On December 18, 2006 retailer TJX first discovered some suspicious software on their network. On December 19, they hired General Dynamics and IBM to investigate. By December 21, they concluded that a hacker broke in.
Two large firms conducted the investigation in a consulting capacity in an effort to find the underlying cause of a potentially disastrous security breach. For any firm within the electronic transactions supply chain, finding and solving a potential security breach is one of the many ways a consultant can help. The value of consulting in the transactions industry can be worth its weight in gold with the right advisor and the right information to prevent big problems from occurring.
Security is only one category of problems that consultants may be able to solve. There are marketing problems, software issues, technology choices and dilemmas and many other issues in the daily grind of the industry.
Technology Implementation
When new technology comes of age, its implementation and adoption can be overwhelming for a firm who has never embarked on it before. Take contactless payment systems, for example. This technology is on the rise. According to ABI research, it is slated to quadruple in the next 4-5 years. Contactless payments are being used in European and US transit systems now where purchasers merely tap their card to a reader and it reads their data making a payment.
So you would like to learn about it, and include it in your business strategy. Where do you start? Finding a consultant with some expertise in this area might be a wise place to begin.
“When the first contactless financial pilots were beginning and thoughts of financial contactless key fobs began to be explored, it became evident that mass personalization of contactless cards and fobs would be an issue,” explains Barry Mosteller of Oberthur Card Systems. Oberthur is a full service supplier for the financial, telecommunications, and ID markets, and is a full service consulting firm to the industry. They offer consultation services for card products in the areas of IT, product development, design services, and security, among other areas.
“Oberthur moved to resolve these issues to remove the block for market growth. First, the development team designed and built a modification to an existing contact personalization system to allow mass personalization of contactless financial transaction cards while other issuers were doing desktop personalization. This development was completed 2 years before the Data Card contactless mass issuance solution was ready.”
“The mass personalization of contactless fobs required a different approach,” Mosteller adds. “Oberthur developed and patented the VersaFOB product which allows mass manufacture and personalization of contactless fobs using the existing credit card manufacturing process and equipment and still providing for unique client differentiation in shape, design, color and texture.”
As new technology comes about its implementation is best orchestrated by a consulting team with unique expertise that can design the equipment, card and needed devices with the entire transaction chain in mind. That sort of vision is what Oberthur offers and is something that an individual company might find very difficult to take on without any experience or vision beyond their immediate business.
“We will sit down with the client and their associates to listen and understand their vision and then provide direction and guidance for the project to insure we achieve or exceed their goals with the least risk and cost,” says Mosteller of Oberthur. “For example, a major financial institution came to Oberthur with their design house and presented their vision for a fresh unique new card design. The product development team and the design services group sat down with the client and their designers to provide ideas and direction for making this card a reality, pointing out the benefits and risks of the various solutions. The client and their designers finalize their design based on the suggestions using the solutions that meet their tolerance for risk and provide the ‘look’ that best fits their vision. This card will be launched in the near future.”
Implementing such a card is a complex project that requires astute project managers and Oberthur assists in this. “When the vision is complex, cutting edge, or the dream that has not yet been realized, Oberthur’ s product development team will manage the project for the customer, keeping the customer informed, and reacting to their input,” he adds. “A large card issuer has a vision for a unique card that can be stored in a smaller footprint then a full card. They come to Oberthur for feasibility testing, development of a process, including new specialized equipment and unique processes, and finally the industrialization of this process for mass production.”
There are many reasons that a consultant is needed to launch and implement new technology.
For one thing, in the electronic transactions industry new technology can accelerate sales and transactions. Such benefit is a function of knowing how the technology works, and having the time to figure it out and bring it into your own customer and vendor network.
A consultant who understands the technology and has some insight into the problems and glitches of such technology or any new technology for that matter can be a big help and can add significant value.
A good industry consultant with an understanding of the transactions industry and the roles and goals of issuers, acquirers, ISOs and merchants is key. Don Krasnosky of TransFirst Corporation has more than 15 years experience in the credit card and payments industry. He has served as a payment systems consultant working with such companies as MasterCard and 7-Eleven. In this consultative role, he specialized in payment-related products and services including credit/ debit and stored value products, transaction processing and electronic funds transfer. He was also responsible for overseeing the back-office operational functions such as merchant implementation, chargeback processing, help desks and credit and debit card reconciliation.
“There are multiple types of consultants that specialize in particular areas of our industry,” says Krasnosky. “There are those that work to assist you in a completing a “transaction” (buying, selling or gaining funding). These consultants can bring expertise on the current marketplace, financial experts and the ability to help you present yourself in the best possible manner. They bring an outside perspective to how others may view your company. Other consultants can assist you with an operational review of current practices in everything from Help Desk to PCI. When you need a quick education on a subject this group of consultants can be a great help.”
Merchants may also benefit from consultants in various capacities.
“Consultants play a huge role in supporting the efforts of our members,” says Tom Donlea of the Merchant Risk Council – a non-profit association of merchant firms utilizing electronic transactions as part of their routine business operations. “Many merchants outsource various facets of their transaction review (fraud screening) and need help setting up systems when just building their e-commerce functions.”
Risk Mitigation
Nowadays, merchants have to be mindful of the threat that natural disasters pose. Every time we turn around there seems to be a natural disaster that can blockade the flow of electronic transactions and commerce.
According to a Risk Management White Paper sponsored by the Electronic Transactions Association, “The key to any effective risk management program is follow-up. Once a merchant is identified as a concern, there is usually additional work to be done. A remediation plan may include obtaining additional information, implementing chargeback reduction plans, obtaining updated financial statements, and possibly increasing reserve requirements. In almost all cases a detailed conversation with the merchant is necessary.”
This illuminates the need for risk mitigation that might best be seen by a third party consultant who is familiar with the hidden risk and the perils that such risk imposes. Such third party may well be a consultant or advisor who is not related to the merchant. In some cases, such a third party advisor may be of best service if sponsored by the acquirer.
The white paper goes on to mention that risk mitigation is most
appreciated when adequate risk planning is brought to the forefront.
“The value of a risk management plan is to mitigate the financial exposure to the acquirer. This is done through improved processing performance, or increased reserves if the merchant continues to under perform. In most cases, if the merchant understands the financial risk involved, they will appreciate the need for an acquirer to mitigate transactional risk.”
When Hurricane Katrina struck there was a halt in electricity and communications – two essential elements for electronic transaction
vendors and professionals. A professional who specializes in
disaster and contingency management consulting may be an added layer of insurance at a time when hurricanes are forecast to be robust and on the upswing.
Security and Compliance
Ian White, Senior Security Consultant for CyberTrust believes there are several reasons that anyone in the electronic transactions supply chain might need a consultant – more specifically a security consultant.
According to White, a company uses a consultant it is often for one of several reasons.
“It does not have the required skills in-house, perhaps as it is a skill that is only needed for a limited period of time (perhaps only in a specific part of a project),” explains White. The needs of the company are temporary and not worth staffing up to meet such a
need. Sometimes they already have such skills and sometimes they do
not.
A more compelling reason is that a firm may have those skills in- house, but may need to supplement those skills on a temporary
basis. “The company does have the skills in-house, but need to
augment their staff for a short period to cover a particular project,” says White.
There is a clear case to be made in hiring and commissioning a consultant who is focused on a specific set of skills. When someone is focused on a specific set of skills, they are more apt to bring efficiency, as that is their professional focus. “The use of external consultants, especially if they are industry experts,”
explains White. [They] provide a measure of assurance that the work will be conducted in an efficient and professional manner.”
The professional and efficient focus is likely to give more confidence that to senior management that the consultant is an unbiased third party looking at a problem or need from the outside in. They represent an external set of eyeballs that can bring a fresh perspective that is not tainted by the existing culture. This is not to say that the in-house expertise is not valuable and knowledgeable – but often skills that operate within a certain environment may miss a bigger picture that an outside consultant can bring. “The belief that an external consultant will bring objectivity to the task and perhaps their findings will be viewed as more credible by senior management than the use of an internal person,” says White.
Such external expertise is particularly helpful in conducting PCI audits and gives credibility to an audit, given that there is no attachment to the firm. “There is an external requirement to use a certified individual,” explains White. “For example the use of an accredited company and certified assessor for PCI audits. For the electronic transaction industry, the main driver for change remains the PCI Data Security Standard and the increasing awareness that card fraud is not a crime that only affects financial organizations. For many companies the only way of implementing and in some cases developing the wide-ranging set of security controls required to meet the PCI Data Security Standard is through the use of external resources.”
PCI Data Security is one area that his firm specializes in and truly requires an outsider to insure adequate compliance. “For many organizations, reaching compliance with standards such as the PCI Data Security Standard is a major undertaking that requires
significant investment in both people and systems,” says White.
“While this investment may be considered business critical, it is not an exercise that organizations will typically wish to repeat. The greatest value that consultants can bring is to work with organizations to transfer their skills and help establish the processes that enable organizations to adapt to changes in technology, regulations, and of course, external and internal threats and vulnerabilities.”
Whatever skills are found in-house for PCI security standard compliance may be enhanced by a consultant. “With the complexities relating to interchange and the industry focus on PCI compliance consultants who can bring expertise in those areas can help a company utilize their own resources in a very efficient manner,” adds Krasnosky. This is fine as long as there are such skills found within an organization. Very often, they are not.
In PCI Data Security, specialized skills are typically not found within the client organization. “This is particularly true when considering areas such as data encryption, network security, and incident response—where specialist skills are required that would typically not be found within even a large retailer,” says White. “ For the larger retailers there is also a requirement to use a qualified person to conduct their on-site assessment; this would normally be done through an external company.”
The importance of hiring a security consultant for compliance with PCI Data Security Standard is a win-win for consultants and the clients who can benefit from their service. “In the future consultants in this industry should focus upon listening to their customers and being a trusted advisor,” adds White. “Successful consultants will consider their customer a partner who they are helping to achieve a common goal, perhaps reaching and then maintaining compliance with an external standard such as the PCI Data Security Standard.
Consultants may bring some “cross-pollination” or experience from other corners of the industry that one firm just may not see.
“A security consultant will typically cover many verticals and as such can see how different industries have implemented their systems
and controls, taking into account local requirements,” adds White.
“For example, similar processes and controls need to be in place at a
hotel reception, a clothes store, or a shop selling mobile phones.
This applies even more when dealing with a call center environment that takes payments. All of their merchant customers will have the same issues relating to the selection of call center personnel, the recording of calls, and the display of cardholder information.”
This is particularly true for merchants who are so focused on their business and industry that they may not know what practices in other industries could be valuable to their own operations.
“ In the context of the Merchants Risk Council, a trade association supporting the efforts of e-commerce retailers to fight fraud and manage risk, we constantly have consultants involved in committees and initiatives because they provide a vital ‘outsider’
perspective and need substantive interactions with potential merchant clients that are much more meaningful and leave a lasting impression,” explains Tom Donlea. “Our members have an educational experience or our strategic initiatives are advanced through the involvement of consulting firms and they gain credibility and connections.“
Mark Amtower is a consultant who specializes in helping clients understand the process of accepting credit cards and what it can mean to their business – most specifically in accepting government credit cards. “In my niche, business-to-government marketing, the government [state and federal] uses literally hundreds of thousands of purchase cards, they also help customers transition to level 3 processing, which many government contracts require.
His firm, Amtower Associates helps merchants navigate through the process of accepting government credit cards and explains their subtle differences between regular commercial credit card accounts.
There are still other consultants who advise merchants on buyer beware principles of interchange fees. Jeff Mandel advises small businesses about increases in credit card processing rates. He
allows them to see when fees are unjustified and result in
thousands of dollars each year in extraneous fees.
“Credit card processors are unregulated by the federal government and often use April [tax season] as an excuse to unfairly raise their rates and fees across the board for small business owners,” said Jeff Mandel, founder of StopTheMoneyMagic.com. Mandel also heads sales operations in Broward and Palm Beach Counties, Florida, for Heartland Payment Systems.
“Processors often blame their rate increases on credit card companies, but the truth is they’re just trying to boost their own profits at the small business owner’s expense.”
“I believe consultants can help companies see other ways of handling processes,” adds Don Krasnosky of TransFirst. “It is difficult and time consuming to keep up with every new product released into the marketplace. Hiring a consultant to sort through the good and bad and help you determine which may be the best fit for your organization can save time and money.”
Consultants wear many different hats and focus on different niches within the electronic transactions industry. At a time where total transactions are growing, as is technology to process such transactions, most any firm in the electronic transaction supply chain would be well served to tap the expertise of a consultant and benefit from the value they offer.
The future should highlight the value that a consultant can bring to industry players. Says Krasnosky: “in the future, consultants in this industry should focus on ways to make the acquiring business more simplified for their customers. As margins continue to shrink companies will be looking for ways to lower operational and acquisition costs, consultants can add value by understanding their customers and working with them to improve and streamline functions.”
3i Corporation - www.3i.com
Accomando Consulting Inc - www.accomandoconsulting.com
Adam Atlas, Attorney at Law - www.adamatlas.com
AG Edwards & Sons - www.agedwards.com
AGS Encryptions - www.agsencryptions.com
Allston Associates - www.allston-llc.com
AmbironTrustWave - www.atwcorp.com
American Capital - www.americancapital.com
American Special Risk - www.asrisk.com
Amtower Associates - www.FederalDirect.com
ASAP Consulting Solutions, Inc - www.asapengineering.com
ATS Worldwide - www.americantelemanagement.com
Atsec Information System Security Corp - www.atsec.com
Austin Ventures - www.austinventures.com
Autoproxy Networks - www.autoproxy.com
Avenue B Consulting, Inc - www.avenuebconsulting.com
B2 Processing Solutions - www.b2ps.com
Bresette Consulting - www.bresette.com
Business Insights Consulting - www.bici2.com
Capital Performance Group - www.capitalperform.com
Cash Flow Consultants Inc. - www.cashflow1.com
CC Pace - www.ccpace.com
Ceto and Associates - www.cetoandassociates.com
CTPartners - www.ctnet.com
CIT Group, Inc - www.cit.com
Constantine & Partners - www.cpny.com
CreditRiskMonitor - www.creditriskmonitor.com
Credittranz - www.creditrans.com
CyberTrust - www.CyberTrust.com
Cryptomeria - www.cryptomeria.com
CSH Consulting, Inc - www.cshconsulting.com
Diamond Management - www.diamondconsultants.com
Digital Barracuda - www.digitalbarracuda.com
Digital Resources Group - www.drgsf.com
Dove Consulting - www.doveconsulting.com
Dreifus Associates, Ltd - www.dreifus.com
ECL International - www.eclinternational.com
Edgar, Dunn & Company - www.edgardunn.com
epoch Data - www.epochdata.com
Essociate, Inc - www.essociate.com
Exante Financial Services - www.exantefinancialservices.com
Exec-Links - www.exec-links.com
Fair Isaac Corp - www.fairisaac.com
Far Point Consulting, Inc. - www.farpoint.com
Fast Capital, LLC - www.fastcapital.com
Field Guide Enterprises, LLC - www.gofieldguide.com
Guideline - www.guideline.com
First Annapolis Consulting - www.firstannapolis.com
First USA Funding, LLC - www.fusaf.com
FischerJordan - www.fischerjordan.com
Forte' Data Systems, Inc - www.fortedata.com
Fractal Analytics - www.fractalanalytics.com
Generation Partners - www.generation.com
Glenbrook Partners - www.glenbrook.com
Gores Technology Group - ww.gores.com
Gramercy Strategies, LLC - www.gramercystrategies.com
Greenhill Capital Partners - www.greenhill-co.com
Group W Partners, Inc - www.groupwpartners.com
GTCR Golden Rauner, LLC - www.gtcr.com
Harbor Capital Management - www.oldharborcapital.com
Heartland Payment Systems - www.HeartlandPaymentSystems.com
High Definition Consulting Group - www.high-def.biz
Integrity Bankcard Consultants - www.integritybankcard.net
Intelligent Results - www.intelligentresults.com
ISTS Worldwide, Inc - www.istsinc.com
Javelin Strategy and Research - www.javelinstrategy.com
jpSage Consulting, Inc - www.jpsage.com
Kessler Group - www.kessler.com
Lane, Berry & Co - www.laneberry.com
Law Offices of Paul Rianda - www.riandalaw.com
Leadership Advocates - www.leadershipadvocates.com
Lease & Finance Consulting - www.leasefinanceconsulting.com
LiveWire International - www.livewirekiosk.com
Magellan Consulting, Inc - www.magellan-consulting.com
Mercator Advisory Group - www.mercatoradvisorygroup.com
Merchant Credit Funding - www.merchantcreditfunding.com
Merchant Risk Council - www.MerchantRiskCouncil.org
Meridian Services - www.meridianservicesonline.com
Midsummer Capital - www.midsummercapital.com
MRI Sales Consultants - www.mriscs.com
Newbury Street Partners - www.newburystreetpartners.com
NewStar Financial - www.newstarfin.com
Noblett & Associates, Inc. - www.noblett-assoc.com
Oberthur Card Systems - www.oberthurcs.com
Orchestria - www.orchestria.com
Pacific Financial Solutions - www.pfuo.com
Paragon Data Services - www.paragondataservices.com
Perihelion Global - www.perihelion.com
Pine Creek Partners - www.pinecreekpartners.com
Planet Consulting - www.planetci.com
Portfolio Recovery Associates - www.portfoliorecovery.com
Portico Capital - www.porticocapital.com
Retail Payments Global Consulting Group - www.rpgc.com
Risk Management Consulting - www.rmconsulting.com
RL Zapin Associates, Inc - www.rlzapinassociates.com
Roth Capital - www.rothcp.com
RS Software - www.rssoftware.com
Ruesch International - ww.ruesch.com
Stephenson Group - www.stephensongroup.com
Stone Point Capital, LLC - www.stonepointcapital.com
SystemExperts - www.systemexperts.com
Systrends, Inc - www.systrends.com
Talisman Partners - www.valueadvisor.com
TDG-Phenix - www.tdgphenix.com
The Huttlinger Group - www.huttlinger.com
The Pelorus Group - www.pelorus-group.com
The South Financial Group - www.thesouthgroup.com
ThinkEquity Partners - www.thinkequity.com
Thomas Jackson - www.thomasjacksoninc.com
TopGrading Solutions - www.topgradingsolutions.com
Total Technology Ventures - www.ttvatlanta.com
TowerGroup - www.towergroup.com
TradeFirst - www.tradefirst.com
Transaction Network Services - www.tnsi.com
Trans-Domain Technologies - www.transdomain.com
TransFirst Corporation - www.transfirst.com
Tremont Capital Group - www.tremontcapitalgroup.com
Trident Capital - www.tridentcap.com
Ventures General Partner - www.trinityventures.com
VanBrackle Consulting Services, Inc. - www.vanbrackle.com
Warburg Pincus - www.warburgpincus.com
William Blair & Company - www.williamblair.com
Williams, Cohen & Gray - www.wcgcollects.com
|
