Uncategorized

Don’t Become the Next Major Data Breach—Here’s How to Secure Your Organization

We’re only a few months into 2018, and already more major data breaches are coming to light. A security research company recently discovered that hundreds of thousands of FedEx customers’ passports, driver’s licenses, and other identifying information were left unsecure and exposed.

A Close Call for FedEx

The data comes from FedEx Crossborder, a branch of the company that was closed in 2017, but according to ZDNet, FedEx is only partly to blame. The breach originates from a company named Bongo International. In 2014, FedEx purchased Bongo International and rebranded it as FedEx CrossBorder. Bongo’s data was stored on an unsecured Amazon S3 virtual server and included records from 2009 to 2012, making more than 100,000 sets of records vulnerable to cybercriminals.

Kromtech, a white hat research group, made the initial discovery and reported the breach to FedEx. According to FedEx spokesperson Jim McCluskey, FedEx was able to secure the information and they “found no indication that any information has been misappropriated.”

The Key to Keeping Your Data Secure

How can your organization avoid becoming the next corporate name making the news for not securing customer’s identifying data like FedEx or Equifax? The truth is that many security breaches are preventable, and one important way of safeguarding sensitive data is by investing in tokenization.

Tokenization is a security method that prevents data breaches by ensuring that credit card numbers, Social Security Numbers, and other sensitive information never traverses your organization’s system. Rather than allowing raw, unsecure information to enter your enterprise, when a field comes up for raw card number entry a tokenization solution will open a secure browser field, capture the number outside of the merchant’s ERP application, store it securely, and replace the raw data with a token.

These tokens act as surrogate values so that even if cyber thieves hack your data, the information is meaningless. Unlike encrypted credit card numbers, it’s impossible for hackers to reverse-engineer tokens. Meanwhile, the cardholder data is encrypted and stored, along with the encryption keys, in a secure, off-site location.

Not only does tokenization keep your data safer, it can also save you time and money when it comes to auditing. Tokenization can reduce the number of PCI compliance audit items by up to 60 percent. A payment environment that stores no raw Personal Account Number (PAN) information often qualifies for a Self Assessment Questionnaire (SAQ) C with only 139 questions, whereas payment systems that store sensitive data, even if encrypted, require an SAQ D with 326 questions.

Last but not least, tokenization not only protects your data—it protects your company’s reputation and your customers’ loyalty. According to the Ponemon Institute, a 2017 study revealed that the global average cost of a data breach is $3.6 million. This cost not only comes from fines and penalties, but also from a loss of valuable customers and brand value.

Is Your Data Safe from Breaches?

Make sure your sensitive data is secure with a solution from Paymetric, which was recently named a key global leader in tokenization. To learn more about our P2PE encryption solutions, contact a representative today.

 

 

Investing in Your Payment Processing System: Challenges & Opportunities

Can Automated Payments Cut Costs for Your Business?

Investing in a payment system is a big decision for any company, no matter how large or small. Transitioning from manual processing to an automatic system requires time and money. In addition to paperwork and employee training, you will also need to set aside time to implement and smooth out new processes.

On the surface, it may seem like investing in a payment processing system isn’t worth the hassle. But in the long run, automated processing systems save your company time, trouble and revenue.

The Costs of Manual Payment Processing

While investing in a new payment processing system may seem expensive, in the long run, the costs of manual payments are much higher. There are several ways your non-automated system may be leaking money and putting your business at risk.

  • Manual payment processing drains revenue by spending employees’ time. Whether customers pay by phone or by web portal, non-automated processing requires the time and attention of employees spanning multiple departments. This inefficiency wastes time for both employees and customers.
  • Non-automated systems leave more room for human error — and data breaches. Studies show that the leading cause of data breaches is employee error. With more employees doing manual payment processing, your business is more vulnerable to frauds, hackers and cyber thieves.
  • Companies that use manual systems struggle with PCI compliance. The PCI DSS mandates that any company that accepts credit card payments must follow strict guidelines to protect cardholder data. But companies that use manual systems often struggle to meet both customers’ and PCI DSS needs — especially when it comes to recurring payments. In the best-case scenario, a company without a secure place to store data wastes both customers’ and employees’ time by re-entering payment information each time a transaction is made. At worst, companies may store sensitive data in insecure databases that are both non-PCI compliant and susceptible to breaches.
  • The cost of a data breach far outweighs the benefits of a manual payment system. On average, companies spends $879,582 in damages after a data breach occurs — and that’s not including the additional $955, lost due to the disruption of operations. Add in a tarnished reputation and a loss of consumer trust, and it’s easy to see how manual payment processing could lead to major costs for your company.

How a Payment Processing System Pays Off

In the beginning, transitioning to an automated payment system may be a large investment. But between streamlined work processes and improved cash flow, you’ll be seeing big returns in no time.

  • Automated payment processing makes employees more efficient. When employees spend less time taking customer service calls, making manual data entries and jumping through the hoops of complicated work processes, they have time to complete more pressing tasks. You will be able to use your budget and your workers’ time more efficiently.
  • Instant account reconciliation means less fraud. Unlike manual payment processing, an automatic system makes account reconciliation immediate. That means fraudsters are detected more quickly and are less likely to get away with your customers’ money or information.
  • Payment processing systems increase cash flow. Using an automated payment system can dramatically speed up the settlement process — from 30 to more than 90 days for paper-based transactions, to just 24 to 72 hours for electronic .
  • Cardholder data is more secure and PCI-compliant, no matter how many payment methods you use. With a SAP-certified, PCI-compliant payment solution, your company can use a variety of payment entry points without ever sacrificing security or ease of payment. Whether your customers pay online, via mobile phone, through a calling center or at a brick-and-mortar location, raw cardholder data will be encrypted and will never enter your system.
  • An easier, quicker payment process means happier customers. An automated system makes payments easier than ever for your customers. It allows them to safely pay from nearly anywhere at any time, including via subscription payments.

How a Payment Processing System Paid Off for Arthrex

Before investing in a payment processing system, Athrex — a global medical device company — had a hectic accounts receivable department with a manual payment processing system that was error prone and struggled with PCI compliance.

Listen to our webcast to hear about how transitioning to Paymetric’s SAP-certified solutions helped Arthrex reduce costs and maximize investments in their Enterprise Resource Planning (ERP) system.

Want to Get More Out of Your Payment Processing System?

Is your company struggling with a manual payment system? Contact a Paymetric representative today to learn more about our SAP-certified, PCI-compliant payment solutions.

Don’t Miss Paymetric at Financials 2018

We go together like Payments and Security! Join us this Valentine’s day in Las Vegas for the Financials 2018 event. 

Paymetric will be exhibiting in Booth #110 at Financials 2018, February 12th-14th. Come meet with our ePayments experts to learn about how we can streamline and secure your enterprise payments within SAP. We’ll be handing out some sweet treats.

Schedule a meeting with us to learn about our latest innovations including our electronic invoice presentment and payment (EIPP) solution, BillPay and our newest solution, SecureLink, which enables secure electronic payments through a customer service chat session.

In addition to our new innovations, Paymetric is now a Worldpay Company, the world’s largest global payments provider and together, we deliver the only fully managed payment service built to handle complex omnichannel Enterprise payments. This means one partner for all your payments needs with streamlined PCI compliance and lower cost of acceptance. 

Mark your calendar and join us for our networking session on Tuesday February 13th from 2:45-3:15. We’ll be focused on simplifying the delivery and payment of invoices with electronic invoice presentment.

To sweeten the deal, schedule a time to meet and you’ll be entered to win an Apple iPad. We hope to see you in Vegas!

Asif Ramji, President and CEO of Paymetric wins the national EY Entrepreneur Of The Year Award

We’re honored to share the news that Asif Ramji, President and CEO of Paymetric, has been selected as the Financial Services winner in the national EY Entrepreneur Of The Year® 2017 program! As the world’s most prestigious business award, Entrepreneur of The Year has been at the forefront of identifying game changing business leaders for more than 30 years. The program has recognized the endeavors of exceptional men and women who create the products and services that keep our worldwide economy moving forward. The Entrepreneur of the Year includes programs in more than 140 cities and more than 60 countries worldwide. It is a very competitive award and is an incredible recognition. The program has honored the inspirational leadership of such entrepreneurs as Howard Schultz of Starbucks Coffee Company, John Mackey of Whole Foods Market Inc., Pierre Omidyar of eBay, Inc., Reid Hoffman and Jeff Weiner of LinkedIn Corporation and Mindy Grossman of HSN, Inc.

Can Electronic Billing Save Your Company Money?

As our world becomes increasingly digital, more companies than ever are making the transition from paper-based B2B billing to electronic invoicing presentment and payment (EIPP). That’s because compared to paper invoicing, EIPP is more efficient for employees and customers — saving businesses time, labor, and resources.

The benefits of EIPP are reduced errors, decreased costs, and improvements to your bottom line. However, changing the way you do business can be a difficult decision. Not sure if electronic invoicing is right for your company? The following advantages demonstrate how EIPP can change your business’ invoicing processes for the better.

More Timely Payments

EIPP makes paying bills easier for your customers, meaning they’ll be more likely to pay regularly and on time. This is especially true of EIPP systems that offer an easy-to-use, self-service online portal that is compatible with all devices, from computers and tablets to mobile phones. The right EIPP system makes paying bills in a timely manner more convenient than ever for your customers, thereby reducing overhead for account receivables.

Increased Efficiency

Electronic invoicing is more than just convenient for customers — it also makes your business more efficient, saving you time, money, and resources. Using an EIPP system streamlines tasks and work processes, automating many tasks that were previously manual. For that reason, managing invoices electronically not only minimizes the risk of human error, but also reduces DSO (days sales outstanding).

Enhanced Management

Managing your invoices electronically eliminates digging through files and paperwork, making it easy to keep track of current invoices as well as store and search for past invoices. Furthermore, EIPP allows you to track payments across all channels, schedule recurring payments, view account histories, and generate custom reports.

Easy Integration

Overhauling your invoicing processes may seem daunting, but choosing an adaptable EIPP system will help ease the transition. Some EIPP systems, such as Paymetric’s BillPay, integrate with your existing ERP or invoice systems so that switching to e-invoicing is smooth and seamless.

Secure Cloud-Based Processing

Many EIPP systems are cloud-based, meaning that invoices are processed on a secure, third-party server. Using a cloud-based invoicing program not only provides the benefit of real-time information, it also saves your company the cost of purchasing and maintaining an in-house server.

Interested in Electronic Invoicing?

If you’re ready to start reducing costs and streamlining your invoices, consider Paymetric BillPay. BillPay is a cloud-based electronic invoicing presentment and payment solution that is designed to securely process B2B invoices. To learn more about BillPay, and Paymetric’s security services, contact a representative today.

xiverify banner

Encryption vs. Tokenization: Which is Best for Your Company?

Whether your business is in retail, healthcare, education, or eCommerce, it’s essential to maintain compliance with payment card industry data security standards (PCI-DSS) and protect sensitive credit card information from data breaches. If you’ve been researching payment security for your business, you’ve likely come across the terms “encryption” and “tokenization.” Since these security options often go hand-in-hand, many people believe the terms are interchangeable. But in fact, encryption and tokenization are entirely different security measures, each with their own set of strengths and challenges. When it comes to protecting your customers’ private data, it’s important to know the difference so you can make informed decisions about payment processing security for your business.

Encryption

Put simply, encrypted data is when data is translated from its raw form into a code that can only be decrypted by authorized parties who hold the secret access key. In the event of a hack, encryption makes it extremely difficult for cyber thieves to decode and access the original clear-text data. Because encryption is a mathematical algorithm designed to be decoded, it’s not impossible to break. However, the stronger the algorithm used to create the code, the more difficult the key is to crack.

The strongest form of encryption is point-to-point encryption, or P2PE. With P2PE, data is encrypted on a card swipe terminal or PIN Entry Device (PED) as soon as a customers’ card is swiped, ensuring that no raw data enters the merchant’s system, and protecting information from the point of sale to its end destination. During this process, P2PE creates an individual key for each piece of data, meaning millions of keys to keep data safe.

Tokenization


While P2PE is a strong security measure, it is often combined with tokenization to create an even more powerful barrier against hackers. During the tokenization process, sensitive information is replaced by a random series of characters, called a token. Unlike mathematically coded encrypted information, tokens are made up of random numbers and characters — they have no mathematically decryptable pattern or algorithm.

Once tokenized, data is then stored in a token vault with a third-party cyber security agent. This vault stores both the token and the original payment data — which is encrypted for an extra layer of protection. The token vault is only accessible by the payment processor and the token can be safely reused for future payments.

In short, tokenization ensures that even if a hacker manages to access sensitive data in transit from the merchant to the payment processing company, the information is useless.

Which method is best for your company?

Because tokens have no value to hackers, it is a common misconception that tokenization is the safest method of protection for sensitive information captured within a merchant’s own systems. However, as you can see from the descriptions of each method, tokenization and P2PE are most powerful when used in tandem. While token vaults must still rely on encrypted code to keep sensitive data safe, encryption is reversible by design. Thus, the security of sensitive data must be strengthened by associating tokens to the encrypted code to provide a truly secure payment environment.

Above are just a few of the ways that encryption and tokenization can work together to help protect your company from data breaches and maintain PCI compliance. You can read more about the benefits of using P2PE coupled with a tokenization service provider here. To learn more about how Paymetric can help protect your business, contact a representative today.

Join us in Orlando for SAPPHIRE NOW and ASUG Annual Conference

Securing Electronic Payments is a Home Run!

Paymetric will be in Orlando May 16-18, 2017 for SAP’s SAPPHIRE NOW and ASUG’s Annual Conference in Booth #1359.

Come see how Paymetric is “hitting it out of the park” with their latest innovation – Paymetric BillPay. An e-invoicing solution to simplify the delivery and payment of invoices. The new solution gives your customers a convenient, secure, self-service portal to view and pay invoices.  

There is no shortage of fans for the Paymetric team. If you want to hear why our customers love us, come see Yeti Coolers share their SAP and Paymetric journey on Tuesday May 17th at 2pm in the ASUG HUB on the show floor. Yeti’s VP of IT will be sharing how they leveraged S4/HANAÒ and Paymetric’s cloud solution suite to streamline, secure and optimize payments in their enterprise and omni channels.

Paymetric will also be highlighted in SAP’s “Extend AR Processes to Customers and Partners Through the Cloud” presentation on Thursday May 18th at 4pm in the demo theater.

Skip the popcorn and cracker jacks and join Paymetric for cocktails in booth #1359 on Wednesday May 17th from 4pm to 6pm. A great opportunity to hear about Paymetric’s latest innovations and how they are securing enterprise commerce.

If you are in Orlando next week, be sure to stop by Paymetirc booth #1359 to be entered to win an Apple Watch Series 2.

How Paymetric BillPay Simplifies Electronic Delivery and Payment of Invoices in the Cloud

Paymetric’s New Enterprise Solution Provides Secure, Convenient Options for Delivering and Paying Invoices Online

By Bill Wied, SVP Product Development, Paymetric

We have just introduced a new enterprise solution that automates electronic invoice presentment and payment (EIPP). Paymetric BillPay was developed as part of our continued innovation for our expanding customer base of over thousands of brands. The solution simplifies how organizations deliver and receive payments of B2B invoices. Now our merchants can provide their customers the convenience of receiving and paying invoices online. The key benefits of Paymetric BillPay are that it speeds processing, saves organizations staffing time and reduces errors. These all have a positive impact to their bottom-line to help them streamline and secure electronic payments across the enterprise.  

How BillPay Works

Paymetric BillPay allows customers to view and pay invoices online using a self-service portal. The cloud-based  EIPP solution works with any ERP or invoice database and synchronizes with existing systems to reconcile and track payments across all payment channels. The automated process streamlines formerly manual tasks – which reduces DSO (days sales outstanding) and saves staff time and resources. It offers customers the convenience of scheduling payments or paying in installments and provides online access to view account history and generate custom reports.

Paymetric has built its success by providing enterprise secure electronic payment options. As an SAP®-certified partner, an Oracle validated partner and a recognized industry leader in secure electronic payment solutions in the enterprise, Paymetric BillPay is a natural extension that helps our customers streamline processes, secure electronic payments and make a difference to their bottom line.  For more information, visit our website or:

  • Watch how Paymetric BillPay works in the Enterprise
  • Register for the Webinar
  • Follow Paymetric on Twitter @paymetric

Industry Experts Share Best Practices on Enterprise Integrated Payments at Regional Events around the U.S.

Paymetric is excited to announce a series of Regional Events around Enterprise Integrated Payments and key issues that are top of mind for IT, Security, and Finance leaders. The most recent event was in Boston at the Harvard Faculty Club. The primary focus was how companies are able to achieve efficiencies by lowering payment processing costs while improving customer service excellence through-out the order to cash cycle. Other areas covered included best practices on securing cardholder data and how this helped reduce PCI scope resulting in savings. It was an excellent turn out with over 40 professionals in attendance.

Local Paymetric customer, Boston Scientific, shared how they were able to fully integrate and secure its electronic payment process with Paymetric’s integrated payment, cloud based processing and tokenization for its SAP and Enterprise systems. Boston Scientific touched on its positive business impacts including how it was successful in streamlining the order-to-cash process, reducing payment card processing costs and making PCI DSS compliance more efficient.

On February 23, 2017, Paymetric will be heading to Dallas for its next Regional Event at Topgolf with guest speakers from the City of Dallas and Dr. Pepper Snapple Group.

A networking lunch and a round of TopGolf will also be provided. Space is limited, so register here to reserve your spot today.

 

To learn about other Paymetric Regional Events in your area or other activities for Paymetric visit our events page. Or feel free to schedule a meeting today at 1-855-476-0134.

       

5 Important Facts About Tokenization

And how to know which approach is right for you

With the rising rates of credit card fraud and cybercrimes, many companies are trying to increase the security of payments. A growing solution to increase payment security is tokenization. Here are five key things you should know about tokenization:

  1. Why Tokenization? Tokenization helps minimize risk and cost. According to the Ponemon Institute, there is a 20% chance that a merchant will experience a data breach within the next two years. To prevent this, merchants must follow the PCI DSS guidelines to protect cardholder information. Tokenization meets these standards when it is provided by a PCI-compliant vendor.
  2. How does it work? Tokenization replaces every credit card number stored in enterprise systems with a series of randomly-generated codes that are of no value to hackers. Therefore, when a hacker breaches a payment database and attempts to steal payment information, the merchant and its customers’ information is still secure.
  3. Which type of Tokenization is right for me? There are three types of tokenization: On-premise, Hosted and Cloud. To determine which type is right for you, consider your location, costs, PCI DSS audit scope responsibility, scalability, redundancy measures, backup and recovery methods.
  4. Other selection considerations? Select a solution with an eye to the future.
  • Choose a processor-agnostic tokenization solution to manage future growth
  • Select multi-use instead of single-use tokenization which enables more streamlined reporting and easier customer service
  • Use the same form of tokenization in both QA and production
  • Choose a vendor offering proprietary tokenization technology
  1. How do I make the most of tokenization? Cover all your bases in the solution design phase.
  • Identify risk workflows
  • Convert sensitive raw or encrypted data to tokens and then purge the original data to reduce risk
  • Block your users from viewing de-tokenized card numbers
  • Train your representatives to not enter raw card numbers in text fields
  • Prevent the storage of CVV values

 

By deploying tokenization, you can minimize the risk of a data breach and minimize the scope of a PCI audit. To learn more, read Paymetric’s eBook on the benefits of tokenization.