Data security is a critical component of the work that payment facilitators do. Proper management of sensitive data is an essential responsibility for anyone enabling access to the payments system. So every payment facilitator needs to understand the role that PCI compliance plays in their overall risk management efforts.Read More
Compliance solutions provider ControlScan and processor FIS have come together in an effort to streamline PCI compliance for payment facilitators.Read More
An organization’s PCI scope – the components of its business that need to be included in an assessment – can have a dramatic impact on the costs for that company to comply with the security standard’s requirements. According to Chris Bucolo, that’s the fundamental reason payment facilitators need to “engage early.”Read More
Companies that choose to integrate payments into their B2B software offerings must consider risk from a number of perspectives. This week, we report on some of the fundamental issues and decision points behind payment facilitators’ relationship with the industry data security standard.Read More
Merchants want ease of use. Customers want mobile. Everyone wants security.Read More
When a technology company decides to take on payments, it often seems like a natural next step. Who wouldn’t want to extend their services by enabling clients to accept payments?
Then reality sinks in. Adding the technical capability to move money is one thing. Opening the door to the complex web of federal and state regulation and card brand rules is another.Read More
There is plenty of evidence that the payment facilitator market will grow significantly over the next few years. There are multiple drivers for this growth, including the belief that the increased complexity of compliance/security requirements for merchants will generate more interest in this payments model.
Although there is general agreement that the growth potential is large, there is a divergent set of opinions on how risky the model is, and how risk needs to be approached.Read More
A July exposure of transaction records from 899 submerchants serviced by payment facilitator BlueSnap highlights an important lesson for PFs.
In addition to making sure their own houses are in order, they bear responsibility for their submerchants and service providers as well.
PFs who control all aspects of the card entry, where it’s impossible for a transaction to enter outside of their interface, may be able to certify compliance on behalf of all their submerchants. However, if any submerchant or service providers could conceivably get access to card data, the PF must ensure they are certified and registered. BlueSnap had to learn that the hard way.
When Visa recently added more rules on its smallest merchants—PCI Level 4s—it created a sales opportunity for payment facilitators by giving SMBs an even stronger reason to outsource its payments activities. At the same time, it added more complexity to PCI management for those PFs.
Mike Cottrell, head of global sales and marketing at ProPay, tried to put the new rules into perspective for payment facilitators in this week’s PaymentFacilitator.com podcast.Read More
On Monday (March 7), the U.S. Federal Trade Commission (FTC) launched a government investigation of PCI, zeroing in on potentially excessive charges, inconsistency in enforcement and rampant conflicts of interest. As famed QSA Scooby Doo would have said, “Ruh-roh.”
None of this is news to the FTC and it’s part of the reason for the investigation, which FTC is officially calling a study. “We have heard these issues,” said David Lincicum, an FTC attorney in the division of privacy and identity protection, who is the lead attorney on the study and is also managing the study. “We go into this looking to get information, to get some details about what the interactions look like.”Read More