14
PAYMENTSNEWS
PIN TERMINAL
STRENGTHENED OR
�X Fidelity
National
HACK REVEALED
Information
STIFLED BY STANDARDS?
Services (FIS) has
announced the
launch of Transax
P
aul Rodgers, chairman of the
cards and payments community,
Merchant Services
– an aggressively
Vendorcom discusses one of
priced credit
the big issues in the industry at the
and debit card
moment: standards.
payment service
“We’re in a standards-based
designed to help
industry and what gets delivered to
retailers improve
our retail customers has generally their margins and
been in�¾ uenced by many national
quality of service
and international standards. To list the
at the point of
prevailing standards, even by their choose to, means that some cards and
sale (PoS). Transax
Hundreds of PIN pads used by acronyms, would use up my remaining payments standards appear to have
Merchant Services
retail stores across Europe have word count and – while I’m sure such been imposed on an unsuspecting
is designed as
an alternative to
reportedly been tampered with by a glossary would be useful – I’d be retail community. While this might have
credit and debit
organised crime syndicates in China better placed directing you to the been a fair criticism in the past, it is
card services
and Pakistan. Vendorcom Interactive Zone, where rarely the case now.
traditionally
US National Counterintelligence you can post any discussion topic or “It’s the enforcement of standards
offered by
executive, Joel Brenner said query on cards and payments matters. that is the real challenge! The cards
banks and, more
criminals gained access to and “But it does remind me of a and payments industry is largely recently, by small
doctored chip and PIN terminals, conversation I heard at last month’s self-regulating although, with fraud
Independent Sales
either during manufacturing in Vendorcom conference. Asked what he �½ gures, particularly for online payments,
Organisations
China or shortly after leaving the did, one delegate proudly announced: continuing to rocket, the regulatory
(ISOs) throughout
production line, in order to send ‘I’m a QSA working with XYZ on PCI authorities are beginning to take a closer
the UK.
shopper credit card account details and PA-DSS’. And, yes I’m sparing the interest. The real issue comes when,
overseas. The devices were then blushes of ‘XYZ’ but the company name following a comprehensive consultation
resealed and exported to Britain, was a three-letter acronym. programme that has carefully
Ireland, the Netherlands, Denmark, “Back to the issue of standards! weighed-up all the factors and sensible
and Belgium. Three questions are topical: how deadlines for adoption have been set,
“Previously only a nation state’s engaged is it possible to get with the the enforcement body – usually an
intelligence service would have main standards-setting bodies, what international card scheme, an acquiring
been capable of pulling off this is the process for setting a particular bank, or local standards agency – fails to
�X G4S Cash
type of operation,” stated Brenner. standard, and how consistently are consistently apply the standard. Services UK
“It’s scary.” standards being enforced? “This has three major effects:
(G4S) has
MasterCard International has “The good news is that, with regard it develops a ‘cry wolf’ impression,
adopted Zebra
alerted stores in affected areas to engagement, most of the industry’s undermining the credibility of
Technologies’ MZ
and determined doctored devices standards bodies have well developed the standard, the standard-setting
mobile printers for
can most easily be revealed by programmes for consultation and organisations and the body responsible
use by couriers.
The lightweight
virtue of weighing an extra three to involvement. This is important as for enforcing it; it also undermines any
printers will
four ounces due to the additional most of the industry’s standards are solutions provider that has applied
be used when
parts they contain. MasterCard �¼ rst developed at a global or European the standard to its range of solutions
couriers collect
uncovered the plot at the start of level by organisations such as the and is trying, rightly, to market them
and deliver cash
the year after detecting suspicious Payment Card Industry (PCI) Security as meeting current best practice;
from customer
charges to British and other Standards Council, the European and it ensures that standards are not sites. “Security and
European accounts. Payments Council and EMVco and adopted quickly into the market they
ef�½ ciency are at
The scam is believed to have have many challenging and sometimes were designed to protect.
the heart of what
succeeded in stealing millions of con�¾ icting interests to consider. “Vendorcom is currently working
we do. Printed
pounds from cloned cards, phone “The process of de�½ ning particular constructively with national and
receipts mean
or internet transactions or cash standards is still fraught with all the international standards bodies and is
the possibility for
mistakes is kept
withdrawals. And Brenner said the politics of national and corporate promoting collaborative approaches
to a minimum,”
criminals wait up to two months interest that one would expect. that will ensure standards are
commented
before using the stolen data to try The fact that, despite the many comprehensive, �½ t for purpose,
Glyn Hughes,
and cover their tracks. opportunities to engage, few solution consistently applied, and practical to
G4S director of
providers and even fewer retailers implement.”
technology.
RETAIL TECHNOLOGY NOVEMBER 2008
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40