“Do I swipe or chip?” Are you getting tired of asking this question whenever you want to pay by card? Since last year, I’ve been observing signs that read “coming soon!” sticking out of the EMV chip slot on new payment terminals.
What’s the delay? According to a great new report furnished by the National Retail Federation, certification seems to be a bottleneck. Check out this scenario: In 2014, you planned for a major 2015 budget allocation to update point of sale (POS) payment modules so that you would be ready for the EMV (chip) standard go-live in October 2015. Then, in 2015, you deployed your new payment equipment so that they were in and ready before both the October deadline and the start of the holiday shopping season.
Now, hurry up and wait. The NRF survey data suggests 60% of respondents have been waiting since at least December 2015 (6 months or longer) for certification. For a credit card industry that is very much focused on increasing security, the level of resources they’ve made available for this new standard coming online has retailers frustrated.
In my research for this post, I noted EMV readiness in the various retailers I’ve frequented in the last ten days. Among grocers, the nationwide brand has had chip-ready terminals since late 2015, but chip payment only went live last week. My local grocer has also had chip-supporting hardware for several months, but still hasn’t been able to activate it. Two out of the three nationwide hardware chains have yet to turn on chip-enabled hardware in their stores – prompting wonder if there is any competitive advantage for the one chain that has been EMV-live for the last few months. Finally, the local store for a national auto parts retailer hasn’t yet implemented hardware (and I suspect this may be common among franchisees, many of whom are small businesses).
What’s next? Many retailers will begin locking down process implementations by the end of September – so that systems are tested and stable during the peak shopping season. As certifications are obtained, it appears there will be a second holiday season of confusion, and without full confidence that payment transactions are secure. All this time, retailers are facing frustration from consumers who want to use their “more secure” chip cards, and face significant fraud exposure.
New standards are not easily implemented. Here, as retailers appear to have invested in a timely manner, their frustration seems justified. With the additional fraud exposure and impact on customer satisfaction, it will take longer to recoup this investment than most had likely planned.
Posted by Gemma Randazzo
If you’ve gone shopping anywhere in the last year or so, you may have noticed the iPads, iPhones and even a few Androids that are increasingly being used as cash registers. While the trend is perhaps most noticeable in mom-and-pop stores (if you’ve been any non-Starbucks coffee shop in the last six months, you know what I mean), it’s certainly not limited to that. Department stores and major retailers are making the switch as well.
In fact, research group IHL recently released a study examining the projected growth of mobile POS systems. The firm found that by 2017, over 3.6 million tablets will have been shipped to retail and hospitality companies in North America alone, projecting that these shipments will result in some fundamental changes in many of these companies. The group also projects that shipments of non-rugged small format handhelds for mobile POS systems will increase 380% from 2013 to 2017. At the same time, overall POS shipments will be reduced by 12% in 2016, and in some segments, may be reduced by as much as 20% from previously forecast volumes. Those are some pretty striking numbers and it’s easy to see that mobile POS systems will have a large and far-reaching impact on the service industry.
For a start-up company, the appeal is easy to see. They can skip the investment of a traditional cash register and POS system and can instead purchase or repurpose an iPhone or iPad and use a cost-effective system like Square.
But what about for an established company? They’ve already invested in cash registers, credit card machines, and all the other bells and whistles that come with a traditional POS system. What’s the appeal?
Well, for one thing, it means your workforce is more mobile. Workers are no longer tied to the cash register. They are free to move around the store helping customers, restocking inventory and tidying the store floor. And while they do these things, each employee is a walking sales opportunity. Since each employee working effectively becomes a cash register, check out times are no longer limited by the number of cash registers available, but by the number of employees. This can speed up check out times for customers. And of course, it does give your company a bit of sleek modernity to be able to check out customers from anywhere in the store at the drop of a hat.
One cautionary note, however, is security. Most of these systems have security features built into them to ensure consumer PII and credit card information isn’t stored locally. Be sure you’re careful reviewing those features. It also wouldn’t go amiss to look into MDM software. Chances are, if you use ruggedized mobile devices in your back room or warehouse, your organization is already using MDM. While we tend to think of it as closely related to BYOD, mobile device management policies and technology protect corporate-owned devices as well.
Posted by Brandon Hill
The supply chain of most companies is long and complex. It’s often difficult to get a complete picture of your company’s supply chain, which involves not only direct suppliers, but also the suppliers that supply your suppliers. And so on down the chain.
But even though this lack of knowledge is common and, in many cases, unavoidable, it’s still cause for concern. Many companies share sensitive corporate data with those in the supply chain, such as intellectual property information, customer data or employee info. This information, some of it crucial for business to move forward, some of it not, is often shared without any regard for the information security practices of the company receiving the info.
It’s a risky move. On the one hand, the vendor you’re sharing info with and everyone they’re sharing info with might have great security in place. Their systems might be as tight as a drum. On the other hand, just because your systems are secure doesn’t mean those of the companies you work with are equally secure, and data might be leaking from your organization like a sieve. (more…)
Securing the First Responders: With today’s critical infrastructure threats, how can you ensure your city’s response team’s rugged devices are secure?
Posted by Gemma Randazzo
In an emergency first responders need to be focused on their number one priority – be it saving lives, protecting citizens and preventing crimes. Worrying about the security of the technology they have with them shouldn’t be of concern. In fact keeping onboard laptops and smartdevices that are the make-up of numerous fleet vehicles, such as police and fire vehicles secure shouldn’t even be a secondary thought. It should be simple and should just run in the background. With technology changing rapidly it is vital to ensure information that is sent to public servants, law enforcement officials and military personnel is secure. But while technology is changing rapidly it doesn’t mean that budgets are increasing to account for all these new devices or the changing climate of new threats.
Simple to use, simple to manage device management that protects the infrastructure of every city’s government is possible and in most cases requires very little in way of investment.
What should a city or government entity look for in a mobile device solution?
- 802.11 provisioning with industry standard encryption and authentication protocols
- Access Point (AP) detection and reporting with various IDS-oriented enhancements to assist with identification, alerting, monitoring and reporting of potential threats and a holistic view into the state of the agency’s security
- Ability to remotely manage configurations and updates of all Access Points across a city from one location
- Encryption of all communication channels and database encryption
- Device location mapping; enabling the lock down and wiping of devices when needed
- Push down all device software updates over the air without the need to physically bring in critical devices that are needed 24/7. Industrial laptops are powerful tools but they can be rendered virtually useless in an emergency if they are not kept up-to-date. Push down a security patch from a central location and save critical time and money
- Device management that doesn’t take up valuable bandwidth. Send out a software package in seconds without it hindering GPRS that is being used not only to update software applications but basic data communications with officers and firefighters out in the field
- Security for all wireless data transmissions that includes a seamless handoff between the various wireless network infrastructures in operation
Remember you don’t need to buy the latest and greatest device with the pretense that because it’s newer it’s going to be more secure. By making simple IT infrastructure changes using existing devices it is more than possible to stick to the budget without sacrificing security. A simple to use centralized mobile device management solution that plans, deploys, secures, monitors and maintains enhances the reliability and security of the tools first responders need to use.
It started with a simple $5 wristband in November 2011; Let’s Create Jobs for USA was founded with a $5 million contribution from Starbucks and a promise to create jobs for the American people. I vividly remember purchasing my wristband when they went on sale (ironically I was in the company’s hometown of Seattle). As someone who lives in a state that’s seen substantial unemployment, I was eager to play a small part in launching the movement.
As part of my weekly Starbucks visits (I won’t admit to a daily addiction), I recently noticed that they’ve taken this movement one step further by assisting small businesses on the technology payment front through a payment processing option called Square Mobile Card Readers.
Available in every company operated Starbucks store in the United States, “Square’s Mobile Card Reader with the free app, Square Register, enables anyone to easily accept credit cards so individuals and business can connect with customers anywhere their business takes them.” This simple tech attaches to an iOS or Android device and enables any size business to accept credit and debit cards. According to Starbucks roughly two-thirds of the 27 million small businesses in the United States do not currently accept credit or debit payment due to expensive processing fees and extensive applications. Think of the potential this small mobile card reader can bring to a small business and talk about a low investment – these card readers cost only $10 and come with a $10 rebate!
Say what you will about fancy and expensive coffees, but this is a highly effective tool that allows small businesses to generate new ways for income. Having said that, I won’t lie that my second thought was PCI compliance and keeping those devices secure. Any mobile device, be it rugged or consumer, has the capability to suffer a security breach. Add additional devices to your network and you further increase the importance of keeping them not only secure but maintaining peak performance. A Mobile Device Management (MDM) solution therefore still provides substantial value to any business whether you have two or three devices or two or three thousand devices.
For small business owners, a MDM solution that you manage in the Cloud is a perfect way to ensure devices are not only secure, but configured and managed from an easy-to-use console and without the need to purchase servers or an entire IT department. With MDM you also get the capability to lock down these consumer devices if they go missing and immediately protect them by securing and wiping confidential data. You even have the power to detect foreign devices entering your network and define specific parameters that your device(s) can be utilized in.
In closing, while we look at new ways to add jobs let’s not forget the critical nature of protecting the devices that come with them.
Posted by Gemma Randazzo
I recently read that logistics are as essential to the “holiday season as the Christmas tree and the Menorah.” I don’t think I need to do too much convincing at this time of the year for you to appreciate just how true that is. Just open your inbox and you are immediately reminded that if you want your holiday packages delivered before the festivities you better get a move on. As I write this an array of “final hours” emails bombard my inbox.
According to eMarketer “online shoppers in the United States will spend $54.47 billion this holiday season, up 16.8% from $46.63 billion last year.” That is a staggering number and only accounts for one country. It is easy to see why companies like Amazon are expanding fulfillment centers and opening a new 1-million square foot facility (yes, 1 million square feet) in Washington State. With the trend of online shopping only growing, fulfillment centers around the globe will continue to see their business models change to reflect that of the online consumer. Today’s online consumer appreciates the diverse number of stores they can purchase from without leaving home and driving several miles, but it also means that the instant in-store gratification is no longer there. Just because it isn’t there doesn’t mean consumers don’t still want it and for instant gratification you need logistics.
Transportation and logistics companies get items where they need to be as quickly as possible. To minimize hiccups a vital part of this process is managing the hand-held devices that get the packages to your doorstep. From the warehouse where the items are picked, packaged and shipping labels are then printed, to the logistics company picking up the package, scanning the label and then flying and/or driving it to where it needs to go. The whole time this package is tracked using a hand-held device so you can monitor its progress. If a device goes down or experiences a malfunction you aren’t going to care because you just want your package. But to businesses managing these devices is a critical component of their job after all customer satisfaction is number one. A total mobile device management effectively keeps these devices secure and up and running from anywhere in the world. In any given day there are many different “fires” for businesses to put out and with a reliable device management solution, managing and tracking all their hand-held devices is one less “fire” they need to worry about.
And with that I must go – someone changed their mind on which of the latest video games they wanted and to avoid rush-shipping charges I need to hit purchase.
Posted by Brandon Hill
I came across this article thanks to the Enterprise Mobility Forums Twitter feed, and wanted to share it with you all. The article comes from InformationWeek, and discusses a few interesting topics that are very applicable to our space. There are a couple of things it highlights that I’d like to point out, and urge you to read the rest and tell us what jumps out at you. Onto the article…
First, that with the emergence of enterprise-level smartphone use, it’s becoming increasingly important for an enterprises strategy to incorporate a vender agnostic approach.
“An important outcome of this trend is that a majority of the workforce, not just the top executives, will have mobile access and will expect access to more than email. This will require businesses to change their application, development, and services strategies…”
The other item that I found particularly well put, was the summary/idea of enterprise mobility management. The author has done a great job in defining it as the next generation of mobile device management; one that incorporates new mobility and traditional aspects of MDM such as security and application management.
“[Enterprise Mobility Management] is a combination of mobile device management, security management, applications management, and services and expense management.”
Check out the complete article and tell us what you think!
Posted by Brandon Hill
Quick post today. Things are abuzz after we moved offices. Now that I’ve finally unpacked, I can share a good read with you that I came across this morning on PCI and the newest compliance standards, which are set to take effect tomorrow.
It’s a pretty comprehensive rundown and touches on some good information. Have a look and tell us what you think. Were you aware that these changes were set to take effect?
And since I mentioned we moved offices, I figured I’d send along a couple of photos of the new place!
Posted by Brandon Hill
I was reading an article today and I thought it had some great information on data breaches and overall security issues. The article highlights some findings from a study conducted by Verizon Business and the United States Secret Service. Some of the more interesting bits were the drop in breaches from 2008 to 2009, and the drop in prices for stolen data on the black market.
The piece also presents a bit of a conundrum with properly securing your ecosystem. It attributes most security breaches to easily fixed problems. To quote, “Specifically, 85% of attacks were not considered to be highly difficult, 86% of victims had evidence of the breach in their log files, and 96% of breaches were avoidable through simple or intermediate controls.” However, with the strict level that companies are held to with maintaining secure and sensitive data, can enterprises ever be too safe when taking measures to avoid compromising data?