Peter Guidi's Blog

Archive for December, 2013|Monthly archive page

The Target Breach: what it means to card and mobile ACH payment:

In ACH decoupled debit, alternative payment, Bank Fees, Bank Tax, merchants, mobile payment, omni-channel, Payment card, retailers, swipe fees, Target breach on December 27, 2013 at 3:59 pm

In the aftermath of the Target Breach, David Heun at American Banker writes that ACH decoupled debit could be the big winner saying “security may have suddenly become the product’s biggest selling point.” He tiled the story, “Target’s Redcard Proves Less Vulnerable to Data Breach than Bank Cards”. Today Richard Crone, chief executive of consulting firm Crone Consulting LLC is quoted in PYMTS.com saying “Skimming the 16 digits on Target’s proprietary decoupled debit Redcard will probably not even be pursued by the fraudsters who captured that number because it can only be used inside Target”, he went on to say; “The proprietary Target card represents another reason merchants may want their own card because it can mitigate risk, too.”

National Payment Card Association is the leading provider of ACH decoupled debit card services at the POS and the world’s largest processor of mobile ACH transactions at the fuel pump. ACH decoupled debit is safer than legacy payment because the actual payment credentials are not being passed through the POS. Instead the consumer links their financial account to a card or phone as a psydo number/Token across our database. This process isolates the consumer’s financial data from the payment processing network. This differs from legacy payments where the payment credential is on the card; given the choice, “no one would pass actual payment credentials through the point of sale”, says Richard Crone

Retailers can lower their liability to payment data loss by implementing ACH decoupled debit programs. At the 2013 Pinnacle Users Conference in Dallas, I quote Gray Taylor; Executive Director of PCATS, where he said that ACH programs lower the retailer’s exposure to payment data liability. Retailers are rightly concerned about the liability associated with payment data loss. Target is not the first to be a victim of this crime and watching the media reminds me of, with my apologies to the family; Kitty Genovese.

The debate about payment data is hardly new, who can forget the transition to 3dez. Target has announced that stolen PINS are safe behind a processor based encryption key, one win in the data protection business. Proponents of EMV, and by its extension, those involved with NFC mobile payments will point to Target as another justification for their systems. Meanwhile thieves will work on new man in the middle attack strategies. As long as the payment credential passes through the POS and processing network, it will be a target for theft.

Mobile payment is impacted as well. Data security is also a consideration as the retailer evaluates cloud-based mobile payment or NFC at the POS. Some proponents argue that the payment data can be stored on the secure element and be safe. The growth of mobile payment will capture millions of users as consumers choose mobile payment. Retailers have a unique opportunity to lower payment liability by shifting consumers to card and mobile ach decoupled debit.

Advertisements