Talking Shop with… Chris Kronenthal

Chris Kronenthal, CTO of FreedomPay, says faster, simpler, safer and smarter payment management solutions are available to retailers.  Introduce us to FreedomPay. Chris Kronenthal: Founded in 2000, FreedomPay is an early pioneer in transaction solutions, including mobile payments; cashless solutions; virtual and remote terminals; and payment processing. As payment technology has evolved—so has FreedomPay. Today, we provide comprehensive payment management solutions enabling organizations to make payments faster, simpler, safer and smarter. We are the engine inside the world’s expanding, yet interconnected, ecosystem of commerce. Ranging from POS integrations to cashless solutions and electronic payment services to processing, the FreedomPay Commerce Platform provides a fully integrated, hosted global infrastructure for managing payments. Our clients include major retailers, large healthcare systems, Fortune 1,000 corporations, universities and government installations. No matter the situation, we can apply our solution or show you how to adapt it to legacy technology. What are the industry’s hottest topics? Everything revolves around security. It seems as if every other day we hear about a retailer reporting a security breach. There is a lot of talk about EMV, Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards, and whether it will solve the problem; while it is a definite improvement, it is likely not enough. The main purpose of the EMV card is authenticating that the person using the card is its rightful owner when performing face-to-face transactions. It does not have strong ties to thwarting hackers from stealing unencrypted elements of data, however, or using them in other scenarios like online purchases. Why is “chip and PIN” not a panacea to retailers’ woes? Its usage does not prevent credit card data from being accessed through weaknesses in the POS or network. EMV is about the interaction with the card and the reader device, which means the device may send clear-text account information to the POS. That is the same information as when a magnetic stripe PIN debit or signature card is used. As we know, PINs are far from fail proof, as well. Think about the reports we read about—despite pleas from safety experts—people still use easily-guessed PINs, such as “1234.” Without other solutions, it is a safe bet that hackers will still have successes. What is the answer to retailer payment security? Fortunately, upgraded commerce technology, referred to as point-to-point encryption or “P2PE” is becoming available that provides hardware-to-hardware payment data encryption and a secure terminal distribution chain, as well as streamlined and straightforward PCI DSS compliance. P2PE helps secure commerce systems, while enabling companies to embrace payment innovation trends. A bonus of implementing P2PE as part of the EMV deployment is that PCI DSS compliance is dramatically reduced. P2PE encrypts all sensitive data inside the POI device (point of interaction)— where the card is swiped. That data remains encrypted until it exits the retailer’s control at the payment service provider; it never touches the retailer’s memory, hard drive or network in an unencrypted fashion. Because the responsibility for managing the encryption generally is not with the merchant there is no operational overhead in adopting P2PE. Are there any other benefits to P2PE? P2PE platforms can be designed as a one-stop solution for merchants needing secure POS transactions and wanting the capability to expand their commerce options. Our FreedomPay Commerce Platform, for example, is modular and expandable. Through its deployment, customers can reap the benefits of P2PE and tap a portfolio of services, including mobile payments, incentive programs, robust reporting and analytics. Some of our first P2PE clients are large food service vendors who rely on our platform to realize immediate P2PE benefits, including support for NFC, EMV and magnetic stripe. This security gives customers the comfort of knowing credit card details are being handled via the safest technology available. Given the large amount of transactions occurring at a supermarket and other high-volume retailers, that is important peace of mind.