All posts by Lauren Richard

Connect with Paymetric at SAPPHIRE NOW

Connect with Paymetric next week in Orlando at SAP’s annual SAPPHIRE NOW and ASUG Annual Conference, May 7-9, 2019. An SAP Certified Partner, Paymetric provides integrated cloud solutions globally to streamline and simplify payment acceptance in the SAP Enterprise environment. Schedule a meeting with us in Booth #1808 to learn more.

Paymetric is now part of Worldpay, the world’s largest global payments provider. Together we deliver a fully integrated solution to handle your complex omnichannel Enterprise payments around the world.

On Tuesday, Callaway will be sharing how they unified their global payment processing to one consolidated platform that integrates with SAP seamlessly, improving work flows and customer experience. Learn why they chose to partner with Paymetric and Worldpay for one end to end payment solution. The small theater presentation is at 11:30am on May 7th on the show floor at Services and Support SE734. Learn more here.

Also in Orlando next week is the SAP CX LIVE event, May 7-8, 2019.  Worldpay is a silver sponsor and will be exhibiting in Booth 119.

xiverify banner

What are PCI Compliance Levels, Data Security Standards, and Audits?

PCI Compliance 101: Everything You Need to Know about PCI DSS Audits

You hear a lot about PCI compliance and data breaches in the news, but do you have what you need to pass a PCI DSS audit? And more importantly, do you actually have the technology in place to protect your organization and your customers’ data?

Here’s everything you need to know about PCI compliance levels and how you can safeguard your data against potential threats.

What is the PCI SSC?

The Payment Card Industry Security Council, or PCI SSC, is the organization that manages and decides the rules that govern security standards. This includes the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS).

What is a PCI compliance audit?

The PCI auditing process determines whether a business is compliant with PCI DSS. For larger merchants audits must be performed by a qualified security assessor or QSA. All other merchants are eligible to provide their PCI DSS compliance by completing a self-assessment questionnaire.

What are PCI compliance levels and what do they mean?

The amount of credit card transactions an organization processes each year determines its PCI Merchant Level:

Level 1 – Over 6 million transactions per year

Level 2 – 1 to 6 million transactions per year

Level 3 – 20,000 to 1 million transactions per year

Level 4 – Fewer than 20,00 transactions per year

Level 1 Merchants are required to pass a yearly, on-site audit by a QSA, as well as a network scan by an approved scanning vendor, or ASV. Meanwhile, Level 2, 3 and 4 of Merchants can complete a PCI DSS Self-Assessment Questionnaire and perform quarterly network security scans with an ASV.

The PCI DSS provides a full list of approved scanning vendors.

Who needs to have a PCI Audit?

The PCI DSS is intended for all organizations that process payments. Each of the PCI SSC’s founding payment brands (American Express, Discover, JCB International, MasterCard and Visa) determines their own PCI compliance programs that must be followed by affiliates.

Ultimately, the payment brand your organization does business with determines what you must do to achieve PCI compliance. A smaller business with smaller amounts of cardholder data and fewer payment systems will likely require less effort to achieve PCI DSS compliance than a large corporation with a variety of sales channels and systems.

What happens to organizations that don’t comply with the PCI DSS?

If a business violates PCI compliance, a payment brand may fine the company anywhere from $5,000 to $100,000 per month. It’s also likely that your affiliated bank will raise transaction fees or even terminate your relationship altogether.

Does PCI compliance mean that my organization’s data is secure?

You can pass a PCI audit and still experience a data breach. So, what’s the answer? Replacing credit card information with tokens or a surrogate value to ensure you’re protecting your customers’ data.

That’s where Paymetric’s XiIntercept™ solution comes in. With our data intercept solution, you can:

  • Capture card data as soon as possible in the workflow
  • Prevent exposure of unsecured cardholder data within your enterprise systems
  • Replace credit card number with tokens, rendering the data useless to thieves
  • Mitigate the risk of fees, fines, and legal costs associated with a data breach.

Contact a Paymetric representative today to find out how our payment solutions can help keep your data safe from hackers.

Navigating Secure SAP Payments with Paymetric

Last week Paymetric was an exhibitor and speaker at SAP’s SAPPHIRE NOW and ASUG Annual Conference in Orlando, Florida. Promoted as the most innovative cloud and business technology conference, SAP’s annual event is always jammed pack with exciting announcements, speakers and activities. 

A certified SAP partner, Paymetric was well represented at the event with a large booth and team of payment security professionals. Paymetric provides integrated solutions to secure and streamline payment acceptance through one unified payment platform. Certified integrations with SAP S/4 HANA fueled many new conversations during the event.

Additionally, Paymetric had two speaking sessions with long-time customers. Lenovo shared how they minimized PCI DSS compliance impact while reducing processing costs with Paymetric’s integrated payment solution. The following day, Vista Outdoor, the owner of well-known outdoor brands like CamelBak and Bell Helmet, shared their compliance journey, streamlining and securing enterprise commerce, reducing PCI scope and seamlessly integrating online ordering for numerous brands.

Driving even more conversations, Paymetric is now a Worldpay company delivering a fully managed secure payment service built to handle complex omnichannel enterprise payments.


 Check out Paymetric’s customer testimonials to learn more about how to integrate and secure enterprise commerce.


Don’t Become the Next Major Data Breach—Here’s How to Secure Your Organization

We’re only a few months into 2018, and already more major data breaches are coming to light. A security research company recently discovered that hundreds of thousands of FedEx customers’ passports, driver’s licenses, and other identifying information were left unsecure and exposed.

A Close Call for FedEx

The data comes from FedEx Crossborder, a branch of the company that was closed in 2017, but according to ZDNet, FedEx is only partly to blame. The breach originates from a company named Bongo International. In 2014, FedEx purchased Bongo International and rebranded it as FedEx CrossBorder. Bongo’s data was stored on an unsecured Amazon S3 virtual server and included records from 2009 to 2012, making more than 100,000 sets of records vulnerable to cybercriminals.

Kromtech, a white hat research group, made the initial discovery and reported the breach to FedEx. According to FedEx spokesperson Jim McCluskey, FedEx was able to secure the information and they “found no indication that any information has been misappropriated.”

The Key to Keeping Your Data Secure

How can your organization avoid becoming the next corporate name making the news for not securing customer’s identifying data like FedEx or Equifax? The truth is that many security breaches are preventable, and one important way of safeguarding sensitive data is by investing in tokenization.

Tokenization is a security method that prevents data breaches by ensuring that credit card numbers, Social Security Numbers, and other sensitive information never traverses your organization’s system. Rather than allowing raw, unsecure information to enter your enterprise, when a field comes up for raw card number entry a tokenization solution will open a secure browser field, capture the number outside of the merchant’s ERP application, store it securely, and replace the raw data with a token.

These tokens act as surrogate values so that even if cyber thieves hack your data, the information is meaningless. Unlike encrypted credit card numbers, it’s impossible for hackers to reverse-engineer tokens. Meanwhile, the cardholder data is encrypted and stored, along with the encryption keys, in a secure, off-site location.

Not only does tokenization keep your data safer, it can also save you time and money when it comes to auditing. Tokenization can reduce the number of PCI compliance audit items by up to 60 percent. A payment environment that stores no raw Personal Account Number (PAN) information often qualifies for a Self Assessment Questionnaire (SAQ) C with only 139 questions, whereas payment systems that store sensitive data, even if encrypted, require an SAQ D with 326 questions.

Last but not least, tokenization not only protects your data—it protects your company’s reputation and your customers’ loyalty. According to the Ponemon Institute, a 2017 study revealed that the global average cost of a data breach is $3.6 million. This cost not only comes from fines and penalties, but also from a loss of valuable customers and brand value.

Is Your Data Safe from Breaches?

Make sure your sensitive data is secure with a solution from Paymetric, which was recently named a key global leader in tokenization. To learn more about our P2PE encryption solutions, contact a representative today.



Investing in Your Payment Processing System: Challenges & Opportunities

Can Automated Payments Cut Costs for Your Business?

Investing in a payment system is a big decision for any company, no matter how large or small. Transitioning from manual processing to an automatic system requires time and money. In addition to paperwork and employee training, you will also need to set aside time to implement and smooth out new processes.

On the surface, it may seem like investing in a payment processing system isn’t worth the hassle. But in the long run, automated processing systems save your company time, trouble and revenue.

The Costs of Manual Payment Processing

While investing in a new payment processing system may seem expensive, in the long run, the costs of manual payments are much higher. There are several ways your non-automated system may be leaking money and putting your business at risk.

  • Manual payment processing drains revenue by spending employees’ time. Whether customers pay by phone or by web portal, non-automated processing requires the time and attention of employees spanning multiple departments. This inefficiency wastes time for both employees and customers.
  • Non-automated systems leave more room for human error — and data breaches. Studies show that the leading cause of data breaches is employee error. With more employees doing manual payment processing, your business is more vulnerable to frauds, hackers and cyber thieves.
  • Companies that use manual systems struggle with PCI compliance. The PCI DSS mandates that any company that accepts credit card payments must follow strict guidelines to protect cardholder data. But companies that use manual systems often struggle to meet both customers’ and PCI DSS needs — especially when it comes to recurring payments. In the best-case scenario, a company without a secure place to store data wastes both customers’ and employees’ time by re-entering payment information each time a transaction is made. At worst, companies may store sensitive data in insecure databases that are both non-PCI compliant and susceptible to breaches.
  • The cost of a data breach far outweighs the benefits of a manual payment system. On average, companies spends $879,582 in damages after a data breach occurs — and that’s not including the additional $955, lost due to the disruption of operations. Add in a tarnished reputation and a loss of consumer trust, and it’s easy to see how manual payment processing could lead to major costs for your company.

How a Payment Processing System Pays Off

In the beginning, transitioning to an automated payment system may be a large investment. But between streamlined work processes and improved cash flow, you’ll be seeing big returns in no time.

  • Automated payment processing makes employees more efficient. When employees spend less time taking customer service calls, making manual data entries and jumping through the hoops of complicated work processes, they have time to complete more pressing tasks. You will be able to use your budget and your workers’ time more efficiently.
  • Instant account reconciliation means less fraud. Unlike manual payment processing, an automatic system makes account reconciliation immediate. That means fraudsters are detected more quickly and are less likely to get away with your customers’ money or information.
  • Payment processing systems increase cash flow. Using an automated payment system can dramatically speed up the settlement process — from 30 to more than 90 days for paper-based transactions, to just 24 to 72 hours for electronic .
  • Cardholder data is more secure and PCI-compliant, no matter how many payment methods you use. With a SAP-certified, PCI-compliant payment solution, your company can use a variety of payment entry points without ever sacrificing security or ease of payment. Whether your customers pay online, via mobile phone, through a calling center or at a brick-and-mortar location, raw cardholder data will be encrypted and will never enter your system.
  • An easier, quicker payment process means happier customers. An automated system makes payments easier than ever for your customers. It allows them to safely pay from nearly anywhere at any time, including via subscription payments.

How a Payment Processing System Paid Off for Arthrex

Before investing in a payment processing system, Athrex — a global medical device company — had a hectic accounts receivable department with a manual payment processing system that was error prone and struggled with PCI compliance.

Listen to our webcast to hear about how transitioning to Paymetric’s SAP-certified solutions helped Arthrex reduce costs and maximize investments in their Enterprise Resource Planning (ERP) system.

Want to Get More Out of Your Payment Processing System?

Is your company struggling with a manual payment system? Contact a Paymetric representative today to learn more about our SAP-certified, PCI-compliant payment solutions.

Don’t Miss Paymetric at Financials 2018

We go together like Payments and Security! Join us this Valentine’s day in Las Vegas for the Financials 2018 event. 

Paymetric will be exhibiting in Booth #110 at Financials 2018, February 12th-14th. Come meet with our ePayments experts to learn about how we can streamline and secure your enterprise payments within SAP. We’ll be handing out some sweet treats.

Schedule a meeting with us to learn about our latest innovations including our electronic invoice presentment and payment (EIPP) solution, BillPay and our newest solution, SecureLink, which enables secure electronic payments through a customer service chat session.

In addition to our new innovations, Paymetric is now a Worldpay Company, the world’s largest global payments provider and together, we deliver the only fully managed payment service built to handle complex omnichannel Enterprise payments. This means one partner for all your payments needs with streamlined PCI compliance and lower cost of acceptance. 

Mark your calendar and join us for our networking session on Tuesday February 13th from 2:45-3:15. We’ll be focused on simplifying the delivery and payment of invoices with electronic invoice presentment.

To sweeten the deal, schedule a time to meet and you’ll be entered to win an Apple iPad. We hope to see you in Vegas!

Asif Ramji, President and CEO of Paymetric wins the national EY Entrepreneur Of The Year Award

We’re honored to share the news that Asif Ramji, President and CEO of Paymetric, has been selected as the Financial Services winner in the national EY Entrepreneur Of The Year® 2017 program! As the world’s most prestigious business award, Entrepreneur of The Year has been at the forefront of identifying game changing business leaders for more than 30 years. The program has recognized the endeavors of exceptional men and women who create the products and services that keep our worldwide economy moving forward. The Entrepreneur of the Year includes programs in more than 140 cities and more than 60 countries worldwide. It is a very competitive award and is an incredible recognition. The program has honored the inspirational leadership of such entrepreneurs as Howard Schultz of Starbucks Coffee Company, John Mackey of Whole Foods Market Inc., Pierre Omidyar of eBay, Inc., Reid Hoffman and Jeff Weiner of LinkedIn Corporation and Mindy Grossman of HSN, Inc.

Can Electronic Billing Save Your Company Money?

As our world becomes increasingly digital, more companies than ever are making the transition from paper-based B2B billing to electronic invoicing presentment and payment (EIPP). That’s because compared to paper invoicing, EIPP is more efficient for employees and customers — saving businesses time, labor, and resources.

The benefits of EIPP are reduced errors, decreased costs, and improvements to your bottom line. However, changing the way you do business can be a difficult decision. Not sure if electronic invoicing is right for your company? The following advantages demonstrate how EIPP can change your business’ invoicing processes for the better.

More Timely Payments

EIPP makes paying bills easier for your customers, meaning they’ll be more likely to pay regularly and on time. This is especially true of EIPP systems that offer an easy-to-use, self-service online portal that is compatible with all devices, from computers and tablets to mobile phones. The right EIPP system makes paying bills in a timely manner more convenient than ever for your customers, thereby reducing overhead for account receivables.

Increased Efficiency

Electronic invoicing is more than just convenient for customers — it also makes your business more efficient, saving you time, money, and resources. Using an EIPP system streamlines tasks and work processes, automating many tasks that were previously manual. For that reason, managing invoices electronically not only minimizes the risk of human error, but also reduces DSO (days sales outstanding).

Enhanced Management

Managing your invoices electronically eliminates digging through files and paperwork, making it easy to keep track of current invoices as well as store and search for past invoices. Furthermore, EIPP allows you to track payments across all channels, schedule recurring payments, view account histories, and generate custom reports.

Easy Integration

Overhauling your invoicing processes may seem daunting, but choosing an adaptable EIPP system will help ease the transition. Some EIPP systems, such as Paymetric’s BillPay, integrate with your existing ERP or invoice systems so that switching to e-invoicing is smooth and seamless.

Secure Cloud-Based Processing

Many EIPP systems are cloud-based, meaning that invoices are processed on a secure, third-party server. Using a cloud-based invoicing program not only provides the benefit of real-time information, it also saves your company the cost of purchasing and maintaining an in-house server.

Interested in Electronic Invoicing?

If you’re ready to start reducing costs and streamlining your invoices, consider Paymetric BillPay. BillPay is a cloud-based electronic invoicing presentment and payment solution that is designed to securely process B2B invoices. To learn more about BillPay, and Paymetric’s security services, contact a representative today.

xiverify banner

Encryption vs. Tokenization

Whether your business is in retail, healthcare, education, or eCommerce, it’s essential to maintain compliance with payment card industry data security standards (PCI-DSS) and protect sensitive credit card information from data breaches. If you’ve been researching payment security for your business, you’ve likely come across the terms “encryption” and “tokenization.” Since these security options often go hand-in-hand, many people believe the terms are interchangeable. But in fact, encryption and tokenization are entirely different security measures, each with their own set of strengths and challenges. When it comes to protecting your customers’ private data, it’s important to know the difference so you can make informed decisions about payment processing security for your business.

How Tokenization Differs from Encryption

Put simply, encrypted data is when data is translated from its raw form into a code that can only be decrypted by authorized parties who hold the secret access key. In the event of a hack, encryption makes it extremely difficult for cyber thieves to decode and access the original clear-text data. Because encryption is a mathematical algorithm designed to be decoded, it’s not impossible to break. However, the stronger the algorithm used to create the code, the more difficult the key is to crack.

The strongest form of encryption is point-to-point encryption, or P2PE. With P2PE, data is encrypted on a card swipe terminal or PIN Entry Device (PED) as soon as a customers’ card is swiped, ensuring that no raw data enters the merchant’s system, and protecting information from the point of sale to its end destination. During this process, P2PE creates an individual key for each piece of data, meaning millions of keys to keep data safe.


While P2PE is a strong security measure, it is often combined with tokenization to create an even more powerful barrier against hackers. During the tokenization process, sensitive information is replaced by a random series of characters, called a token. Unlike mathematically coded encrypted information, tokens are made up of random numbers and characters — they have no mathematically decryptable pattern or algorithm.

Once tokenized, data is then stored in a token vault with a third-party cyber security agent. This vault stores both the token and the original payment data — which is encrypted for an extra layer of protection. The token vault is only accessible by the payment processor and the token can be safely reused for future payments.

In short, tokenization ensures that even if a hacker manages to access sensitive data in transit from the merchant to the payment processing company, the information is useless.

Which method is best for your company?

Because tokens have no value to hackers, it is a common misconception that tokenization is the safest method of protection for sensitive information captured within a merchant’s own systems. However, as you can see from the descriptions of each method, tokenization and P2PE are most powerful when used in tandem. While token vaults must still rely on encrypted code to keep sensitive data safe, encryption is reversible by design. Thus, the security of sensitive data must be strengthened by associating tokens to the encrypted code to provide a truly secure payment environment.

Above are just a few of the ways that encryption and tokenization can work together to help protect your company from data breaches and maintain PCI compliance. You can read more about the benefits of using P2PE coupled with a tokenization service provider here. To learn more about how Paymetric can help protect your business, contact a representative today.

Join us in Orlando for SAPPHIRE NOW and ASUG Annual Conference

Securing Electronic Payments is a Home Run!

Paymetric will be in Orlando May 16-18, 2017 for SAP’s SAPPHIRE NOW and ASUG’s Annual Conference in Booth #1359.

Come see how Paymetric is “hitting it out of the park” with their latest innovation – Paymetric BillPay. An e-invoicing solution to simplify the delivery and payment of invoices. The new solution gives your customers a convenient, secure, self-service portal to view and pay invoices.  

There is no shortage of fans for the Paymetric team. If you want to hear why our customers love us, come see Yeti Coolers share their SAP and Paymetric journey on Tuesday May 17th at 2pm in the ASUG HUB on the show floor. Yeti’s VP of IT will be sharing how they leveraged S4/HANAÒ and Paymetric’s cloud solution suite to streamline, secure and optimize payments in their enterprise and omni channels.

Paymetric will also be highlighted in SAP’s “Extend AR Processes to Customers and Partners Through the Cloud” presentation on Thursday May 18th at 4pm in the demo theater.

Skip the popcorn and cracker jacks and join Paymetric for cocktails in booth #1359 on Wednesday May 17th from 4pm to 6pm. A great opportunity to hear about Paymetric’s latest innovations and how they are securing enterprise commerce.

If you are in Orlando next week, be sure to stop by Paymetirc booth #1359 to be entered to win an Apple Watch Series 2.