deposit capture services, it’s important to understand exactly what your business is getting. Here are a few important

questions to ask when you’re evaluating this type of offering:

How many cheques can be •processed at one time?Is there training and support •available for implementing the remote deposit capture system?Can I deposit U.S. dollar •cheques?What are the deposit cut-off •times? Do they differ from branch cut-off times?How much time and effort is •required to get started?Are you required to •purchase a scanner or will one be provided to you?For those businesses •operating in both the U.S. and Canada, you should also ask your bank if they offer a cross-border, remote deposit capture service and what the service looks like for processing cheque payments in both countries.

As cheques continue to be the preferred method of business payments, organizations must find new ways to make cheque processing more efficient and less of a drain on resources. Remote deposit capture does just that while also improving cash flow – an important factor of success for any business.

Derek Vernon is the North American Head of Treasury Product Management at BMO Financial Group. He supports all of BMO’s North American Commercial Payment segments, from small business to large corporates including international financial institutions. Derek has more than 19 years of product, sales and strategy leadership experience.

As more Canadian banks start to introduce remote deposit capture services, it’s important to understand exactly what your business is getting.


VERTICAl MARKET

Taking the Friction Out of eCommerceQuite evidently, we need to streamline and secure the payment process

BY DEREK CoLfER

Digital payments and commerce are rapidly changing – welcome to

our connected world.Cisco estimates that by 2020

there will be 50 billion Internet-connected devices globally and with the increase of new, innovative devices integrating payment capabilities, digital commerce is very quickly becoming a reality for shoppers worldwide.

Canadians are most definitely no exception; 86 per cent of Canadians have made a digital purchase and 59 per cent have done so in the past three months. But, in an increasingly connected world where the digital consumer shops when they want, where they want, on multiple digital devices, consumers are demanding a seamless and secure experience.

Despite a growing consumer preference to buy online, BI Intelligence estimates that approximately $4 trillion worth of merchandise will be abandoned in online shopping carts this year, and about 63

per cent of that is potentially recoverable by online retailers.

So how do retailers and service providers combat shopping cart abandonment? Below are key trends and opportunities that will transform the digital payments landscape in Canada, both online and in-store, turning browsers into buyers through a more streamlined checkout experience.

The omni-channel worldVisa recently sponsored and spoke at eTail Canada and STORE 2015, two multi-channel conferences dedicated to the dynamic needs of the retail industry in Canada. With the consumer now controlling the digital path to purchase, progressive retailers are required to provide shopping experiences that consistently inform and deliver value at both physical and online shopping sites.

Indeed, the increase of mobile payments in the world of eCommerce figured prominently at both conferences. No wonder

– today’s computing power in your mobile device is a million times cheaper, a thousand times more powerful and a hundred times smaller than MIT’s lone computer in 1965. Fast forward to projections that global mCommerce (mobile commerce) will reach $14.1 billion by 2017, there are lots of reasons why lots of folks are making some really significant bets on mCommerce.

Consider Amazon, with projected 2014 U.S. mobile sales of $16.8 billion. Internet Retailer estimates that 21 per cent of Amazon’s total U.S. sales stem from smartphones and tablets, and comScore Inc. predicts that 29 per cent of Amazon shoppers only shop on mobile devices rather than desktop or laptop.

Canada is well positioned to embrace the move to mCommerce. Canada has continually had one of the greatest adoption rates of smartphones in the world with 77 per cent of people never leaving home without them. Our relationship with our mobile is deepening and it’s becoming


VERTICAl MARKET

a key source for multiple payment methods, securely digitizing cards through Near Field Communications (NFC). According to the Visa Digital Commerce Index, 68 per cent of smartphone owners are aware of NFC or Quick Response (QR) codes, with 65 per cent likely to make NFC or QR payments in the next six months. Today, approximately seven Visa payWave contactless transactions happen every single second across the country.

Further, Canadian banks have established themselves as world leaders in NFC payments. To date, all of the top five Canadian banks – Desjardins, CIBC, RBC, Scotiabank, and TD – have developed and deployed mobile and NFC payments to their consumer base and have embraced NFC more than any other market. Canada is truly unique as it relates to this NFC activity – no other geography or region comes close.

Yet, our ‘Digital Commerce Index’ found 42 per cent of smartphone users abandon online-based mobile transactions because entering billing and shipping

information is too difficult and, not surprisingly, security is still a top consideration with only 65 per cent of PC users and 55 per cent of smartphone users trusting the security on their device to make online purchases.

Decreasing the friction of online paymentsQuite evidently, we need to streamline and secure the payment process.

Addressing both payment progression and security is paramount. We are helping spearhead ‘tokenization’ technology that replaces your 16-digit credit card numbers with a digital proxy or ‘token’, identifying who you are without exposing any of your contact details.

Tokenization generates a unique digital account number that is a proxy for the primary card number and is used to facilitate the payment. Digital account numbers can be device-specific and are designed to make purchases with a specific mobile device. If the device is lost or stolen, the digital account number can be disabled without the need to reissue the initial payment card.

Completely eliminating friction in the online checkout process is a key goal for retailers who are enhancing their eCommerce websites. We launched Visa Checkout to enable consumers to store and use any major credit or debit card to securely speed through an online checkout using only a username and password. comScore cited that nearly 70 per cent of Visa Checkout users convert to online buyers and they are 66 per cent more likely to complete a transaction than customers who must enter billing and card information in a traditional online checkout process. The newly designed online shopping experience has been successfully offered by Canadian retailers including Cineplex, lululemon athletica, Staples Canada, Indigo, and Ticketmaster.

For us, it’s about driving and delivering value based on responsible innovation. We need to first understand consumer needs in order to make our products, services and payment capabilities easier to access. Providing APIs, SDKs, and reference apps will allow clients, partners, and

developers direct and secure access to our network to rapidly integrate new, safe, frictionless payment products and experiences that leverage Visa’s global network.

For retailers, it’s about making strategic choices and delivering the fundamental core capabilities, including convenience and security, which power the rapidly evolving mobile and online payments landscape. The purchase experience online has to be as frictionless as a contactless experience in-store.

Together, we’re helping enable the transition in payments from the physical world to the digital world, simply and easily – no matter what device consumers are using today or will use tomorrow.

With more than 15 years of digital and mobile experience in North America, Europe, and the Middle East, Derek Colfer is currently the Head of Technology & Digital Innovation for Visa Canada, focused on mobile innovations like HCE and NFC, core platform technologies and the recently announced Visa Token Service and Apple Pay initiatives. Since joining Visa in 2010, Derek has led several successful mobile initiatives including Canada’s first commercial NFC deployment in 2012.

The customer experience: the journey from good to great

Direct Marketing invites you to a Free Breakfast Brie� ng Presented by

During this interactive discussion on business outcomes derived from improving the customer experience we’ll show you why the key to overall success is providing choices that match customers’ expectations.

Visit our website for date details

www.dmn.ca FREE to register www.dmn.ca You must be registered in advance to attend.

April 2Lloydmedia Inc. - Payments Business MagazineMobile Payments WorkshopToronto, ONwww.paymentsbusiness.ca

April 8-10Smart International Conferences Inc.International Payment ConferenceToronto, ONwww.inpayco.com

April 13-16NAPCP Commercial Card and Payment ConferenceSan Antonio, TXwww.napcp.org

April 19-24NACHA, The ElectronicPayments Association, Payments 201New Orleans, LAwww.nacha.org

TBAFinovateFinovate Spring ConferenceSan Jose, CAwww.finovate.com

May 5-7Cartes North America 2015Washington, DCwww.cartes-america.com

May 11-12FC Business IntelligenceAnalytics for Insurance Canada SummitToronto, ONwww.analytics-for-insurance.com/canada/

May 11-13WB ResearcheTail Canada 2015Toronto, ONwww.wbresearch.com

May 11-14IFOFusion 2015 Forum & ExpoOrlando, FLwww.financialops.org

May 31-June 2Credit Scoring & Risk Strategy Association22nd Annual ConferenceNiagara Falls, ON (TBD)www.csrsa.org

June 2-5Internet RetailerIRC&Exhibition 2015Chicago, ILwww.internetretailer.com

June 10-12FEI Canada Annual ConferenceWinnipeg, MBwww.feicanada.org

June 16-17ACT CanadaCardware 2015: Payment & Digital ID InsightsNiagara Falls, ONwww.actcda.com

June 30 - July 1EMV User Meeting 2015EMVCoSeattle, WAwww.emvco.com

June (TBA)8th Annual Prepaid & Payments RetreatToronto, ONwww.paymentseXchange.ca

June (TBA)Payments Awards 2015Toronto, ON www.paymentseXchange.ca

June (TBD)ATMIA CanadaAnnual Canadian Conference 2015Niagara Falls, ON (TBD)www.atmiaconferences.com

August 2-5Retail Solutions Providers AssociationRetailNOW 2015Orlando, FLwww.gorspa.org

August 11-15NBPCAAnnual Congress-The Power of Prepaid 2015Planet Hollywood, Las Vegas, NVwww.nbpca.com

September 13-15IFO Canada6th Annual Canadian Financial Operations SymposiumToronto, ON

www.financialops.org/canada2015

September 15-16Women in Payments Symposium & Women in Payments AwardsToronto, ONwww.womeninpayments.ca

October 4-6Members MeetingSmart Card AlliancePhoenix, AZwww.smartcardalliance.org

October 7-8Smartcard AllianceNFC Solutions Summit 2015Phoenix, AZwww.smartcardalliance.org

October 12-15Sibos Annual Conference 2015Singapore, MYwww.sibos.com

October 13-15Electronic Transactions Association2015 ETA Strategic Leadership ForumScottsdale, AZhttp://electran.org/events/slf15/

October 13-15BAIBAI Retail Delivery Conference 2015Las Vegas, NVwww.BAI.org

October 15-17Canadian Automatic Merchandising AssociationCAMA Expo 2015Niagara Falls, ONwww.vending-cama.com

October 18-21Association of Financial ProfessionalsAFP Annual Conference 2015Denver, COwww.afponline.org

October 19-20Everlink Client ConferenceCONNECTIONS 2015Niagara Falls, ONwww.everlink.ca

October 25-28Money20/20Las Vegas, NVwww.money2020.com

October TBA2015 Global Finance ConferenceFor Finance ExecutivesToronto, ONGlobalFinanceConference.com

November 17-19ComexposiumCARTES & Identification Exhibition 2015Paris, FRwww.cartes.com

January 20-212016 NAPCP Canadian Commercial Card and Payment ConferenceToronto, ONwww.napcp.org/

February 22-25Mobile World CongressBarcelona, Spainwww.mobileworldcongress.com

March 7-9BAIBAI Payments Connect ConferenceSan Diego, CAwww.BAI.org

January 2016

February

March

april

May

august

septeMber

OctOber

nOveMber

Visit us onlinewww.paymentsbusiness.ca

2015 INDUSTRY EVENTS

June



SERVICE DIRECTORY

To learn more call Paul DeRosse, Senior Vice President, Sales at 905.530.2351 or visit www.apriva.com.

SECURE DEVICES | RELIABLE SERVICE | EXCEPTIONAL SUPPORTApriva is North America’s Leading Wireless Gateway.

SECURE PAYMENT SOLUTIONSEMV & NFC CONSULTING

CARD MANUFACTURES PRINT & MAILING

INTEGRATED PAYMENTS SOLUTIONS

Secure Solutions for Payment & Identification

Toll Free: 1-800-387-9794 www.gi-de.com

Since 1852, G&D has been an integral partner that is solutions orientated and trusted by banks, governments and carriers. Our solutions are founded on trust, integrity and the creation of value through Confidence.• Contact, Contactless and Dual-Interface Smart Cards • Mobile Payment • On-line Secure Authentication • Enhanced Card Identification

Integrated PaymentSolutions and Services

www.everlink.caToll Free: 1.866.388.0076

One of the most advanced and reliable payment delivery solutions

in financial services technology.

see youR company name heRecontact Mark henry - [email protected] x 223

905.670.48381.888.503.4528

Guarantee your

liquidity

CMS PRINTING SERVICE.For all your printing needs.

Call 416-755-7761 ext. [email protected]

NEW LOWER PRICING!!!

Talk to Your Target Market.Advertise today contact Mark Henry, [email protected]


ASSOCIATION UPDATE

aCT Canada; Stakeholders Driving Payment Evolution and Digital IdentityThe payment industry is not for the faint of heart, nor is it boring.

Executives are challenged to balance customer expectations related

to new ways to pay with the investments required to support these new channels. Knowing when and how much to invest also keeps many up at night. Once those decisions are made there are security, privacy, and competitive issues, as well as a shifting regulatory landscape. To help answer some of these concerns, presentations from Cardware 2015 and the recent findings of both the Mobile and Customer Authentication Strategic Leadership teams are now available for our delegates and members.

Strategic leadership teamsSLTs are designed as think tanks that lead to change in the market. They are formed when ACT Canada members want to collaborate with other senior stakeholders in a neutral forum to help influence market growth, propel key initiatives forward, or overcome issues. This allows our members to move quickly and take advantage of expertise beyond their own internal resources to reduce necessary investments

and minimize risks.The call for term two of

the 2015 Strategic Leadership Teams (SLT) has been sent out to members and we have created a merchant team. This new team is open to all merchant members. We expect that the Mobile team will move forward into a new term and expect to hear from members about additional teams they would like to establish.

Minister of Finance consultationJust before Cardware, we responded to the Minister of Finance outreach concerning risk and oversight. In some cases we did not provide answers as our members are not of a common opinion and they would respond individually. However, we did raise concerns about areas where Canadians are led to believe certain payment protections are in place, when they are not. Terminology plays a big role in this. For example, when a bitcoin kiosk is referred to as an ATM, Canadians may assume that it has the same protection as an Interac ATM, but that is not the case.

A busy fall scheduleWe are busy organizing an early fall launch of quarterly, informal networking events. We will also be going across Canada to provide closed door briefings for our members and to talk with other stakeholders. If that wasn’t enough to keep us busy, we will soon open nominations for our annual IVIE awards to celebrate innovation in secure payment and digital ID.

We are in the planning stages for our fall awards ceremony. The IVIEs, our AGM, and a Cardware Connections meeting will take place early November. Check our website for the date and details as they come available. Last year sold out, so book your seats early.

More for our members - discounts on upcoming eventsMoney 2020: ACT members receive a 20 per cent registration discount CARTES SECURE CONNEXIONS, now TRUSTECH: ACT members receive a registration discount

Personnel changesIn June, we welcomed Sharon Fergusson, our new administrator.

Help wantedACT Canada is looking for an inside sales rep who has experience selling services. If you know someone who would be interested, please have them visit http://www.actcda.com/information/careers/

So, we are busy building and defending the markets that matter to more than 150 members. To do so we draw on our 27 years of experience. Could we help you? Give us a call and we can talk about it.

Join our market shaping members to advance your goals.

ACT CanadaInsights • Networking • Visibility

Since 1989, ACT Canada has been internationally recognized as the stakeholder association that drives payment evolution and digital identity. Stakeholder dialogue drives profitable decisions. Join us.

For information, please visit www.actcda.com.

To advertise or get more information and media kits:905-201-6600 | 1-800-668-1838 | 302-137 Main Street North, Markham ON L3P 1Y2

Reach marketers & � nancial executivesOur magazines are must-reads for key executives in core corporate competencies.

We can help you tap into the ecosystem at the points that will drive your campaigns.

Visit our websites:Direct Marketing magazine, www.dmn.caContact Management magazine, www.contactmanagement.caPayments Business magazine, www.paymentsbusiness.ca

Canadian Treasurer magazine, www.canadiantreasurer.comCanadian Equipment Finance magazine, www.canadianequipmentfi nance.comFinancial Operations magazine, www.fi nancialoperations.ca.

Can you help our readers:• Create a strong fi nancial structure and healthy economic

ecosystem to ensure capital and cash fl ow keep their engines running?

• Determine who their customers should be, how they can reach them most effectively, and how they can turn data-driven marketing into profi table sales?

• Build effi cient and effective fi nancial systems to enhance payments and billings between their companies and their customers and vendors?

• Convert all the data and information they collect from every contact point into tangible benefi ts that increase revenue and reduce costs?

• Equip their companies with the tools, technology, systems and hardware needed to manage their operations, to create new services or products, and deliver them to their market?

• Manage their customers with smoothly functioning support departments that are properly staffed and equipped to solve problems, foster loyalty and retain customers?

• Make any or every step in that chain better, faster, cheaper, and more profi table?

payments business magazine jul/aug 2015

Documents