POSDATA

Control Solutions Announces Company Name Change

Control Solutions, Inc. announced today that it will be named POSDATA Group, Inc., effective immediately. The name change is part of a re-branding initiative and corporate restructuring.

“The rebranding will allow us to better leverage our marketing efforts and create a greater impact on the market” said Jeffrey Creighton, company President.  “All parts of the business will now go to market as POSDATA Group as we emphasize our leadership position in providing a full range of transaction processing technologies.”

The automatic identification, mobile computing and wireless networking part of the company, previously doing business as Compsee, will operate now as POSDATA Group – AIDC.

Bill McCubbins, Executive Vice President, will be responsible for managing sales of all product lines.   In addition to AIDC products, POSDATA Group markets payment systems and devices, managed services such as logistics, deployment and key injection, and mobile software solutions for field data collection.

The name change will be phased in across all aspects of the business in the relatively near future.

About POSDATA Group

POSDATA Group is a leading payment systems distributor as well as a nationwide AIDC VAR and integrator.

POSDATA Group provides AIDC, mobile computing and RF systems, labeling systems and data collection solutions for a variety of markets, including manufacturing, distribution, transportation, retail, construction and healthcare.

POSDATA Group is also the most knowledgeable and trusted distributor of payment systems and devices in the United States, with full key injection and deployment capabilities.

—-

A downloadable version of this press release is available here.

For inquiries, contact Mike Kapp
POSDATA Group, Inc.
1-800-852-3282
mike.kapp@posdata.com

Managing the Rollout and Repair of Payment Devices for Fitness Centers

Case Study Industry Focus: Fitness & Health Clubs

Over 50 million people across the United States are members of a local fitness center. Since no fitness center is free (that we’ve heard of!), that means over 50 million payments transactions happen on a regular basis on gym payment devices. Considering that many fitness centers are franchises with thousands of locations country-wide, it is highly important that member data is kept secure company-wide and that payment devices are standardized at all locations.

2015 was the year when forces combined to demand a transition away from magnetic-stripe cards to cards equipped with EMV technology (“Europay, MasterCard, Visa). These cards come with a small computer chip that drastically increases security. As of October 2015, businesses that don’t have an EMV processing device could be held liable for fraudulent card transactions originating from their business. Like many industries, the fitness & health club industry has been scrambling to work with payment solution providers like POSDATA to ensure large-scale EMV transitions are handled professionally and efficiently.

Case Study: The Problem

Every fitness center across the United States needs to accept payment information from their members. Not only does payment information have to be handled securely on-site, but recurring membership dues often are managed by an in-house software solution. With changes in EMV technologies and the 2015 liability shift, it became more important than ever that the software solutions gyms use company-wide are standardized and secure.

While some of this liability falls on the gyms themselves, the impact is felt just as strongly by the companies distributing software and payment technologies to gyms across the United States. In 2014, a software developer and major distributor of software/payment technologies to gyms foresaw the impending changes in EMV requirements. They alerted their standard supplier of payment devices that all future payment devices would need to be upgraded to meet EMV requirements. The payment solutions supplier was happy to sell them more units, but realized that this corporate-wide rollout of thousands of payment devices would require a managed services supplier to oversee the rollout and handle ongoing repair issues.

Case Study: The Solution

POSDATA Group’s technology prowess and ability to handle security solutions at scale made them the ideal partner to manage this operation. As a managed services provider, the first task was to stage thousands of new payment technology units and standardize them for use across all fitness center locations. Units had to be pre-configured and prepared in a way that made them usable right out of the box. Each payment device was loaded with the point-to-point keys and the pin encryption key that met the new EMV requirements. The appropriate cable and power supplies were combined with the solution and shipped to each individual destination. Once the units were prepared, they were placed in a unit pool awaiting a Purchase Order. Upon receipt of the Purchase Order, the units are packaged and shipped directly to the gym from POSDATA’s centrally located facility in Louisville, Kentucky.

Equally important, POSDATA offers an advance exchange program to facilitate ongoing device repairs. The POSDATA team set up an online portal that can receive information on any faulty device. If a payment device at any of the gyms nationwide experiences an outage, POSDATA is alerted via the online portal and immediately ships a functional device to the gym from the asset pool. The gym receives the new device and ships the faulty unit back to POSDATA in the same box. Upon receipt of the faulty unit, POSDATA’s tech team repairs the unit if possible and puts it back into the asset pool for eventually distribution back to a gym. This advance exchange system minimizes downtime and is very cost-effective for all parties.

As a longstanding leader in the payment services industry, POSDATA Group has evolved over the years to be able to easily accommodate requests of any volume from our clients.


 

This article originally appeared in a PDF case study. Download it here.
© POSDATA GROUP 2016

Meeting EMV Requirements in the Hospitality Industry

Half of credit card fraud happens in the United States, often as a  direct result of magnetic-stripe cards that are easy to counterfeit or steal data from. 2015 was the year when forces combined to demand a transition away from magnetic-stripe cards to cards equipped with EMV technology (“Europay, MasterCard, Visa). These cards come with a small computer chip that drastically increases security. As of October 2015, businesses that don’t have an EMV processing device could be held liable for fraudulent card transactions originating from their business. Few industries are unaffected by this liability shift, and as a result there has been a scramble to work with payment solution providers like POSDATA to ensure large-scale EMV transitions are handled professionally and efficiently.

Case Study: The Problem

In the hospitality industry, every business decision centers on providing first-class, personalized service to every guest. Part of this first-class service is ensuring the security of all guests. In October of 2014, a major provider of hospitality property management software systems realized they would need to adapt to the heightened EMV requirements to ensure the users of their software (hotels & spas) were keeping their guests’ payment information secure. The provider began with a full review of the payment systems that interacted with the technologies they provided to their clients. The review revealed numerous improvements that would need to be made in the systems they installed at hotels and spas nationwide. Unlike a small business that could quickly replace just a few aging POS systems, the provider was looking at a large-scale upgrade for nearly 2000 different properties.

The provider first turned to Ingenico for assistance in the migration to EMV-compatible systems. Ingenico advised them that a third party payment solution specialist would be critical in overseeing the successful configuration and deployment of such a high quantity of terminals. They recommended POSDATA as their third party solutions provider because of a history of excellence in being knowledgeable, consultative and perfective in the rollout and ongoing management of payment technologies.

Case Study: The Solution

It was critical the new payment terminals being deployed to the locations were standardized company-wide and pre-configured to operate perfectly right out of the box. POSDATA provided custom-configuration, staging and deployment of the terminals straight from their Louisville, Kentucky headquarters. Each device was loaded with the point-to-point keys and the pin encryption key. The appropriate cable and power supplies were combined with the solution and shipped to each individual destination.

Equally important, POSDATA offered ongoing managed services for these end users. Now whenever a property needs to purchase new devices or repair their existing payment terminals, they can call POSDATA directly to handle everything. POSDATA is able to recommend the ideal combination of payment technologies for each location, all while ensuring all EMV requirements are taken in account and built into the final solution.

As a longstanding leader in the payment services industry, POSDATA has evolved over the years to be able to easily accommodate both high and low-volume requests of our clients. We are proud of our ability to manage so many moving pieces and keep our clients happy and secure.


The preceding article is available as a printable case study. Access it here.

Setting Up Your EMV Payment Solution

Business owners, card issuers and payment processors throughout the United States are now in the process of switching over to EMV. Despite plenty of time to prepare, there are ongoing reports that the transition process has been very rocky and US merchants as a whole are not prepared. Many businesses are being pressured into a quick EMV solution that doesn’t take into consideration their specific need.

EMV technology was designed to authenticate cards at card-present payment terminals. It helps to prevent the use of fraudulent cards in stores better than traditional magnetic stripe cards. However, EMV is not 100% secure nor was it designed as a security method to protect the merchant’s payment environment. This means that a well-constructed EMV solution requires the use of layered security to protect sensitive cardholder data, including:

P2PE.All card data should be encrypted from the time it is keyed, swiped, tapped or inserted. Merchants should use a device that encrypts at the point a payment terminal interacts with a card or mobile wallet so that no payment information is ever in the clear and at risk of being stolen by a savvy hacker. This shrinks the merchant’s cardholder data environment to the secure device level, reducing much of the merchant’s breach profile and their PCI DSS scope along with it—something that EMV alone can’t do.

Tokenization. All card data should be removed from the merchant environment and placed under the protection of an organization that considers the security of their merchant customers’ payment processing its primary job. To do this, merchants must adopt a security- or storage-based tokenization solution, which replaces sensitive cardholder data with non-decryptable information that is meaningless to all but a select few. This differs from emerging “payment token” solutions, such as those offered by mobile wallets, by providing security for merchant systems, not just individual consumers.

EMV. EMV has merit for authenticating card-present transactions. Still, merchants should implement EMV in a strategic fashion, making sure to add the layered security of P2PE and tokenization to protect their customers’ payment information from data thieves by removing that sensitive data from the merchant environment entirely.

Though big undertakings such as the transition to EMV can be confusing, merchants must not be pressured into a quick solution that doesn’t meet their specific needs. Instead, they should take the time necessary to implement EMV as a step in the path to true security, not as a security solution in and of itself.

By layering EMV with the security of P2PE and tokenization, merchants can better authenticate cards used at card-present payment terminals, with the added bonus of securing that card data throughout the transaction process and within their systems and networks. This will ensure that their environment – and their customers’ payment information – is protected against the attacks of hackers.


POSDATA is your trusted source in the transition to EMV. We advise organizations of all sizes on payment processes and products. To learn more, Contact Us.

Credit Card Issuers Not Prepared for EMV

In a September 30 press release, Mastercard says that only 40% of their issued cards have chips for EMV.

While this press release is intended to put a positive light on the transition to cards featuring EMV chip technology, the reality is that there is a long way to go to get consumer credit cards transitioned over. With October 1 as the official liability shift deadline, there are some very concerning signs in regards to the slow adoption of EMV technology in the United States:

  1. Last minute rule changes by the Debit Network Association has delayed development efforts and caused solution providers to have to update systems already deployed.
  2. No one can accept Contactless EMV until 4/16
  3. Only 27% of merchants will be able to accept EMV cards this October. Various sources quote 40% by year end, but this is a lofty goal considering that retailers are very unlikely to roll out new devices and software during the holiday period.

 

Here’s the full press release:

Purchase, NY, September 30, 2015 — With just hours before the October 1 liability shift, new data from MasterCard reveals that 40 percent of all U.S. MasterCard-branded consumer credit cards feature EMV chip technology. According to a Payments Security Task Force forecast announced earlier today, the number of chip cards in the U.S. will grow to 60 percent by the end of this year, expanding to 98 percent by the end of 2017. “The data proves that the shift to chip in the U.S. is a reality. We’re incredibly encouraged by the tremendous progress across the industry, knowing that consumers are ultimately the ones who will win,” said Chris McWilton, president, North America Markets, MasterCard. Not only are consumers beginning to carry chip cards in their wallets, but they are also able to use them at more and more merchants around the country. The company reported tens of millions of chip transactions in September alone at the more than 350,000 national merchant locations accepting the new cards.

One-quarter (26 percent) of national and regional merchants – stores and restaurants with multiple locations – have started to accept chip cards.

“Consumers are ready for the new chip cards. In fact, 75 percent of cardholders agree the increased security of the chip cards greatly reduces the ability for thieves to copy or use their cards for unauthorized purchases,” said McWilton.

About MasterCard

MasterCard (NYSE: MA), www.mastercard.com, is a technology company in the global payments industry. We operate the world’s fastest payments processing network, connecting consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. MasterCard’s products and solutions make everyday commerce activities – such as shopping, traveling, running a business and managing finances – easier, more secure and more efficient for everyone.

Read more

Additional information

EMV Liability Shift Ebook

Most people do not understand the upcoming EMV Liability shift. With the deadline coming October 1, 2015, many merchants and service providers are ill-prepared for the potential consequences of this shift. Fortunately Ingenico has put together an important eBook outlining the EMV Liability shift, with a focus on:

  • What EMV is and the benefits it provides
  • What the EMV liability shift actually means
  • What the risks of not migrating to EMV are
  • How to initiate the EMV migration process for your business
  • How the EMV liability shift will impact specific stakeholders in different fraud scenarios

You can download the eBook at Ingenico’s site here.

EMV Updates: Summer 2015

As I interact with our dealer and reseller partners or sit in on sales calls with end users, questions consistently come up regarding EMV. Here are the latest EMV updates as of Summer 2015.

Do I still need to use P2P Encryption since I am moving to accepting EMV cards?

The answer to this one is definitely yes. A large portion of transactions will still have to be approved “on line”, meaning that account number information will still be being sent up to the host for authorization. Without P2P encryption to protect it, that account data is still at risk as it travels through the network. Allen Friedman, Director of Payment Solutions at Ingenico says “Linking EMV and encryption creates and effective shield against card fraud and data breeches. Both are necessary and they complement each other”.

A recent NY Times/ National Small Business Association survey of 675 small businesses found that …

  • 50 percent had been victims of hackers looking for Credit Card data.
  • 68 percent of those hacked, were hacked more than once.
  • Small businesses are being hacked at the same rate as large tier retailers, possibly higher as many incidents go undetected or unreported.
  • Average attack on a small business costs over $20, 000.

A Point to Point Encryption scheme in conjunction with EMV substantially reduces the possibility of account info being

What does the coming Liability Shift really mean to the retailer?

After the October 2015 shift, liability falls to the party using the least secure technology. AMEX, Master Card and Discover will hold the merchant liable for any counterfeit or stolen cards accepted if the merchant is using a Non EMV device.Visa for now exclude stolen cards and will hold the card Issuer liable.

To put this in perspective …

  • 25 percent of all transactions in the world take place in the US.
  • 50 percent of all credit card fraud occurs in the US.
  • Credit Card fraud has increased to represent 10 cents per every $100 transacted and is still growing.
  • 10 billion dollars in Credit Card fraud is expected in 2015. Up from 8.5 billion last year.

All this fraud is going to find it’s way to the least secure merchants as EMV is implemented.

A few of the payment industry’s experts have also weighed in on liability and security…

  • “Once the larger merchants adopt EMV, fraudsters will pick on the smaller guys unless or until they have migrated” – First Data Merchant Services
  • “While many small merchants will say they are currently not expecting a lot of chargebacks from counterfeit cards, they should know that they will become a target once the liability shift occurs – unless EMV compliance has been achieved” – Vantiv
  • “At some point, consumers will strongly embrace EMV as the secure way to pay as seen in foreign visitors who are hesitant shop in US stores that do not have EMV” – First Data Merchant Services

I also often hear asked what the return on investment or the ROI is for spending all this time and money. The simple answer is that there is not a simple answer. True, the liability shift is not a mandate and EMV is not mandatory to be PCI compliant. Also true is that many merchants do not see much fraud given the nature of their business or that the number of chargebacks a merchant is seeing today can be used as an indicator of future fraud activity. The fact that there seems to be little incentive in the form of lower processing fees is no help either, but think of it this way:

  • Security standards are changing more rapidly and the crooks are getting smarter. Those old PCI 1 and 2 devices that you have may not be secure enough to fend off today’s attacks on their own. Keeping up with changing technology is part of the ”cost of doing business”. It’s not just EMV that’s bringing on these changes.
  • Data breaches are increasing rapidly in the US and EMV paired with a P2P encryption solution and PCI mandated networking standards will make you more hacker proof and they will focus on less difficult targets. Bear in mind that the liability for data breaches is already something that the merchant is liable for already and a breach could stop a merchant’s ability to accept credit or debit payments.
  • Once EMV is up and running, stealing card data is less attractive and counterfeit cards will be more difficult to use. This benefits all merchants in the long run.

Something else to consider is the risk level going forward as certain merchants are more exposed to fraud by the nature of their business and how prepared they are. Is the merchant…

  • Dealing in a vertical that sells goods that often get returned for cash, sold on the street or sells gift cards?
  • Located in a transient area such as tourist destination, near a major highway or high traffic area?
  • One that has a large number of employees that handle credit cards and also has high employee turnover?

If so, it makes good sense to be as protected as possible.


I hope that this information helps as you speak to your customers about their upgrade plans. If you have any questions, please contact me (Bryan Jackson at this email or 972-514-4236) or your PosData Business Development Manager. We are more than happy to help.

How POSDATA Simplifies the Payments Industry

The payments industry is often very complex and confusing. Choosing the best payment product, ensuring proper encryption of payment devices, and understanding PCI compliance issues can be a Herculean task. Having a well-informed partner who understands industry complexities and can help VARs serve their end users is the mission and purpose of POSDATA.

If you are unfamiliar with POSDATA, here are ten key points about our credentials and how our expertise takes the mystery out of payment terminals for our channel partners and their customers.

  1. POSDATA’s total focus is on payments and supporting the channel and their customers with their payment requirements
  2. POSDATA is not a box mover of other types of POS or Auto ID products. We are a value-added distribution company specifically focused on the payment industry
    • POSDATA sales and support organization work hand and hand with our channel partners and their customers to help select the right payment product for their specific retail application
  3. POSDATA Sales and Support Team have over 100 combined years of experience in the payments industry
  4. POSDATA Provides end to end technical support to the channel and their customers with regards to the integration of payment products
    • POSDATA Sales Engineers have expertise in EMV, P2P, Government WIC programs by state, PA-DSS 3.x, Firmware & File loading
  5. POSDATA, for over 20 years, has been a PCI Compliant Encryption Service Organization
    • POSDATA adheres strictly to all PCI PIN and TR-39 guidelines
    • POSDATA is audited several times a year by both internal and external auditors
  6. POSDATA is a VISA® registered Encryption Service Organization with sponsorship by one of the largest VISA members in the Debit Networks
  7. POSDATA has one of the largest selections of PIN encryption debit key libraries available in the industry
    • POSDATA offers end-to-end card read encryptions and PIN PAD encryption/injection
    • From 3DES (TDES) and remote key injection to tokenization POSDATA works closely with its channel partners and our terminal OEM’s to provide the channel and their clients with the latest encryption solutions
  8. POSDATA carries inventory for all the major payment terminal OEM including accessories such as stands, cables, stylus, and power supplies.
  9. POSDATA works with its channel to provide inventory management programs, deployments to specific multiple locations based on a specific installation timeline, and on-site installation services
    • All services are carried out in POSDATA’s 50,000 sq. ft. facility located next to the UPS’s major hub located at the Louisville, KY International Airport.
  10. POSDATA is an active member of the RSPA and services on their Data Security Payment Card Industry committee

GoChipCard.com Launches

We are pleased to share with our industry partners and consumers the excellent resource that is GoChipCard.com.

GoChipCard.com was created by the EMV Migration Forum and the Payments Security Task Force based on an industrywide commitment to provide easy-to-use and simple resources, and consistent messages about chip cards and their use. Its primary focus is for consumers, but the site has pages and resources devoted to merchants and issuers as well.

The site includes:

  • The EMV Migration Forum infographic published in December
  • The Recommended Communications Best Practices guide published in February
  • The sample statement and card carrier published in the Recommended Communications Best Practices guide

We encourage you to visit GoChipCard.com!