All posts by Lauren Richard

How Paymetric BillPay Simplifies Electronic Delivery and Payment of Invoices in the Cloud

Paymetric’s New Enterprise Solution Provides Secure, Convenient Options for Delivering and Paying Invoices Online

By Bill Wied, SVP Product Development, Paymetric

We have just introduced a new enterprise solution that automates electronic invoice presentment and payment (EIPP). Paymetric BillPay was developed as part of our continued innovation for our expanding customer base of over thousands of brands. The solution simplifies how organizations deliver and receive payments of B2B invoices. Now our merchants can provide their customers the convenience of receiving and paying invoices online. The key benefits of Paymetric BillPay are that it speeds processing, saves organizations staffing time and reduces errors. These all have a positive impact to their bottom-line to help them streamline and secure electronic payments across the enterprise.  

How BillPay Works

Paymetric BillPay allows customers to view and pay invoices online using a self-service portal. The cloud-based  EIPP solution works with any ERP or invoice database and synchronizes with existing systems to reconcile and track payments across all payment channels. The automated process streamlines formerly manual tasks – which reduces DSO (days sales outstanding) and saves staff time and resources. It offers customers the convenience of scheduling payments or paying in installments and provides online access to view account history and generate custom reports.

Paymetric has built its success by providing enterprise secure electronic payment options. As an SAP®-certified partner, an Oracle validated partner and a recognized industry leader in secure electronic payment solutions in the enterprise, Paymetric BillPay is a natural extension that helps our customers streamline processes, secure electronic payments and make a difference to their bottom line.  For more information, visit our website or:

  • Watch how Paymetric BillPay works in the Enterprise
  • Follow Paymetric on Twitter @paymetric

Industry Experts Share Best Practices on Enterprise Integrated Payments at Regional Events around the U.S.

Paymetric is excited to announce a series of Regional Events around Enterprise Integrated Payments and key issues that are top of mind for IT, Security, and Finance leaders. The most recent event was in Boston at the Harvard Faculty Club. The primary focus was how companies are able to achieve efficiencies by lowering payment processing costs while improving customer service excellence through-out the order to cash cycle. Other areas covered included best practices on securing cardholder data and how this helped reduce PCI scope resulting in savings. It was an excellent turn out with over 40 professionals in attendance.

Local Paymetric customer, Boston Scientific, shared how they were able to fully integrate and secure its electronic payment process with Paymetric’s integrated payment, cloud based processing and tokenization for its SAP and Enterprise systems. Boston Scientific touched on its positive business impacts including how it was successful in streamlining the order-to-cash process, reducing payment card processing costs and making PCI DSS compliance more efficient.

On February 23, 2017, Paymetric will be heading to Dallas for its next Regional Event at Topgolf with guest speakers from the City of Dallas and Dr. Pepper Snapple Group.

A networking lunch and a round of TopGolf will also be provided. Space is limited, so register here to reserve your spot today.

 

To learn about other Paymetric Regional Events in your area or other activities for Paymetric visit our events page. Or feel free to schedule a meeting today at 1-855-476-0134.

       

5 Important Facts About Tokenization

And how to know which approach is right for you

With the rising rates of credit card fraud and cybercrimes, many companies are trying to increase the security of payments. A growing solution to increase payment security is tokenization. Here are five key things you should know about tokenization:

  1. Why Tokenization? Tokenization helps minimize risk and cost. According to the Ponemon Institute, there is a 20% chance that a merchant will experience a data breach within the next two years. To prevent this, merchants must follow the PCI DSS guidelines to protect cardholder information. Tokenization meets these standards when it is provided by a PCI-compliant vendor.
  2. How does it work? Tokenization replaces every credit card number stored in enterprise systems with a series of randomly-generated codes that are of no value to hackers. Therefore, when a hacker breaches a payment database and attempts to steal payment information, the merchant and its customers’ information is still secure.
  3. Which type of Tokenization is right for me? There are three types of tokenization: On-premise, Hosted and Cloud. To determine which type is right for you, consider your location, costs, PCI DSS audit scope responsibility, scalability, redundancy measures, backup and recovery methods.
  4. Other selection considerations? Select a solution with an eye to the future.
  • Choose a processor-agnostic tokenization solution to manage future growth
  • Select multi-use instead of single-use tokenization which enables more streamlined reporting and easier customer service
  • Use the same form of tokenization in both QA and production
  • Choose a vendor offering proprietary tokenization technology
  1. How do I make the most of tokenization? Cover all your bases in the solution design phase.
  • Identify risk workflows
  • Convert sensitive raw or encrypted data to tokens and then purge the original data to reduce risk
  • Block your users from viewing de-tokenized card numbers
  • Train your representatives to not enter raw card numbers in text fields
  • Prevent the storage of CVV values

 

By deploying tokenization, you can minimize the risk of a data breach and minimize the scope of a PCI audit. To learn more, read Paymetric’s eBook on the benefits of tokenization.

Paymetric Featured in Market Guide for Digital Payment Gateways & Payment Providers

Published: 21 July 2016 by Analyst Penny Gillespie

For IT leaders supporting digital commerce payments, Gartner’s analyst Penny Gillespie published a Market Guide featuring Paymetric: Digital Payment Gateways and Payment Service Providers. The Gartner Market Guide helps explain the key market components and industry direction along with vendor profiles including Paymetric as a leader. Below are highlights from the report.

Key Finding Highlights:

  • While payment routing and processing is a mature technology, it is also a critical component of digital commerce. Clients are expressing a renewed interest in these technologies, primarily due to geographic expansion and the need to support new payment types.
  • Payments are complex due to the numerous vendors and the differing roles they play; for example, gateways, processors, payment service providers (PSPs), acquiring banks and issuing banks. The technologies that support them (switching, routing, authorization, authentication, settlement, fraud and reconciliation) are also complicated and intricately woven. Clients struggle with both the complexity of payments and the nuances among the various vendors while simultaneously trying to reduce payment risk.

Market Recommendation Highlights:

  • Work with constituents across the company to identify the anticipated payment volume for a three- to five-year period, and the channels, geographies and payment types that must be supported when starting this analysis. Treasury requirements for operations and settlement should also be taken into consideration.
  • Consider vendor consolidation to simplify operations and to reduce costs, as payment transaction costs are typically based on transaction volume. For example, many processors offer gateway functionality. Vendors offering gateway functionality are starting to support POS and vice versa. Coupling vendor functionality can reduce cost while also streamlining operations across channels as long as all the desired payment types are supported, which may or may not be the case.

Video - Lenovo InterviewVideo - Global Businesses are Facing Challenges EverydayFor more information or questions on how to navigate the complexities of the payment landscape contact Paymetric at 1-855-476-0134 or please reach out via email to pmmarketing@paymetric.com

For a complete Market Guide for Digital Payment Gateways & Payment Providers click here or go to www.gartner.com. 

Paymetric Customers Share Success Stories at Local ASUG Chapter Events

Paymetric sponsored the local ASUG chapter events over the summer working with customers on delivering lessons learned and best practices.

In New York City, Sotheby’s, one of the world’s largest publicly traded auctioneers of fine arts, shared how with Paymetric they were able to integrate payment processing through one platform while cutting costs and improving their customer experience. They also explained the benefits of tokenization and discussed how their PCI compliance has been simplified. Listen to webcast.

Carestream, a health imaging and information technology solutions company, shared their journey and successes with Paymetric in Buffalo, New York at the Upstate New York chapter event. With the help of Paymetric, Carestream was able to streamline their order to cash process resulting in faster and easier collections. They also discussed how they were able to minimize their PCI audit scope and save on Level II/III data interchange fees. Listen to webcast.

 

To see other event’s Paymetric is attending, visit our events page

Gartner Market Guide: Tokenization of Payment Card Data Features Paymetric

Published: December 2015

Gartner Analyst(s): Jonathan Care, Rajpreet Kaur

The tokenization of sensitive data is a key component in the ensuring of payment system security. The guide is a resource to assist companies when choosing the most appropriate solution for their tokenization projects.

Gartner Recommendations:

  • Use tokenization to eliminate stored CHD from within the enterprise, thus reducing compliance overhead and bringing the impact of a data breach within risk tolerances.
  • Where technical requirements permit, use off-premises tokenization to eliminate the requirement to maintain a repository of CHD within the enterprise.
  • Ensure that all third-party service providers handling CHD (including tokenization) comply with the requirement to formally acknowledge responsibility for the security of the CHD in their possession.

Paymetric is recommended in the Gartner guide as follows:

Paymetric specializes in processing payments made through ERP systems, such as SAP and Oracle. In addition, Paymetric integrates with Salesforce, Magento, JDA, Demandware, JD Edwards, Infor, ColdFusion and Visa STP. Its off-premises service tokenizes sensitive data, including PII and CHD, and uses data vaulting to securely store sensitive data. Tokens are decoupled, allowing authorization without a specific call. Paymetric has strategic partnerships with several major payment processors and provides key management outside the enterprise.

Contact Paymetric for more information at toll-free: 1-855-476-0134
678-242-5281 or info@paymetric.com

Click here for the complete Gartner report.

 

5 Steps to Reduce PCI DSS Scope

Because the scope of PCI DSS requirements can be so large and complicated, companies are constantly searching for ways to reduce and even eliminate it. Below are five ways businesses can potentially reduce the size of their PCI DSS scope.

  1. Consolidation:Identifying and eliminating redundant data sets and consolidating applications and information storage can reduce scope.
  2. Centralization:Encrypted data stored in a highly secure on-site central data vault. The payment card numbers are replaced with tokens in other applications or databases. Since cardholder data is only stored in one central location, PCI DSS Scope is minimized
  3. End-To-End Encryption (E2EE) or Point-To-Point Encryption (P2PE):Ensures that card numbers are encrypted from first card swipe at the point-of-sale (POS), and while in transit all the way to the payment processor eliminating most PCI requirements.
  4. Outsourcing:Outsourcing all or some of your payment card processing capabilities to a PCI DSS compliant service provider can reduce PCI scope. This is especially relevant to companies conducting eCommerce transactions only.
  5. Tokenization:Stores card numbers and other sensitive data such as social security numbers in an off-site highly secure data vault. The payment card numbers are replaced with tokens in all other databases and applications. Not storing cardholder data anywhere greatly simplifies the scope of PCI Requirement.

These 5 steps can simplify PCI compliance for POS-centric and card-not-present (CNP) environments, but choosing the best method for your company will depend on the level of security you are looking to achieve. For example, the first two techniques mentioned will minimize the scope of PCI Requirement 3, but will not eliminate it. Card numbers will still be stored on-site, giving access to all sensitive data if a hacker does decrypt your information.

Your next layer of protection will be utilizing a third party tokenization solution. Tokenization is a solution that affords business the opportunity to eliminate the storage and/or transmission of cardholder data in enterprise systems and applications. Implementing tokenization can make reaching compliance much easier than replacing an existing application with a PA-DSS compliant one, according to Verizon’s Business report.

If you are searching for the complete package, a combination of a third party tokenization and a point-to-point encryption P2PE solution will get you closest to completely eliminating your PCI scope depending on your current payments landscape. Utilizing P2PE will remove your entire network and PCs by tokenizing card numbers before they ever touch your network.

If you have questions regarding PCI DSS Compliance or Tokenization solutions, please contact us to schedule a time to speak with one of our Payments Industry Experts.

 

 

Data Breaches: What would one cost your company?

This is the hot question these days, with various entities citing different studies and formulas. While there is no 100% accurate way to calculate the hypothetical cost of a data breach to your organization, we’d like to explore the contributing factors and options you have to safeguard yourself.

For example, a major retailer was breached in 2013, exposing 40 million payment cards and personal information on 70 million customers. The price tag on that breach is $252 million and counting. (Class Action Litigation, Feb.26, 2015.)

Let’s break down these costs. The breached company must address:

  • Auditing: Bring in a forensic auditor to determine how their systems were breached
  • Remediation: Remediate the security breach with hardware, software, monitoring solutions and consulting
  • Credit Monitoring: Provide credit monitoring for 6-12 months for every individual whose records were exposed
  • Insurance Deductible: Pay the insurance deductible even if they are insured for breaches
  • Litigation: Deal with class action suits from consumers, suits from issuing banks to recover losses and shareholder class action suits

While these costs are obviously extremely detrimental, the breach also inflicted immeasurable damage to the company’s customer loyalty and brand reputation. The Ponemon Institute estimated it takes $3.5 million to repair the damage from a breach. This figure is up 15% from last year, perhaps suggesting it is becoming increasingly difficult for an organization to recover from such a media disaster.

The recently published Data Breach Investigative Report for 2015 published by Verizon forecasts the average loss for a breach of 1,000 records is between $52,000 and $87,000. Compare that to a breach affecting 10 million records where the average loss is forecasted to be between $2.1 million and $5.2 million.

I urge organizations not to be complacent by harboring the “It won’t happen to me” mindset. Experts affirm companies have a 1 in 5 chance of falling victim to a data breach. Before this happens to your enterprise, adopt a defensive strategy and protect your data and processes from malicious attacks. Read about our solutions here.

7 Ways to Prevent Fraud and Identity Theft

According to the Federal Trade Commission, 9 million Americans suffer identity theft annually. We’ve compiled a brief list of safeguards that we welcome you to share with your clients.

Identity theft occurs when someone steals your personal information and uses it to commit fraud- whether it’s using your credit card, filing fraudulent tax returns or ruining your credit. Perhaps the worst part about identity theft is that it can plague you for years, as criminals are able to continuously exploit your sensitive information. While credit card numbers can be changed easily- your social security number, date of birth and medical records cannot.

How do you defend yourself from identity theft?

  1. Pay for online purchases with a credit card. Banks almost always favor the consumer in these situations and will refund your money. But once the money’s gone from your debit account- it’s gone. (This also holds true for physically stolen cards, FYI.)
  2. Clear your logins and passwords and never save these credentials on a public computer.
  3. Monitor your bank statements. If you don’t recognize a purchase, if it looks suspicious or if occurred somewhere you weren’t, call your bank.
  4. Monitor your credit report. You are legally entitled to a free report every year from each of the three bureaus (Equifax, Experian, and TransUnion)
  5. Shred sensitive documents.
  6. Fraud alerts and credit freezes. These are two measures you can take yourself, or you can pay a company to do it for you.
  7. If you’ve detected fraudulent activity, notify the financial institution where it occurred, so they can freeze your account. You might also need to contact the FTC and local police department.

The Value of Protected Health Information (PHI)

In our last blog, we discussed the importance of personally identifiable information (PII). This week our focus is PHI, or protected health information. PHI includes patient names, medical records, addresses, social security numbers and email addresses. While PHI is addressed by HIPAA and HITECH acts, breaches still occur. One such occurrence is the recent Anthem breach, which exposed 80 million client records. Anthem is the largest for-profit managed health care company in the Blue Cross and Blue Shield Association.

People who had previously been insured with Blue Cross decades ago received letters warning them their sensitive data had been exposed. Since then, stolen identities and fraudulently filed tax returns have been linked to this breach.

Due to the sensitive nature of medical records, breaches could diminish trust in doctor/patient confidentially. Some speculate patients could withhold health concerns or conditions for fear of the information going public. Anthem, and other breached companies, are now tasked with repairing brand damage and winning back lost clients.

In the case of a credit card breach, the financial institution can send a new card with different numbers. However, medical records cannot simply be reissued or changed. This is why some consider PHI to be 50 times more valuable to thieves than credit cards.

According to CNBC and Reuters, “Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.”

So how do we adequately safeguard this data from cyber thieves?

Tokenization has become the gold standard for protecting sensitive data. Tokenization takes a real value (SSN, date of birth, etc.) and replaces it with a surrogate value. Tokens cannot be reverse engineered and the data itself resides off site entirely. Paymetric’s tokenization solution, XiFlex™ powered by XiSecure™, gives organizations the adaptability necessary to protect any type of sensitive information residing within the enterprise. Read more about our proprietary solutions here.

To learn more about protecting sensitive data, you are welcome to join our upcoming webinars:

Securing Sensitive Data and PII within SAP® – Thursday, April 30th 2:00-3:00pm

Securing Sensitive Data and PII within Oracle®EBS – Tuesday, May 12th 2:00-3:00pm