Related White Paper: The First Data TransArmor Solution: Tokenization Unlocks New Revenue
Listen to audio interview
KAREN WEBSTER: Hi, it’s Karen Webster from PYMNTS.com, and I’m here today with Bruce Dragt, Senior Vice President and Division Manager of Payment Acceptance at First Data. Bruce is driving product development globally across the company’s suite of merchant products, including risk, security, and fraud, which is really what we’re going to be talking about today. Hi, Bruce, welcome.
BRUCE DRAGT: Karen, thank you for having me.
WEBSTER: So fraud is a topic that’s really trending on PYMNTS.com, so I’m glad that we could grab you for a few minutes to talk about it. Let’s start with the basics. What are the most important fraud issues that payments professionals should be tracking today?
DRAGT: Sure. So as I look at payment professionals today, there is a great deal of time and attention being focused on what to do with data, where – can’t go a day without seeing evidence of another breach that’s been taken care of in one way or another. So as a result, we have seen a lot of attention focused on this, both that being data that’s in transit as well as well as data that’s at rest. So payment professionals today are really looking at solutions and ways in which to harden that.
Would also say that payment professionals are looking more and more at items around consumer authentication. And that really is a step – there’s been a lot of conversations about EMV – but a step in that direction, to really look and to say, how do I truly know that, if I have – this cardholder is coming to present something to me, that really is the right person? And I’m seeing kind of a closer alignment between merchants and issuers around that, as a way for us collectively to be able to reduce fraud in the system.
WEBSTER: So, given that, what steps do you recommend to effectively manage these kinds of fraud risks?
DRAGT: Sure. So when we’re looking at today – we’re recommending, really, a multi-layered approach to this, so not one solution that really is what we would say is a fix-all, but something that you would want to do and implement in phases, really around things in particular that are available today, and then constantly be having a roadmap that’s out there to make sure that you have planned for things that you know are coming down the road.
So starting out today with the availability of encryption and tokenization services, we’re really encouraging merchants to consider taking that step of encrypting that transaction from the time that a card is swiped all the way through to the payment processor, and then to be able to replace that payment card information with a token, so that they’re no longer storing that, really creating the environment so that, if there is some type of breach, that there is no one who is able to take it something extracted from their data centers.
Second to that is, they’re looking at kind of that roadmap of things. We’re asking them to carefully consider the potential in the future for EMV acceptance, be that from U.S.-issue cards or for people who are traveling here from most of the regions today that have implemented EMV, to give them a safe and secure way to be able to transact, and to continue to look at that equipment side of the equation, to make sure that they really have a solution, be that with a EMV contact, be that with contactless, kind of the future of mobility, that they have themselves in an environment whereby they can be able to apply that level of security once it becomes available to them.
WEBSTER: So that makes total sense. Obviously, in your role, you have to be in tune with how consumer payments are changing, and the impact of that change on security and fraud issues. From your perspective, what are some of the important ways that consumer payments are, in fact, changing?
DRAGT: Sure. So I think that the number one way that I’m seeing them change right now is that consumers are finding different vehicles by which they can transact. In the past, a very standard piece of plastic that was the primary driver for that. And we’re seeing just a great deal of advance around mobile technology, be that the mobile device itself, be that the emergence of mobile cards, or be that something associated with even an EMV card, which could either be contact or contactless. So there’ve been a great deal of advances in that realm, whereby we see that the type of security that can come along with that device is now changed, because in the past, it used to be just kind of a plain old static card with a mag stripe on it, not very sophisticated, but yet very effective. And now these new devices are coming along with computers at kind of on board, which gives the ability for us to do a variety of things from a security perspective, really changing the nature of the way in which we can do security. So in the past you have static data that started out, now you have the ability to have dynamic data, or even kind of customized cryptograms and things like that, that enable you to provide a layer of security that was never before available.
WEBSTER: So you just touched on a couple of areas of focus that need to be addressed from a security perspective, including the new ways in which payments are routed through their debit networks. What other things should we be thinking about?
DRAGT: I also think that one thing that’s changing is the nature of where payments are accepted. I think, in the past, that used to be expected that that would be a fixed place at the front of a store, and even some of the things online that were very – kind of a waterfall type process, that we’re beginning to see a number of particularly brick-and-mortar retailers begin to experiment with different ways in which people can begin doing purchasing, but it’s no longer just at a fixed point of sale. That might be through some type of mobile device that somebody’s carrying through the store, that might be integrated with some type of scanning and buying device as a consumer walks through. And that will change the nature of payments, because no longer is it kind of a one-time, here’s my card, and go, but it’s kind of a progressive set of purchasing, and it may be even that purchasing is done in a very close to the point of purchase, whereby somebody’s buying it, but they may also be redeeming a coupon, or getting a particular offer. That’s really kind of changed the nature of the experience from just being about a payment to being about that kind of interaction that that store’s creating between that consumer and the item that they want to buy.
WEBSTER: So First Data has a product called TransArmor that is a combination of end-to-end encryption and tokenization, which is obviously directed at the very issues we’ve been discussing. Talk to us a little bit about how successful First Data’s TransArmor solution has been in addressing issues around merchant compliance, regulatory, and other needs, and what have you learned from the payments industry general response to your product?
DRAGT: Yeah, we’ve actually – we’ve learned a great deal. So kind of just giving a view to that, so last fall is when we began on that product in any size and volume. We’d been piloting it prior to that. We’ve got more than 100,000 merchants who are on that solution today, and we’ve been doing tens to hundreds to millions of transactions through it. So the solution itself has proven itself to be very solid and reliable.
One very interesting thing we discovered with that in our research into the merchants who were using it. They were very clear that consumers are becoming more and more aware of whether or not that merchant takes steps to protect their information, because they tie that relationship, that consumer ties that relationship between the merchant and themself, and they want to make sure that that merchant really is keeping up with that level of trust. So we, for instance, needed to start doing some things to empower merchants to be able to talk to their consumers, whereby they can say, hey, here are the things that we are doing to protect your information.
In addition to that, through the program itself, it was designed in such a way that, for instance, we were able to provide that to a lot of our small merchants in a very simple process, something simple and very easy for them to consume. That was a very important thing, to get it out and get it out to a large number of folks as well.
As we look at from an industry perspective, I think that one of the things we’ve clearly seen, and that will – you’ll continue to see people write and comment on, is that, in this environment, we had a number of merchants who have a very specific pain relative to trying to address, as you describe, regulatory issues, compliance issues, etc., just very practical issues of not wanting to allow this data out. In many ways, the pain that they were feeling was far ahead of the solutions in the marketplace, as well as, for lack of a better term, kind of coalesced into the overall marketplace to say, this is the way in which we needed to do it. So – and merchants who were saying, hey, look, I just want something and I want it now. And so there’s still a lot of questions out in the industry about saying, what is the optimal way for doing this? And we had merchants saying, look, I don’t care about optimal, I want a solution that can minimize the risk I have today. I think we were able to strike a very healthy balance there of listening to the broader industry and all the potential ways in which we could solve something, but yet, at the same time, putting in front of merchants a very simple and practical solution to make that happen.
Part of our ability to do that really came through creating partnerships in ways that we hadn’t necessarily done in the past. So we did that with VeriFone, we’ve done that with RSA technology in such a way that, by bringing together very key players within the existing ecosystem, we have the ability to move a solution into the marketplace much faster than before. We can take that collective knowledge of each of them relative to their area of expertise – VeriFone in terminals, RSA in security, and First Data in just payment processing flow – put that together into a solution, and really speed a solution to market for those merchants to begin to minimize that pain.
WEBSTER: Well, thank you, Bruce. It sounds like you’ve done a great job at getting a solution into the marketplace that solves a very particular point of pain for merchants, and it sounds like consumers as well, who are increasingly attuned to the issue. So I really appreciate your joining me today and sharing your views. Thank you.
Bruce Dragt, Division Manager, Payment Acceptance
Bruce Dragt is senior vice president and division manager of Payment Acceptance at First Data Corporation and is responsible for driving product development globally across the company’s suite of merchant products. These products include core acquiring, eCommerce, International Currency Solutions, Leasing, TASQ, TeleCheck and security products.
With a history in innovation, Dragt has played an influential role in developing new electronic payment solutions and bringing them to market. He has held roles in many facets of the payment lifecycle from card issuing to traditional merchant processing to alternative payments and mobile commerce.
Prior to joining First Data, Dragt worked for i2 Technologies and Financial Settlement Matrix as vice president of product management, where he created payment solutions associated with business-to-business transactions originated through electronic exchanges. In addition, he has worked at Wells Fargo Bank and held roles in the Business Direct Division and the Wholesale Internet Services Group.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More