The Green Sheet April 13, 2009 o Issue 09:04:01 (click graphic to enlarge or read below)
Doin' it right
POS equipment continues to get smaller, cheaper and faster. In March 2009, Montreal-based payment hardware and software provider, HomeATM ePayment Solutions, rolled out Safe-T-PIN, the first Internet POS PIN entry device (PED) to achieve Payment Card Industry (PCI) Data Security Standard (DSS) PED 2.0 certification. "What Safe-T-PIN is all about is very simple," said Mitchell Cobrin, Chief Operating Officer of HomeATM.
"All we've done is to replicate a POS device within PCI standards for home use. "Our goal is to have our product with every small e-merchant and in every household of online consumers, and we're talking a couple of hundred million people."
Safe-T-PIN is a ready-to-use, pocket-sized universal serial bus (USB) "plug and play" device that requires no software upgrades, works with any operating system or Web browser, eliminates the need for keying in card numbers because the card is swiped, and works with any bank, processor or currency. It is also Europay, Visa Inc. and MasterCard Worldwide compliant to accommodate smart cards, magstripes or chip and PIN technology.
Transactions for the masses
"Safe-T-PIN gives everyone – merchants and consumers alike - the ability to do a transaction that is more secure than any they could do in a card-not-present environment, including debit and credit card transactions and P2P [person-to-person] money transfers in real time," Cobrin said. "Consumers swipe their cards, enter their password for a PIN debit, and it goes through the EFT [Electronic Funds transfers] network in the same amount of time as a brick-and-mortar transaction - and it's fully encrypted. We're not inventing a system because it's really the mirror image of the POS EFT experience. All we're doing is making it accessible to home-based, online merchants and consumers."
According to many payments industry experts, the biggest problem with e-commerce is the lack of consumer confidence in the ability to make purchases or send money online securely. They cannot see e-commerce merchants face to face and hesitate to fully trust them.
To address consumer fears about identity theft, lack of brand recognition, malware and keystroke monitoring, HomeATM has a newsletter and blog that offer viable solutions to these common concerns.
"Safe-TPIN really speaks to the heart of this matter because it makes all of that totally impregnable," Cobrin said.
Disposable POS
Additionally, HomeATM has made Safe-TPIN cost effective for the smaller and midsized e-commerce merchants, as well as for those merchants with employees who take electronic payments off site. "Safe-T-PIN's price almost pegs this unit as a disposable POS device, so if it's stolen, if it's discarded or disappears, you haven't lost the hundreds of dollars it would cost to replace it," Cobrin said. "We remove the notion of $30 a month leases on systems for merchants struggling in today's economy."
Partnership power
HomeATM has a minimal direct sales force; the company's preference is to support the ISO reseller channel and stay in the background. "We really respect and appreciate the role that the ISO can play," Cobrin said. "They're the frontline people who have the expertise in the industry, so we're here to support any particular initiatives that they might be working on to assist them in marketing this product." Cobrin noted that in the past year same-store sales have steadily declined, and e-commerce is eroding business at brick-and-mortar locations, which has created a tremendous opportunity for ISOs and merchant level salespeople to put POS devices in the hands of merchants who would not otherwise be able to contemplate having merchant processing accounts.
"Tomorrow's e-retail and P2P remittance commerce is going to happen with or without those merchants who choose not to participate," Cobrin said. "And we're not trying to cannibalize brick-and-mortar as much as we want to give all merchants, regardless of size, the opportunity to change a fairly antiquated type of thinking and not be a dinosaur.
"There are so many different approaches because a POS of this nature has never existed, so I think new markets are just inherently going to be developed in ways that, perhaps, our team has not yet even contemplated."
EDITOR'S NOTE: So...if HomeATM is "Doin' it Right" then who's "Doin' It Wrong?"
Excerpts from a story from American Banker:
Acculynk Inc. says its Internet PIN debit service...PaySecure enables consumers to enter their PIN with a mouse on a virtual PIN pad that appears on the computer screen during checkout.
Industry analysts, however, have questioned the security of Acculynk's offering. In February, Avivah Litan, a vice president at Gartner Inc. in Stamford, Conn., said she was against any software- or Web-based PIN-entry service.
"I would highly recommend [to any consumer] not entering their PIN anywhere on the Internet unless it was hardware-based," she said.
"I would highly recommend [to any consumer] not entering their PIN anywhere on the Internet unless it was hardware-based," she said.
Editor's Note: Apparently Ms. Litan minces no words and has a very strong opinion on who's "doin' it wrong"
But Ashish Bahl, Acculynk's CEO said the networks involved with the pilot tests have little concern about the security of PaySecure.
But Ashish Bahl, Acculynk's CEO said the networks involved with the pilot tests have little concern about the security of PaySecure.
"For all the credible third parties that understand exactly what we do in detail, they are absolutely fine with our security, and that's their fiduciary responsibility," he said. (Question: Does that mean that these credible third parties are liable if there is a breach? Because I've been wondering who would have the liability in the event of a software breach...it seems clear that these "credible third parties." will be responsible for the fallout.)
In an e-mail last week, McGuire wrote that Pulse believes that "Internet-based PIN debit has tremendous potential value for consumers, as well as for merchants and debit card issuers."
Editor's Note: It would have even "more tremendous-er" (sic) value if it was a "TRUE" internet based PIN Debit application, but...since the "card's not present" either is TRUE PIN Debit. (see "Software PIN Debit Doesn't Exist...)
Javelin's (Bruce) Cundiff said that "a substantial subset of consumers" are "making the behavior change from credit cards to other methods of payment" and that they would benefit from another "pay-now" method.
In an e-mail last week, McGuire wrote that Pulse believes that "Internet-based PIN debit has tremendous potential value for consumers, as well as for merchants and debit card issuers."
Editor's Note: It would have even "more tremendous-er" (sic) value if it was a "TRUE" internet based PIN Debit application, but...since the "card's not present" either is TRUE PIN Debit. (see "Software PIN Debit Doesn't Exist...)
Javelin's (Bruce) Cundiff said that "a substantial subset of consumers" are "making the behavior change from credit cards to other methods of payment" and that they would benefit from another "pay-now" method.
Fiserv Inc.'s Accel/Exchange and Metavante Corp.'s NYCE Payments Network LLC are the other two networks testing PaySecure.
(Editor's Note: Metavante isn't Metavante anymore. It's FIS. Which reminds me...if you're going to the ETA, make sure and stop by FIS' booth, which they are sharing with HomeATM...and utilizing to push HomeATM's "True" PIN Debit platform. Oh...and while you're there, you can congratulate them on their recent acquistion of Metavante...and therefore...NYCE!) See NYCE! Metavante Acquired by Fidelity National
(Editor's Note: Metavante isn't Metavante anymore. It's FIS. Which reminds me...if you're going to the ETA, make sure and stop by FIS' booth, which they are sharing with HomeATM...and utilizing to push HomeATM's "True" PIN Debit platform. Oh...and while you're there, you can congratulate them on their recent acquistion of Metavante...and therefore...NYCE!) See NYCE! Metavante Acquired by Fidelity National