By John Ginovsky

In a development intended to boost payment card security throughout the retail transaction process, the TransArmor data security solution provided by First Data Corp. is now integrated within AJB Software Design’s payment processing application suite.

AJB’s integration of the TransArmor solution expands the likelihood that major retailers will achieve a stronger level of security within their payment card acceptance environment than they have now. It enables complete, end-to-end encryption with the option of tokenization—from point of card swipe to formatting and routing of data to the financial institution. Merchants can now take advantage of a multi-layer security solution that eliminates clear-text cardholder data and other sensitive data elements from the retail environment, accommodating closely-related actions including reconciliation, chargebacks, and loyalty awards. 

For financial institutions, it’s a signal that increased scrutiny is being placed on the weakest security link in the transaction process—at the merchant level—and thus, indirectly, will benefit them through reduced operational burdens such as reissuing cards and contacting accountholders. It also would boost fraud analytics capabilities, says Tim Horton, vice-president of Merchant Product Management, First Data, in an interview with Tech Topics.

Horton says this new retailer security effort is complementary to the security aspects of the coming transition to EMV cards, such as has been announced by Visa, MasterCard, and Discover. In the Visa case, retailers not using EMV point-of-sale hardware would assume liability for fraud. However, Horton says, “Even if you use EMV, the subsequent transaction through the merchant to the processor and back would have all that card data in the clear. If you look at now being able to protect it at the point-of-sale and protecting it all the way upstream, it’s really a two-faceted approach against attacks.”

Close to 230,000 U.S. merchants, combining for nearly a half billion transactions to date, currently are processing transactions securely using First Data’s TransArmor solution. AJB, meanwhile, caters to 140 of the tier 1 and 2 retailers, mainly in North America. Tier 1 retailers are categorized as having 10 million or more annual transactions; tier 2 retailers have 5-10 million annual transactions.

AJB’s payment processing suite includes the Flexible Integrated Payment System, and the Retail Transaction Switch. The FIPay application is responsible for integrating the PIN pad device into First Data’s TransArmor solution. RTS is a multipurpose transaction switch that scales to meet the performance demanded by North America’s largest and most well-known retailers. It provides real-time authorization for TransArmor transactions. The two companies have worked for the past two years to achieve this integration, Martin Dziura, senior manager of Business Development, AJB, tells Tech Topics.

The TransArmor solution secures payment card data from the moment it enters the merchant environment throughout the entire transaction. After the payment is authorized, sensitive payment card data is replaced with a nonsensitive, random token number that preserves the value of card data for merchant business operations but removes cardholder or transaction information that criminals might find useful. 

“In doing so, it minimizes risk by providing better security to the merchant’s environment and reducing the scope of PCI compliance; it also shifts the burden of storing cardholder data from the retailer to the acquirer [namely, First Data] and it allows AJB users to seamlessly and securely use the token for other business and sales functions such as returns, sales reports, and analysis,” says Horton.

The cost to attain, maintain, and verify Payment Card Industry Data Security Standard compliance is skyrocketing. According to the National Retail Federation, its members have collectively spent more than $1 billion so far on PCI DSS compliance as part of their business operations. TransArmor allows merchants to significantly reduce the scope, risk, and costs associated with PCI compliance without requiring new hardware or extensive changes to existing business processes.

Customer relationship managers are in the process of explaining this integration of security services to potential customers. Also, says Horton, plans are in the works to talk with financial institutions to explain the set up as well as flag which of their commercial customers use the system, in order to facilitate antifraud analytics.

 

 

[This article was posted on March 27, 2012, on the website of ABA Banking Journal, www.ababj.com.]

TrackBack URI for this entry