Friday, August 12, 2011

China UnionPay Replaces Visa as World's Largest Card Scheme

China UnionPay has overtaken Visa as the world's largest payments card scheme, according to Retail Banking Research (RBR).
There were eight billion payments card in circulation in 2010, says RBI, of which 29.2% carry the UnionPay brand, compared to 28.6% for Visa. However, Visa is still well ahead in terms of usage and spending. MasterCard accounts for 20%, American Express just 1.1%, JCB 0.8% and Discover 0.7%. Private label cards make up 10% of the total with the same proportion coming from domestic banks.  read more  Finextra: 12 August, 2011 - 13:44

PCI DSS Tokenization Guidelines Issued

PCI: New Tokenization Guidance Issued

Wakefield, Mass., August 12, 2011 -— The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today published the PCI DSS Tokenization Guidelines Information Supplement, the latest in a series of SSC guidance documents aimed at providing the market with greater clarity on how specific technologies relate to the PCI Security Standards and impact PCI DSS compliance.

Tokenization technology replaces a Primary Account Number (PAN) with a surrogate value called a ―token.‖

Specific to PCI DSS, this involves substituting sensitive PAN values with non-sensitive token values, meaning a properly implemented tokenization solution can reduce or remove the need for a merchant to retain PAN in their environment once the initial transaction has been processed.

Working in conjunction with members of its Scoping Special Interest Group (SIG), the Council created the guidance in response to the requests from the PCI community for direction on how tokenization technology may reduce the scope of the cardholder data environment (CDE) and the effort required to conduct a PCI DSS assessment.

As with many evolving technologies, there is currently a lack of industry standards for implementing secure tokenization solutions in a payment environment. As part of an ongoing evaluation of these technologies, this initial guidance from the Council provides stakeholders with suggested guidelines for developing, evaluating, or implementing a tokenization solution, including insights on how a tokenization solution may impact scope of PCI DSS compliance efforts.

Merchants are ultimately responsible for the proper implementation of any tokenization solution they use, including its deployment and operation, and validation of its tokenization environment as part of their annual PCI DSS compliance assessment. Organizations should carefully evaluate any solution before implementation to fully understand the potential impact to their CDE. The paper helps guide merchants through this process by:

--Outlining explicit scoping elements for consideration
--Providing recommendations on scope reduction, the tokenization process itself, deployment and operation factors
--Detailing best practices for selecting a tokenization solution
--Defining the domains, or areas that specific controls need to be applied and validated, where tokenization could potentially minimize the card data environment

This additional guidance also benefits tokenization service providers and assessors by informing them on how the technology can help their merchant customers limit or eliminate system components that process, store, or transmit cardholder data, and reduce the scope of the CDE – and thus the scope of a PCI DSS assessment.

"We’ve continued the process to investigate these technologies and ways that the community can use them to potentially increase the security of their PCI DSS efforts," said Bob Russo, general manager of the PCI Security Standards Council. "These specific guidelines provide a starting point for merchants when considering tokenization implementations. The Council will continue to evaluate tokenization and other technologies to determine the need for further guidance and/or requirements. "

Recommendations on the use of these technologies in relation to the PCI Standards are issued as separate guidance on an ongoing basis throughout the standards lifecycle.

The papers do not introduce additional requirements to the PCI Standards, nor are they an endorsement of one technology over another.

This newest guidance may be found in the Council’s Document Library, an important collection of research, guidance and supplemental insight into topics that can aid ongoing PCI security programs.

"While this guidance will provide merchants with additional understanding on how tokenization may help their PCI efforts, it is important to note that tokenization should not be viewed as an alternative to the PCI Data Security Standard," said Russo. "Tokenization, implemented together with the PCI Standards, provides a layered approach to cardholder data security."

About the PCI Security Standards Council

The PCI Security Standards Council is an open, global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and related standards that increase payment data security.

Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 600 Participating Organizations representing merchants, banks, processors and vendors worldwide.

To learn more about playing a part in securing payment card data globally, please visit: .

Connect with the PCI Council on LinkedIn:
the conversation on Twitter:!/PCISSC

Source: Company press release.

Experts Debate Visa EMV and mPayments Mojo
Market Platform Dynamics CEO Karen Webster moderated a panel of mobile payments "playmakers" this week at TAG FinTECH's August meeting. The topic, "Mobile Payments - Tipping or Slipping" was about as hot as the temperature outside! And, since it was the day after Visa's EMV announcement, they had plenty of hot new stuff to talk about.

read more: Experts Debate Visa EMV and mPayments Mojo  

Bank of America endeavors to assuage fears over its latest difficulties

For Bank of America, Countrywide Bankruptcy Is Still an Option
Mounting losses at Countrywide might overwhelm Bank of America. The best strategy, the Deal Professor says, would appear to be to throw Countrywide into bankruptcy.

Buyers for BofA's C.C.B. Stake Not Plentiful
Bank of America is struggling to find a buyer for its 10 percent stake in China Construction Bank, believed to be worth about $17 billion. The lender is encountering difficulties as investors expect the market to soon be saturated by potential buy-ins to Chinese firms, The Financial Times suggests.

BofA's Moynihan Takes Meetings in Washington 

Bank of America C.E.O. Brian Moynihan has been busy with meetings this week as the bank endeavors to assuage fears over its latest difficulties. According to The Wall Street Journal, the executive notably sat down with Treasury Secretary Timothy Geithner and Federal Reserve governor Daniel Tarullo on Wednesday.

EMV in the Last!

Abstract: EMV is, at last, coming to the USA. The sitting duck in the global payments pond will become the more swan-like global security framework that will make counterfeit cards much harder to create. Visa's active encouragement of EMV contact and contactless terminal deployment lays the groundwork for the smartphone-based transaction world everyone's been hoping for. The magstripe is, at last, losing its role as the central payment origination method and headed, no doubt, for a long retirement in niche applications. It's time.
Other recent Emerging Technologies Advisory Reports recently released:
Durbin and Payments InnovationJune 2011
Available for Download
Not Yet Available
George Peabody
Smart Ticketing: The Move to Open-Loop TransitJune 2011
Available for Download
Available for Download
George Peabody
EMV in the USA: Pushing the Peanut Down the FieldJune 2011
Available for Download
Not Yet Available
George Peabody

This is a Mercator Advisory Group Viewpoint and is available through a membership services relationship. It is also available for one-off purchase.

Members of Mercator Advisory Group have access to reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits.
Please visit us online at
For more information and media inquiries, please call Mercator Advisory

Group's main line: (781) 419-1700 or send E-mail to us on Twitter @

About Mercator Advisory Group
Mercator Advisory Group is the leading, independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors. Mercator Advisory Group is also the publisher of the online payments and banking news and information portal

Mobile Security Software Revenues to Increase Six Fold to $3.7bn by 2016, Driven by the Business Demand, Finds Juniper Research

Hampshire, UK:  10th August 2011 – The market for security software to protect mobile devices including tablets, smartphones and feature phones will reach almost $3.7 billion by 2016 according to a new report by Juniper Research.  By that date enterprise and business sales will account for almost 69% of the market.

The presence of security software has been a common practice in the PC and laptop sector for many years, but not so in the mobile device arena. The recent series of high-profile security alerts, including Britain’s ‘News of the World’ hacking scandal, has heightened the public’s awareness of the vulnerability of mobile devices.

A Business Critical Issue
Juniper’s new Mobile Security research found that businesses are now beginning to spend more on mobile device security applications as they become a critical part of enterprise policy.
Juniper recommends that Enterprise and IT managers audit the security status of their corporate mobile device deployments and take remedial action where necessary.
“Enterprise users are in the front line against potential security breaches through insufficient mobile security and companies need to incorporate mobile network connected devices into the corporate network since this is the easiest way to enforce policies and to audit such devices” says report author Nitin Bhas.

Tablets Usage Increases Demand for Security Software
The report also found that as more tablets are brought into the enterprise over the next five years, the proportion of tablets featuring security products will also increase and overtake the percentage of smartphones protected.

Other key findings include:
•    Currently  less than 1 in 20 smartphones and tablets have third party security software installed in them, despite a steady increase in threats
•    Mobile security products enter the mainstream by late 2013, crossing $1 Billion
•    277 million mobile devices will have some kind of protection installed by 2016

Mobile Security Opportunities Whitepaper and further details of ‘Mobile Security Opportunities: Strategies for Tablets, Smartphones & Feature phones 2011-2016’ can be downloaded from Alternatively please contact John Levett at, telephone +44(0)1256 830001.

Juniper Research provides research and analytical services to the global hi-tech communications sector, providing consultancy, analyst reports and industry commentary

U.S. Bank ATMs: Self-Service Trends in a Challenging Economy

A New Report from Aite Group

Bank ATM Executives Must Focus On Creating A Differentiated ATM Experience Through Customer Personalization And Advanced Features.

Boston, August 11, 2011 – A new report from Aite Group examines the strategic, technological, and operational issues of the bank ATM channel. Based on a Q2 2011 Aite Group survey of bank ATM channel executives at 20 of the top 150 U.S. financial institutions, the report also explores channel-transforming trends relating to transactions, functionality, integration, and fraud management.
Owning and operating an ATM network is a complex endeavor that requires constant management—issues pertaining to fraud, transaction processing, accepting and dispensing of paper, accepting and dispensing of cash, upgrading of hardware and software, and, of course, compliance must all be addressed. Bank ATM executives, most recently consumed by mergers-and-acquisitions integration projects and technology challenges, must now focus on differentiating themselves at the ATM. According to the survey, 41% of bank executives view the ATM channel as a “differentiator” and are looking to introduce advanced features, such as personalization and targeted marketing and messaging, that will enhance the customer experience.

“The U.S. bank ATM channel needs to catch up to the level of technology available in the market and provided by the vendor community,” says David Albertazzi, senior analyst with Aite Group and author of this report. “Moving forward, creating a more personalized and integrated ATM experience that leads to greater channel convergence and increased customer retention will drive ATM infrastructure, hardware, and software upgrades.”

This 33-page Impact Report contains 28 figures. Clients of Aite Group's Retail Banking service can download the report by clicking on the icon to the right. 
Related Aite Group Research:
To purchase this report or
for additional information,
please contact:
Aite Group SalesTel:

A New Report from Aite Group The Increasing Role of VARs and ISVs in U.S. Merchant Acquiring

Merchant Acquirers Must Readjust Their Models To Account For VARs’ And ISVs’ Increasing Influence In Merchant Acquiring.

Boston, August 9, 2011 – A new report from Aite Group, based on Aite Group interviews with 18 U.S. merchant acquirers and independent sales organizations (ISOs), examines how merchant acquirers and ISOs use value-added resellers (VARs) and independent software vendors (ISVs) to acquire new merchants. The report sizes VARs’ and ISVs’ market share in merchant acquisition, as well as the potential revenue opportunity for VARs and ISVs in merchant acquiring over the next five years.
VARs and ISVs play an important role in the acquisition of new merchants in U.S. merchant acquiring—a role that Aite Group expects will only grow in years to come.

This increasing reliance on VARs and ISVs will bring many advantages to the industry, such as speed in completing onboarding processes and their automation, especially where ISOs and acquirers are integrated into the processes of their VARs and ISVs. While ISOs already rely on VARs and ISVs—sometimes exclusively—to sign new merchants, they will have to readjust their models in order to account for VARs’ and ISVs’ increasing influence in merchant acquiring.

“ISVs and VARs are becoming a strong ally to ISOs and merchant acquirers,” saysAdil Moussa, senior analyst with Aite Group and author of this report. “In fact, merchant acquirers, on top of competing to attract merchants directly, also now compete to become the default merchant acquirer on software solutions created by ISVs.”
The report presents a brief comparison of four different ISOs and acquirers—M&T Bank, Mercury Payment Systems, Payment Alliance International (PAI), and Payment Processing Inc. (PPI)—to illustrate the impact of the VAR/ISV sales channel on ISO and acquirer performance.
This 18-page Impact Note contains 13 figures. Clients of Aite Group's Retail Banking and Wholesale Banking services can download the report by clicking on the icon to the right. 
Related Aite Group Research:
To purchase this report or
for additional information,
please contact:
Aite Group SalesTel:

Disqus for ePayment News