Mobile Apps, EMV, Big Data: The Wrong Link Could Bite You
Published: December 2015
The back-room cables, router boxes and power cords at any convenience store may look like a tangled yet innocuous mass of technology.
But if improperly constructed, the complex chaos that links a store to the digital world could be the breeding ground for point-of-sale (POS) outages—or worse, fraud and data breaches.
Along with digital formatting and integration issues, the physical pathways that carry these data streams have transformed in just the past two or three years.
“The need for big bandwidth has grown exponentially with the use of digital signage, Wi-Fi, analytics and new payment forms, as has the need for cybersecurity solutions,” says Rosemary Blum, chief marketing officer for Sagenet, McLean, Va.
The challenge stems from the sheer amount of data that now has to flow from the store to corporate or third-party processors, says Kara Gunderson, POS manager for CITGO Petroleum Corp., Houston. For instance, in migrating to new Europay MasterCard Visa (EMV) standards, the shift in the amount of data for a single EMV transaction vs. the traditional magnetic swipe is “huge,” going from a few digital characters to hundreds, Gunderson says.
The shift will affect stores currently using dial-up. Retailers will have to upgrade to high-speed connectivity, or broadband, because EMV won’t support dial-up. Not only will upgrades to the store’s primary connection be necessary, but Gunderson says failsafe or back-up connectivity will also need either a secondary carrier or a cellular plan.
The core issue is bandwidth and the need to transfer large amounts of data quickly. Historically, the oil companies have mandated lower-bandwidth satellite connections for credit-card transactions, says Dirk Heinen, CEO of Acumera Inc., Austin, Texas. Outside of payments, retailers would send shift-reporting data only periodically in “batches” and did not have many Web-based applications running at the store.
What a difference a few years makes. Today, Heinen says, EMV and complex Web applications at the store are driving a move to land-based or terrestrial lines vs. slower-moving satellite, with cellular used as a contingency. In recent years, both terrestrial and cellular options have proven robust and business-ready, he says.
“In the past, the store could keep running if just the POS was working,” Heinen says. “Now [retailers] want the entire store up and running if the power goes out, which means accounting, ATMs, prepaid calling cards, loyalty, digital signage—everything.”
The second challenge of having a more complex data environment is integration. One of the reasons why many retailers won’t be able to make EMV liability shift deadlines (this past October for in-store POS and October 2017 for dispensers) is because processing, software and hardware specifications from numerous banks and firms along the transaction chain have only recently come out. Providers must still certify their products to make sure the data exchange works consistently. This past fall, more than 1,000 certifications still needed to materialize, says Gunderson of CITGO.
Retailers have struggled with automating business transactions for years. For many larger chains, such data transfer, called electronic business-to-business (or eB2B), has been a priority. Sebastian Conner, senior supply chain eB2B analyst for the 318-store Love’s Travel Stops and Country Stores, Oklahoma City, says the company has achieved more than 90% collaboration with vendors to conduct eB2B, including tasks such as invoicing, reconciliation and payment. In some cases, they’ve worked directly with vendors to standardize data formats; with others, the Love’s team has developed a “portal” that gives vendors a Web interface for communicating with Love’s.
Portals are a way for smaller companies to participate in eB2B quicker, according to Sharon Skoruppa, controller for Buc-ee’s, a 31-store chain based in Lake Jackson, Texas. She says her enterprise solution provider, Temple, Texas-based PDI, created a portal that allows her to conduct eB2B transfer with a significant number of her suppliers.
“It would have taken months for us to [go through testing] with each vendor,” Skoruppa says. “This way, PDI does the testing.”
Not everyone agrees with the portal method, however. Elizabeth Sertl, manager of customer business solutions for Anheuser-Busch InBev, St. Louis, calls portals “a necessary evil.”
While portals may make eB2B easier for some, Sertl says it “creates an extra layer” of complexity in the formatting and data-transfer process.
That said, eB2B integration is a big challenge. Even major manufacturers such as The Coca-Cola Co. struggle. This past fall, at the NACS Show in Las Vegas, Jeff Toeppner, director of e-business solutions for the Atlanta-based beverage maker, encountered a question while serving as a workshop panelist from a retailer who said he had trouble executing eB2B with his local Coca-Cola bottler.
Toeppner asked the crowded session how many other retailers had the issue, and about a half-dozen hands went up. In response, he said corporate is working hard to implement eB2B, but the company’s network of 70 or more distributors presents a challenge.
As the debate over eB2B integration continues, the most glaring concern continues to be security. Segmentation of cardholder data seems the go-to solution, which can happen in two ways. One is with a physical separation of cable. Another is by programming the “switch” box or hub connecting all of a store’s devices so that it will electronically create that separation. Either way, retailers can wall off vulnerable pathways from credit-card data, says Heinen of Acumera.
That said, cardholder data isn’t the only potential prize for hackers. Retailers are collecting a lot of customer information via loyalty and marketing programs, Heinen says, which can prove a liability as well.
“If you can’t protect it, don’t collect it,” says Brian Sletten, president of Bosatsu Consulting Inc., Fairfax, Va. Instead, methods are evolving that can help retailers learn about customer demographics and preferences using anonymous, shared databases. “It can help us get big data regarding our customers in a community-sharing [environment].”
So as digital needs at the store level change, so do the demands and requirements of the cables and boxes—the circulatory system—that pumps life into the Information Age.