Covering your Assets Payment Landscape and Securitygo.epicor.com/rs/758-ABG-695/images/EOA-Covering your Assets... · © 2016 Epicor Software Corporation Covering Your Assets: Payment

© 2016 Epicor Software Corporation

Covering Your Assets: Payment Landscape and Technology Keith Lam Sr. Product Manager

© 2015 Epicor Software Corporation © 2015 Epicor Software Corporation

2 © 2016 Epicor Software Corporation │ Eagle Online Academy #EpicorEOA

Keith Lam― Senior Product Manager

► 9+ years at Epicor, focusing on building great products and services that help the independent retailer succeed and grow

► Product focus is on Cloud, SaaS, Payment, Financial, Security, Hardware and Pharmacies

► Passionate about consumer engagement and loyalty― how technology can help small retailers reach new customers and keep existing customers through multi-channel marketing and personalized communication, as well as data security

© 2016 Epicor Software Corporation

Covering Your Assets: Payment Landscape and Technology Keith Lam Sr. Product Manager



The contents of this document are for informational purposes only and are subject to change without notice. Epicor Software Corporation makes no guarantee, representations or warranties with regard to the enclosed information and specifically disclaims, to the full extent of the law, any applicable implied warranties, such as fitness for a particular purpose, merchantability, satisfactory quality or reasonable skill and care. This document and its contents, including the viewpoints, dates and functional content expressed herein are believed to be accurate as of its date of publication, April 2016. The usage of any Epicor products or services is subject to Epicor’s standard terms and conditions then in effect. Usage of the solution(s) described in this document with other Epicor software or third party products may require the purchase of licenses for such other products. Epicor, the EPICOR logo, Eagle, Grow Business, Not Software, are trademarks or registered trademarks of Epicor Software Corporation in the United States, and in certain other countries and/or the EU. Copyright © 2016 Epicor Software Corporation. All rights reserved.



Agenda

1. Different Ways to Pay

2. How the Bankcard Payment Chain Works

3. New Payment Options

4. Payment Security



In 2015, what was the most used payment method?

A. Cash

B. Check

C. Debit Card

D. Credit Card



Different Ways to Pay

Cash is still King!

https://blackhawknetwork.com/2015consumer_payments



Different Ways to Pay

However… Cash and check use is declining fast. 18% of consumers using alternative payment methods

https://blackhawknetwork.com/2015consumer_payments



How the Bankcard Payment Chain Works



Card Payment Value Chain

Cardholder presents card to pay for purchases

Merchant swipes card, enters amount and transmits authorization request to processor

Processor electronically sends the auth request to credit card company

Credit card company routes request to cardholders issuing bank

Issuer approves or declines the transaction

Issuer transmits approval or decline to credit card company

Card company forwards response to processor

Processor forwards response to merchant

Merchant completes the transaction

Cardholder account is debited

CARDHOLDER MERCHANT PROCESSOR CARD COMPANY

ISSUER

The Merchant pays between 2%-$% of the total transaction amount to accept card payments: ~ 10 - 20% ~ 5% ~ 70 - 90%

Trans = $ 40.00, MD = 3% $ 0.20 $ 0.06 $ 0.94

Citibank, Chase, BofA Visa, MC, Amex, Disc First Data, Elavon, EPX



New Payment Options



New Payment Options

► Apple Pay

► Android Pay/Google Wallet

► PayPal

► Samsung Pay/Loop

► Bitcoin



Apple Pay and Google Wallet

► Apple Pay and Google Wallet are all mobile payment options that allow you to use your smartphone to pay for purchases using your bankcards or a prepaid card.

► Apple Pay and Google Wallet do not store the actual bankcard number on your phone for better security and fraud protection.

http://arstechnica.com/gadgets/2014/10/how-mobile-payments-really-work/



Apple Pay ► How does Apple Pay work?

Specific to your iPhone Token is sent to the processor who

matched it to a bankcard for payment • Verification - TouchID • Token – A random number, that represents your bankcard, generated specific to your

iPhone. • Security – Token cannot be stolen and used to create a physical bankcard, cannot be

used for internet ordering nor used on a different device



Google Wallet/Android Pay

► How does Google Wallet work?

Creates virtual card

Pay with the virtual card that pulls from your bankcard

• Verification – 4 digit pin

• Virtual Card – Represents your bankcard. Real card is stored on Google servers

• Security – Virtual card cannot be stolen and used to create a physical bankcard, cannot be used for internet ordering nor used on a different device.

• With Android pay, it is similar to Apple Pay where a one use token is presented and transmitted. Google still stores your credit cards



PayPal

http://www.casio.co.uk/paypal/



Samsung Pay/Loop

http://www.idownloadblog.com/2015/02/18/samsung-buys-apple-pay-competitor-looppay/

http://www.businesswire.com/news/home/20141103005185/en/LoopPay-Launches-Mobile-Payment-Product-Line-Accepted



Bitcoin

http://visual.ly/bitcoin-infographic

https://vulcanpost.com/235071/tiasg2015-day-2-startups-bitcoin-trend/



Do you accept mobile payments in your business?

A. Yes, we do, but our customers don’t use them very much.

B. Yes, we do, and our customers use them frequently.

C. No, but we’re interested in doing so.

D. No. It’s cash, check or cards for us.



Payment Security



Payment Security

Low Risk-High Reward Low Reward-High Risk

Chris Swecker, Former FBI Asst Director



Types of Hacked Fraud

http://techcrunch.com/2015/09/07/the-business-of-fraud/

What would you like to order from the black market?



Have you had a data breach in your business?

A. Yes.

B. No.

C. I’m not sure!



Payment Security - Cash

Options File -> Configure -> Application Options -> Option Group “Cash Draw Balancing” Online help “Setting Up the Cash Drawer Balancing Feature”



Payment Security - Checks

ECC http://help.eaglesoa.com/25/en-n-eagle/POS/ECC/ECC_Ovr.htm



Payment Security - Bankcards

► EMV

► Transactional Security

• Point to Point Encryption

• Tokenization



Payment Security – EMV Security

► EMV – Chip cards, chip and pin, chip and signature Two protections:

1. Verification • Chip card is real

2. Authentication • Cardholder is real

Protect from fraudulently created bankcards only.

Does not encrypt or tokenize the card number.



Payment Security – Transactional Security

► Point to point encryption and tokenization are two different payment security features, normally used together

• Designed to remove any actual bankcard numbers from being stored, processed or transmitted by your POS system through to the Payment Gateway or Processor.

► This combined solution reduces your PCI scope because your system and networks are designed never to see any real bankcard numbers.




► Point to Point Encryption

• Encrypts a consumer’s bankcard data at point of swipe or insertion

• Only the encrypted bankcard number is send from the pin pad to the POS system and internet

1234 56 ABD 5432 %25DUCK=$3&

Encrypted swipe data Preserves 1st 6 and last 4 digits




► Tokenization

• A random number token is created for the actual bankcard number

• This token is POS system and bankcard specific; i.e. the token cannot be used at another retailer

1234 56BD 3GH5 5432

Tokenized card Preserves 1st 6 and last 4 digits

Epicor Gateway




► No actual bankcard numbers are in your POS system so nothing of value can be stolen

► If tokens are stolen, they cannot be made into usable bankcards or used on internet sites

► If you have a data breach, none of your customer’s actual bankcard information will be stolen



Payment Security

Features EMV Transactional Security

Apple Pay Android Pay

Helps prevent fraudulent bankcards from being used at your store

Helps prevent bankcard numbers from being stolen from your store



Payment Security – Account Takeovers

► What is it?

• Someone steals your business credential and uses them to steal money from your accounts – ID theft

► Fraud method

• Phishing, social engineering, phony calls, malware, and virus

► Result

• Stolen user name, passwords, account numbers, vendors information, bank information, or social security numbers




► How it works?

“Fraud Advisory for Businesses: Corporate Account Take Over.” United States Secret Service, FBI, IC3, and FS-ISAC.




► Who helps you?

• No one, the bank sees this as a valid transfer.

• The receiving bank cannot give you info on the account holder and the account is closed and the funds are gone

Only you and your employees can protect your business



“The best way to avoid becoming a victim of a cyberheist is not to let computer crooks into the computers you use to access your organization’s bank accounts online.”

- Brian Krebs




► Recommendations

• Educate your employees

• Protect your online environment

• Partner with the banks (call backs, device authentication, multi person approvals, 2 factor authentication)

• Pay attention to suspicious activity and react quickly

• Understand you responsibilities and liabilities

http://www.aba.com/Tools/Function/fraud/pages/corporateaccounttakeoversmallbusiness.aspx




► Great resource - KrebsOnSecurity.com

► Blog from Brian Krebs who broke the Target breach and provides great recommendations for personal and business protections.



Summary

► Cash is King, alternatives moving up

► Bankcard payment chain and who makes money

► New payment options from Apple Pay to Bitcoin

► Payment Security

• Cash, check, bankcards and accounts

• Ways to protect these assets



Summary

Payment types will continually change and so will thieves and hackers, but remember this:

1. You make the decision on the risk for your business.

2. Use the latest security protections.

3. Limit access of personnel and computers that can access sensitive information.



For more information on products featured in today’s presentation, or to find out how Epicor Professional Services can help you grow your business, please contact your Account Manager at 800.538.8597.

Documents

Covering your Assets Payment Landscape and Securitygo.epicor.com/rs/758-ABG-695/images/EOA-Covering your Assets... · © 2016 Epicor Software Corporation Covering Your Assets: Payment