Covering Your Assets: Payment Landscape and Technology Keith Lam Sr. Product Manager 2016 Epicor Software Corporation
Keith Lam Senior Product Manager 9+ years at Epicor, focusing on building great products and services that help the independent retailer succeed and grow Product focus is on Cloud, SaaS, Payment, Financial, Security, Hardware and Pharmacies Passionate about consumer engagement and loyalty how technology can help small retailers reach new customers and keep existing customers through multi-channel marketing and personalized communication, as well as data security 2016 Epicor Software Corporation Eagle Online Academy 2
Covering Your Assets: Payment Landscape and Technology Keith Lam Sr. Product Manager 2016 Epicor Software Corporation
The contents of this document are for informational purposes only and are subject to change without notice. Epicor Software Corporation makes no guarantee, representations or warranties with regard to the enclosed information and specifically disclaims, to the full extent of the law, any applicable implied warranties, such as fitness for a particular purpose, merchantability, satisfactory quality or reasonable skill and care. This document and its contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its date of publication, April 2016. The usage of any Epicor products or services is subject to Epicor s standard terms and conditions then in effect. Usage of the solution(s) described in this document with other Epicor software or third party products may require the purchase of licenses for such other products. Epicor, the EPICOR logo, Eagle, Grow Business, Not Software, are trademarks or registered trademarks of Epicor Software Corporation in the United States, and in certain other countries and/or the EU. Copyright 2016 Epicor Software Corporation. All rights reserved. 2016 Epicor Software Corporation Eagle Online Academy 4
Agenda 1. Different Ways to Pay 2. How the Bankcard Payment Chain Works 3. New Payment Options 4. Payment Security 2016 Epicor Software Corporation Eagle Online Academy 5
In 2015, what was the most used payment method? A. Cash B. Check C. Debit Card D. Credit Card 2016 Epicor Software Corporation Eagle Online Academy 6
Different Ways to Pay Cash is still King! https://blackhawknetwork.com/2015consumer_payments 2016 Epicor Software Corporation Eagle Online Academy 7
Different Ways to Pay However Cash and check use is declining fast. 18% of consumers using alternative payment methods https://blackhawknetwork.com/2015consumer_payments 2016 Epicor Software Corporation Eagle Online Academy 8
How the Bankcard Payment Chain Works 2016 Epicor Software Corporation Eagle Online Academy 9
Card Payment Value Chain First Data, Elavon, EPX Visa, MC, Amex, Disc Citibank, Chase, BofA Cardholder presents card to pay for purchases Merchant swipes card, enters amount and transmits authorization request to processor Processor electronically sends the auth request to credit card company Credit card company routes request to cardholders issuing bank Issuer approves or declines the transaction CARDHOLDER MERCHANT PROCESSOR CARD COMPANY ISSUER Cardholder account is debited Merchant completes the transaction Processor forwards response to merchant Card company forwards response to processor Issuer transmits approval or decline to credit card company The Merchant pays between 2%-$% of the total transaction amount to accept card payments: ~ 10-20% ~ 5% ~ 70-90% Trans = $ 40.00, MD = 3% $ 0.20 $ 0.06 $ 0.94 2016 Epicor Software Corporation Eagle Online Academy 10
New Payment Options 2016 Epicor Software Corporation Eagle Online Academy 11
New Payment Options Apple Pay Android Pay/Google Wallet PayPal Samsung Pay/Loop Bitcoin 2016 Epicor Software Corporation Eagle Online Academy 12
Apple Pay and Google Wallet Apple Pay and Google Wallet are all mobile payment options that allow you to use your smartphone to pay for purchases using your bankcards or a prepaid card. Apple Pay and Google Wallet do not store the actual bankcard number on your phone for better security and fraud protection. http://arstechnica.com/gadgets/2014/10/how-mobile-payments-really-work/ 2016 Epicor Software Corporation Eagle Online Academy 13
Apple Pay How does Apple Pay work? Specific to your iphone Token is sent to the processor who matched it to a bankcard for payment Verification - TouchID Token A random number, that represents your bankcard, generated specific to your iphone. Security Token cannot be stolen and used to create a physical bankcard, cannot be used for internet ordering nor used on a different device 2016 Epicor Software Corporation Eagle Online Academy 14
Google Wallet/Android Pay How does Google Wallet work? Verification 4 digit pin Creates virtual card Pay with the virtual card that pulls from your bankcard Virtual Card Represents your bankcard. Real card is stored on Google servers Security Virtual card cannot be stolen and used to create a physical bankcard, cannot be used for internet ordering nor used on a different device. With Android pay, it is similar to Apple Pay where a one use token is presented and transmitted. Google still stores your credit cards 2016 Epicor Software Corporation Eagle Online Academy 15
PayPal http://www.casio.co.uk/paypal/ 2016 Epicor Software Corporation Eagle Online Academy 16
Samsung Pay/Loop http://www.businesswire.com/news/home/20141103005185/en/looppay-launches-mobile-payment-product-line-accepted http://www.idownloadblog.com/2015/02/18/samsung-buys-apple-pay-competitor-looppay/ 2016 Epicor Software Corporation Eagle Online Academy 17
Bitcoin https://vulcanpost.com/235071/tiasg2015-day-2-startups-bitcoin-trend/ http://visual.ly/bitcoin-infographic 2016 Epicor Software Corporation Eagle Online Academy 18
Do you accept mobile payments in your business? A. Yes, we do, but our customers don t use them very much. B. Yes, we do, and our customers use them frequently. C. No, but we re interested in doing so. D. No. It s cash, check or cards for us. 2016 Epicor Software Corporation Eagle Online Academy 19
Payment Security 2016 Epicor Software Corporation Eagle Online Academy 20
Payment Security Low Risk-High Reward Low Reward-High Risk Chris Swecker, Former FBI Asst Director 2016 Epicor Software Corporation Eagle Online Academy 21
Types of Hacked Fraud What would you like to order from the black market? http://techcrunch.com/2015/09/07/the-business-of-fraud/ 2016 Epicor Software Corporation Eagle Online Academy 22
Have you had a data breach in your business? A. Yes. B. No. C. I m not sure! 2016 Epicor Software Corporation Eagle Online Academy 23
Payment Security - Cash Options File -> Configure -> Application Options -> Option Group Cash Draw Balancing Online help Setting Up the Cash Drawer Balancing Feature 2016 Epicor Software Corporation Eagle Online Academy 24
Payment Security - Checks ECC http://help.eaglesoa.com/25/en-n-eagle/pos/ecc/ecc_ovr.htm 2016 Epicor Software Corporation Eagle Online Academy 25
Payment Security - Bankcards EMV Transactional Security Point to Point Encryption Tokenization 2016 Epicor Software Corporation Eagle Online Academy 26
Payment Security EMV Security EMV Chip cards, chip and pin, chip and signature Two protections: 1. Verification Chip card is real 2. Authentication Cardholder is real Protect from fraudulently created bankcards only. Does not encrypt or tokenize the card number. 2016 Epicor Software Corporation Eagle Online Academy 27
Payment Security Transactional Security Point to point encryption and tokenization are two different payment security features, normally used together Designed to remove any actual bankcard numbers from being stored, processed or transmitted by your POS system through to the Payment Gateway or Processor. This combined solution reduces your PCI scope because your system and networks are designed never to see any real bankcard numbers. 2016 Epicor Software Corporation Eagle Online Academy 28
Payment Security Transactional Security Point to Point Encryption Encrypts a consumer s bankcard data at point of swipe or insertion Only the encrypted bankcard number is send from the pin pad to the POS system and internet 1234 56 ABD 5432 %25DUCK=$3& Encrypted swipe data Preserves 1 st 6 and last 4 digits 2016 Epicor Software Corporation Eagle Online Academy 29
Payment Security Transactional Security Tokenization A random number token is created for the actual bankcard number This token is POS system and bankcard specific; i.e. the token cannot be used at another retailer Epicor Gateway 1234 56BD 3GH5 5432 Tokenized card Preserves 1 st 6 and last 4 digits 2016 Epicor Software Corporation Eagle Online Academy 30
Payment Security Transactional Security No actual bankcard numbers are in your POS system so nothing of value can be stolen If tokens are stolen, they cannot be made into usable bankcards or used on internet sites If you have a data breach, none of your customer s actual bankcard information will be stolen 2016 Epicor Software Corporation Eagle Online Academy 31
Payment Security Features EMV Transactional Security Helps prevent fraudulent bankcards from being used at your store Helps prevent bankcard numbers from being stolen from your store Apple Pay Android Pay 2016 Epicor Software Corporation Eagle Online Academy 32
Payment Security Account Takeovers What is it? Someone steals your business credential and uses them to steal money from your accounts ID theft Fraud method Phishing, social engineering, phony calls, malware, and virus Result Stolen user name, passwords, account numbers, vendors information, bank information, or social security numbers 2016 Epicor Software Corporation Eagle Online Academy 33
Payment Security Account Takeovers How it works? Fraud Advisory for Businesses: Corporate Account Take Over. United States Secret Service, FBI, IC3, and FS-ISAC. 2016 Epicor Software Corporation Eagle Online Academy 34
Payment Security Account Takeovers Who helps you? No one, the bank sees this as a valid transfer. The receiving bank cannot give you info on the account holder and the account is closed and the funds are gone Only you and your employees can protect your business 2016 Epicor Software Corporation Eagle Online Academy 35
The best way to avoid becoming a victim of a cyberheist is not to let computer crooks into the computers you use to access your organization s bank accounts online. - Brian Krebs 2016 Epicor Software Corporation Eagle Online Academy 36
Payment Security Account Takeovers Recommendations Educate your employees Protect your online environment Partner with the banks (call backs, device authentication, multi person approvals, 2 factor authentication) Pay attention to suspicious activity and react quickly Understand you responsibilities and liabilities http://www.aba.com/tools/function/fraud/pages/corporateaccounttakeoversmallbusiness.aspx 2016 Epicor Software Corporation Eagle Online Academy 37
Payment Security Account Takeovers Great resource - KrebsOnSecurity.com Blog from Brian Krebs who broke the Target breach and provides great recommendations for personal and business protections. 2016 Epicor Software Corporation Eagle Online Academy 38
Summary Cash is King, alternatives moving up Bankcard payment chain and who makes money New payment options from Apple Pay to Bitcoin Payment Security Cash, check, bankcards and accounts Ways to protect these assets 2016 Epicor Software Corporation Eagle Online Academy 39
Summary Payment types will continually change and so will thieves and hackers, but remember this: 1. You make the decision on the risk for your business. 2. Use the latest security protections. 3. Limit access of personnel and computers that can access sensitive information. 2016 Epicor Software Corporation Eagle Online Academy 40
For more information on products featured in today s presentation, or to find out how Epicor Professional Services can help you grow your business, please contact your Account Manager at 800.538.8597. 2016 Epicor Software Corporation Eagle Online Academy 41