ATOS API: A zero cash payment processing environment without boundaries

When ATOS, a big corporate conglomerate (EUR 8.8 billion and 77,100 employees in 52 countries), decided that they wanted to become the dominant Digital Service Provider (DSP) for payments, they had a clear mandate on what they wanted to do. They wanted to build a payment enterprise without boundaries. [Wordline is an ATOS subsidiary setup to handle the DSP program exclusively]. One of the magic bullets out of that mandate was:

The growing trust of consumers to make payments for books, games and magazines over mobiles and tablets evolving into a total acceptance of cashless payments in traditional stores and retail outlets bringing the Zero Cash Society ever closer.

This required them to rethink the way they processed payments. They are one of the largest payments processors in the world, but they were primarily focused on only big enterprises and name brand shops using their services. Onboarding every customer took a long time, and the integration costs were high. After watching the smaller companies such as Dwolla, Square and others trying to revolutionize the world they decided it is time for the giant to wake up.

The first decision was to embrace the smaller vendors. In order to do that, they can’t be a high touch, very time consuming, takes forever to integrate and very high cost per customer on-boarding environment. They wanted to build a platform that is low touch, completely API driven, fully self-serviced, and continuously integrating yet provides secure payment processing transactions. In addition, they were also faced with moving from the swipe retail payment systems to support ePayment and mobile payments. Essentially, they wanted to build a payment platform that catered not only to today’s needs but flexible enough to expand and scale for the future needs and demands. They wanted to offer this as a service to their customers.

Read more of this post

Don’t be stupid, use (cloud) protection!

– By Andy Thurai (Twitter: @AndyThurai)

This article originally appeared on PandoDaily.

Looks like Obama read my blog! The White House got the message. Politicians now seem to understand that while they are trying to do things to save the country, such as creating NSA programs, they cannot do that at the cost of thriving and innovative businesses, especially cloud programs, which are in their infancy. Recently, Obama met with technology leaders from Apple, AT&T, Google and others behind closed doors to discuss this issue.

While American initiatives, both federal and commercial, are trying to do everything to fix this issue, I see vultures in the air. I saw articles urging nationalism among Canadian companies, asking them to go Canadian. In addition, they are also trying to use scare tactics to steer the business towards them, which is not necessarily going to help global companies in my view.

Read more of this post

Snowden gone, ripples remain!

– By Andy Thurai (Twitter: @AndyThurai)

[Original version of this blog appeared on PandoDaily magazine.]

Though Snowden is long gone now, the ripple effects that he created are going to remain for a long time to come. If you haven’t done so already, I suggest you read about the NSA surveillance programs PRISM and XKeyscore before you continue with this article.

Essentially, these government programs are creating nervous times for my Canadian, European and APAC customers who are using US cloud providers. Given the very strict data residency and data privacy requirements to protect their citizens’ sensitive data in these parts of the world, through “guilt by association” alone, the latest incidents have implicated most corporations that move their data across boundaries. One thing is certain: these programs that are exposed because someone came out in the public. Just because a specific country’s cloud provider hasn’t been accused yet (or not found guilty) doesn’t necessarily mean that they are not doing the same thing. There is a chance that they might be doing it and have not been caught yet.

Unfortunately, the cloud community spent years alleviating the fear of moving data to the cloud by entities. Those days, the fear was about hackers and disgruntled employees/partners accidentally or willfully exposing their data. Now they need to fight an uphill battle of convincing the entities not about hackers, but about legal entities and governments.

Read more of this post

The Façade Proxy

KuppingerCole analyst Craig Burton (of Burton Group originally) wrote a recent article about Façade proxies. You can read the article here: http://blogs.kuppingercole.com/burton/2013/03/18/the-faade-proxy/

As Craig notes,

“A Façade is an object that provides simple access to complex – or external – functionality. It might be used to group together several methods into a single one, to abstract a very complex method into several simple calls or, more generically, to decouple two pieces of code where there’s a strong dependency of one over the other. By writing a Façade with the single responsibility of interacting with the external Web service, you can defend your code from external changes. Now, whenever the API changes, all you have to do is update your Façade. Your internal application code will remain untouched.”

I call this “Touchless Proxy”. We have been doing the touchless gateway for over a decade, and now using the same underlying concept, we provide touchless API gateway or a façade proxy.

While Intel is highlighted as a strong solution in this analyst note by KuppingerCole, Craig raises the following point:

“When data leaves any school, healthcare provider, financial services or government office, the presence of sensitive data is always a concern.”

This is especially timely as the healthcare providers, financial institutions, and educational institutions rush to expose their data using APIs to their partners.

Read more of this post

PCI / Cloud Data Privacy webinar – Wednesday Mar/20 @ 12:25 pm

Replay link here for those who missed it. PCI/ PII webinar replay link.

———————————————————————————————————————————-

I am speaking at the SC World eConference this Wednesday (12:25 PM – 01:05 PM) with our customer WestJet on PCI Compliance/ Cloud Data Privacy issues. You can register at the link below. It is free. Plus you earn CPE credits! Attend the session to hear the WestJet use case on how they used Intel solution to get PCI compliant quickly without a long drawn IT engagement.

You can register here: http://tiny.cc/5p15tw

State of CA – Split Personality Syndrome?

It’s interesting to see that the state of CA has a split personality disorder! I wrote in a blog about a year ago how the state of CA is being a model citizen by forcing companies to protect consumer sensitive data by protecting the PII information (such as zipcodes and other sensitive information by classifying them as PII) and imposing penalties on companies that don’t comply. (Link here) But now, they sided with Apple stating that for on-line transactions the vendors can collect additional PII information that is not necessary for brick-and-mortar vendors. This means if you are an online retailer and collect such PII data, you need to have a mechanism to protect all this information you are collecting from your consumers, not just the PCI data but the PII data as well. In order to comply with this dual personality, you will need a solution that can encrypt and tokenize the sensitive information as necessary and as seamlessly as possible.

http://news.cnet.com/8301-13579_3-57567526-37/apple-wins-california-credit-card-privacy-case/

Protected: Follow-up on Global Payments breach

This content is password protected. To view it please enter your password below:

Password: