POS Innovation

POS Security That Goes Beyond Payments

Intel and TNS announced their partnership dedicated to helping retailers improve the security of their POS environment across multiple devices and use multiple types of data just about a year ago.

One year later, Michelle Tinsley, Director of Mobility and Secure Payment Solutions for the Retail Solutions Division at Intel, described this combined solution as an “architecture for the future.”

Tinsley notes that retailers — frustrated with the increase in complexity surrounding security solutions, while facing top-down pressure from their boards of directors to implement them — are drawn to TNS and Intel’s offering because it “creates a path” to the future, allowing them to plan for updates, remote management and provision and policy changes.

“If [retailers] hear that there’s a new type of threat out there,” she tells PYMNTS, “[they] can proactively inject more into the system” should they want to do that.

In addition to the management of complexity, where Tinsley believes the solution is “really going to gain traction with retailers,” it goes beyond protecting just the payments stream to include customers’ personal information stream.

While acknowledging that “payments is table stakes,” Tinsley points to the industry-wide need — previously unaddressed — to protect the substantial amount of individuals’ private information that is collected, for example, by loyalty programs.

Noting that legislation will go into effect in Europe that, starting in 2018, will require retailers to have a solution in place to protect their customers’ PII or else be fined, Tinsley believes that where the solution “will really take off is around that second element of protecting the entire consumer and not just the payment credentials.”

Lisa Shipley, Executive Vice President and Managing Director at TNS, adds that it is “a step above” anything currently in the market, one that has been “wrapped around three different partners [TNS, Intel and third-party hardware vendors]” to simplify a retailer’s process of solving for security.

“Retailers are a lot smarter than they used to be,” adds Shipley. “They’re looking beyond PCI; they’re looking beyond what the next new regulation that will take umpteen years to develop and to enforce will be … To go a step ahead of the game, if you will. And, I think, that’s what the combined solution offers.”

TNS and Intel are currently working out the logistics of the go-to-market strategy for the solution.

The pitch to retailers, as Shipley explains it, is: “We’ll do the managed services piece of it; we’ll take you out of PCI scope; you don’t have to manage this internally; and we’ll grow with you with the partners that we’ve formed together.”

In the case of retailers that are already looking to roll out new mobile or fixed point-of-sale hardware, Tinsley regards that “greenfield” implementation as “easy.”

The companies are also working on a parallel approach for what they call “brownfield” implementation, which applies to retailers that want to take on the solution as part of their existing suite in a year or two, rather than unnaturally speed up a POS refresh.

“Depending on what vintage [those retailers] have,” explains Tinsley, “they may need a dock-like solution, where we can connect the legacy peripherals into that dock, encrypt from that dock through the system and essentially get a lot of the business from it without having to roll out very expensive POSs.”

Not every retailer in that brownfield group of prospects will necessarily need a dock to implement the combined solution, as the technology will work with an Intel Core 2 processor or newer (the company’s most recent version is the Core 6).

The challenge, then, adds Tinsley, does not relate to the POS itself as much as it does the peripherals.

For a retailer that is using a 15-year-old barcode reader, for example, “that’s where the dock comes in handy,” Tinsley states. “Because nobody’s going to go through the software or firmware, even if it takes a few weeks of updating code, to create a driver to go with a 15-year-old barcode reader.”

Addressing that “last mile” for retailers is an essential part of the combined solution.

And when it comes to the issue of addressing EMV migration with the solution, Shipley finds that the importance of that tends to vary by retailer.

“Obviously, the majority of the bigger [retailers] have embraced EMV,” she tells PYMNTS. “It’s still EMV with signature, so there’s real concern there relative to the level of security … They’re not doing tokenization … And some will argue that it really hasn’t added any additional security to the possibility of data at rest being breached.”

“When you talk about the different manufacturers coming to play,” continues Shipley, “they’ve all had to revamp; they’ve all had to go through this difficult certification process, acquirer by acquirer … And then, you’ve got the new guys that are coming into this space that have tried to penetrate the U.S. market and haven’t been successful … And now, with our kind of rebranding of the connect-to-all solution, it’s one interface into TNS with those back-end solutions.”

Overall, Shipley’s perspective is that retailers “see there’s much more that needs to be added to the EMV that they’ve put in the field if they have done so already.”

Tinsley agrees, sharing her observation that EMV is “necessary but not sufficient” in addressing abilities that go beyond payment protection and into protecting consumers’ personal data and providing a better experience for them.

One thing that can certainly help settle that confusion among retailers, notes Shipley, is the ability for them to “have a dialogue with one set of people that can solve all their problems … Take it off their plate, get them out of PCI scope and stop having to negotiate with five different partners to manage security internally, which is not their forte.”

She finds that retailers experience a “huge relief” when they’re told by TNS and Intel that they will take all of those aforementioned issues off their plate, while leaving them full control of, and access to, their network.

“The dialogue is working really well,” concludes Shipley, “and we’ve seen some good responses early on with this solution.”

——————————–

Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 Mobile Order-Ahead Report, PYMNTS talks with Dan Wheeler, Wahlburgers’ SVP, on how the QSR balances security and seamlessness to secure its recently launched WahlClub loyalty program.

Click to comment

TRENDING RIGHT NOW