PCI SECURITY STANDARDS COUNCIL PROVIDES GUIDANCE TO MERCHANTS ON MOBILE PAYMENT ACCEPTANCE SECURITY

- Customized fact sheet offers tips for leveraging PCI Standards to accept mobile payments securely –

WAKEFIELD, Mass., May 16, 2012—The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today published a customized fact sheet outlining how merchants can securely accept payments using mobile devices such as smartphones or tablets.

The At a Glance: Mobile Payment Acceptance Security fact sheet provides merchants with actionable recommendations on partnering with a Point-to-Point Encryption (P2PE) solution provider to securely accept payments and meet their PCI DSS compliance obligations.

The ability to use smartphones and tablets as point-of-sale terminals to accept payments in place of traditional hardware terminals offers great flexibility. As mobile technology continues to change at a rapid pace, the Council continues to work with the industry to ensure data security remains at the forefront of mobile evolution.

This latest educational resource is the product of the Council’s Mobile Working Group and is the result of valuable input from leading merchants, vendors and organizations actively involved in the mobile payment acceptance industry. The document helps clarify and distill some of the more complex technology and security terminology into straightforward, practical guidance that can help merchants to:

· Better understand their responsibilities under PCI DSS, and how they translate to mobile payment acceptance

· Leverage the benefits of the Council’s recently published Point-to-Point Encryption (P2PE) standard and program

· Choose a mobile payment acceptance solution that complements the merchant’s PCI DSS responsibilities, for example a P2PE solution provider

The fact sheet also draws on recent updates made to the PIN Transaction Security (PTS) Requirements at the end of 2011, creating the foundation for data security in mobile payment acceptance.

Using this resource to guide them in how PTS and P2PE standards work together, merchants can better understand how to securely use external plug-in devices with smartphones or tablets to accept payment cards by first encrypting and securing the data at the point that the account data is captured. The smartphone or tablet has no ability to decrypt the data, thus simplifying PCI DSS scope for the merchant.

“We know merchants are eager to take advantage of their existing smartphones or tablets to accept payment cards,” said Bob Russo, general manager, PCI Security Standards Council. “And the Council and its stakeholders want to help the market to do this in a secure way. We’re excited about this easy-to-use reference that will help merchants understand how to use the suite of PCI Standards to enable their businesses while still keeping data security top of mind.”

As with all SSC fact sheets, this guidance does not replace or supersede any of the PCI Standards. The Council continues to work with the payments community to address mobile payment acceptance security and evaluate whether additional requirements are needed in this area. As part of this ongoing initiative, the Council plans to publish best practices for securing mobile transactions later this year.

“The PTS and P2PE standards are being leveraged by mobile solution providers today. With this fact sheet we hope to help merchants understand how these standards work and the options that are available to them for accepting mobile payments in a secure

and PCI DSS compliant manner,” said Troy Leach, chief technology officer, PCI Security Standards Council.

PCI Standards and mobile payment acceptance security will be a topic of discussion at the Council’s Annual Community Meetings scheduled for September 12-14 in Orlando, Florida and October 22-24 in Dublin, Ireland. For more information, please visit: https://www.pcisecuritystandards.org/communitymeeting/2012/.

Click to Tweet: PCI Council Releases Guidance for Merchants on Mobile

About the PCI Security Standards Council

The PCI Security Standards Council is an open global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has over 600 Participating Organizations representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit: http://pcisecuritystandards.org

Connect with the PCI Council on LinkedIn: http://www.linkedin.com/company/pci-security-standards-council

Join the conversation on Twitter: http://twitter.com/#!/PCISSC

7-Eleven Inc. intends to add 630 new branded convenience stores to its U.S. and Canada roster before yearend 2012. Most of these new locations were acquired or transitioned from another brand. So far in 2102, 7-Eleven acquired 55 locations from Sam’s Mart in the Carolinas and 51 from ExxonMobil in North Texas.

Jacksonville, Fla., and Charlotte, N.C. are two new markets being re-opened where 7-Eleven previously had operated stores until the 1980s. The company previously announced plans to grow its 20-store presence in Manhattan to 135 units by 2017.

Based in Dallas, 7-Eleven operates, franchises or licenses more than 9,200 7-Eleven stores in North America. Globally, there are approximately 46,400 7-Eleven stores in 16 countries. During 2011, 7-Eleven stores worldwide generated total sales close to $76.6 billion. <<…>>

ExxonMobil will soon announce their new cross-promotion vendor for its upcoming loyalty program, “return and earn,” according to CSP Daily News. Marketers and Jobbers attending a recent brand meeting with the refiner in Texas said company executives declined to name the supplier, saying that an announcement would come “soon.” <<…>>

Join us at the 6th Annual Mobile Banking and Commerce Summit, June 10-12 at the Westin St. Francis in San Francisco.

Get a $200 discount to the conference when you use this discount code during registration: SPEX200

Details at http://www.americanbanker.com/conferences/mobile/

Natural-gas pipeline operator Energy Transfer Partners (ETP) could fetch up to $1.8 billion for the 4,900 gasoline stations it acquired by default when it bought Sunoco last month in a $5.3 billion deal, according to a Wall Street Journal report. Marathon Petroleum, Couche-Tard, Global Partners are the most likely buyers when the retail assets are sold.

Most analysts believe ETP bought Sunoco for the 7,900 miles of oil and refined fuel pipelines it operates. <<…>>

One of my start-up clients recently closed their doors after running out of cash, leaving employees without final paychecks and hard-working vendors holding the bag with unpaid invoices. Investors had pumped nearly a million dollars in cash and in-kind services into the venture, which had developed a promising technology platform.

The principals in the start-up spent their investors’ money in ways which certainly would raise eyebrows even in established, profitable companies. There’s a lesson here for anyone contemplating investing, working with, or supplying services to a new venture. “Control parties of a start-up are considered to work in a fiduciary capacity on behalf of their investors and customers. The fiduciary duty carries with it the implication that funds will not be spent in an extravagant or unreasonable manner. In the 2012 review of this client’s credit card and travel expenses, extravagant meal, hotel and limousine costs were noted, and personal costs which were not reimbursed by the employee were also noted on hotel bills. This continues to be a pervasive issue for control parties of start-ups.”

If you’re considering investing in or going to work for a new venture, look closely at the culture of spending – by both the company as well as the personal habits of the persons controlling the purse strings. Demand accountability and controls over “lifestyle spending” not directly driving corporate goals. Your money and time may be spent on trinkets and bravado that have nothing to do with building a profitable company.

While working with Walmart executives and vendors on various marketing initiatives from 2006 to 2009, I learned how much money is wasted by their competitors simply by observing the Walmart corporate culture of squeezing the most out of a dollar, while passing the savings onto customers and investors. A favorite story re-told to me about Sam Walton was about his policy of requiring associates to turn in old pencils before issuing a new one, if only to ensure the most life was squeezed from its graphite contents. While we might smirk about the pencil story, it is a lesson worth considering if you’re involved with a start-up.

"We’re now in a position to restore this wonderful venue to its past glory," said Tom Sayles, USC senior vice president for university relations on gaining control of the 88-year old Los Angeles Coliseum until 2054.

It’s inevitable and its coming soon… Our skunk-works intelligence tells us Facebook will soon be offering a premium paid subscription service that could be dubbed “Facebook Prime”.

In addition to the usual benefits of ad-free pages, additional storage, enhanced video playback options, and exclusive “prime-only” services, it is believed the new Facebook Prime will offer cloud-based back up storage of music, photos, and files.

If only 10% of current Facebook users subscribed at an estimated $3/month, it would generate over $2 billion in annualized revenue.

Fees for Facebook Business pages:

GM announced yesterday it is dropping its ads on Facebook while boasting about the value the “free” business pages brings to the GM brand. Again, our skunk-works team tell us that Facebook is planning to start charging businesses subscription fees for maintaining a “fan” page sometime in the near future.  No word yet on what the fees will be, but expect it to be another serious profit center for Facebook.

We’ll keep you posted.

Paymetric Inc. announced today it has partnered with Velocitor Solutions, a software solutions firm specializing in mobile and wireless applications, to offer merchants with mobile sales forces, a solution to secure payment transactions from their mobile devices. The solution leverages Paymetric’s Data Intercept technology to tokenize payment card data that is captured by field sales representatives using Velocitor’s V.Mobile solution.

"Accepting payments from a mobile device and opening a new channel of commerce is quickly becoming a key component of our customer’s sales strategy," stated Asif Ramji, president & CEO of Paymetric. "Our Data Intercept solution captures credit card information as early in the workflow as possible. And it’s our ongoing mission to offer our customers with solutions that align with their business strategy." Data Intercept for Mobile tokenizes cardholder data directly from the Velocitor V.Mobile solution and ensures that cardholder data never enters the merchant’s back-end systems or applications. Instead, merchants only store tokens, drastically reducing their PCI DSS footprint and increasing data security.

"We pride ourselves on providing customers with the tools they need to create a tokenization layer around their Enterprise; being able to deliver a solution that extends to mobile provides tremendous value both in terms of PCI mitigation and data security," says Cameron Balash, senior vice president, sales and business development at Paymetric. "We are excited to partner with such a proven player in the mobile space to deliver this cutting-edge solution."

V.Mobile enables Field Service companies to maximize revenue, create a more efficient way to deploy their service force, and lower operating costs. The application resides on a mobile device and features mobile dispatch, DOT compliant vehicle inspection and mileage reporting, real-time inventory management, turn-by-turn directions, Automatic Vehicle Location (AVL), service history, scheduling and payment processing. The solution can be highly customized and gives organizations the necessary tools to remain competitive while controlling costs and providing better customer service.

"Velocitor’s history in the mobile solutions industry combined with Paymetric’s knowledge of payment card security makes us a great match for delivering a solution for processing transactions securely via mobile devices to the market," says Shawn Flemming, chief operating officer of Velocitor Solutions. "In the wake of recent high-profile breaches, there is increasing attention being paid to improving data security amongst our clients. Data Intercept for Mobile allows us to add value to our V.Mobile field service solution and ensures we are providing an offering that fits with the direction of our client’s business, while giving them additional piece of mind."

Paymetric is unveiling Data Intercept for Mobile at SAP(R)’s SAPPHIRE NOW show and ASUG’s Annual Conference in Orlando, FL.

According to Bloomberg, Apple will be unveiling its new lineup of thinner MacBook Pros on June 11 at WWDC, the company’s annual developer conference.