Digital Transactions Authoritative, insightful and timely information for payments professionals
First Data Corp. this week captured big headlines with its $29 billion plan to go private (Digital Transactions News, April 2), but another development at the company could also have a significant long-term impact on the electronic-transactions business. The big processor late last month reported it has licensed patents from Newbury Park, Calif.-based PrivaSys Inc. that could make it a major player in the world of contactless and other newer payment modes currently dominated by card networks such as MasterCard Worldwide, American Express Co., and Visa USA, as well some specialty technology vendors. First Data's initial aim is to enhance payment security. “Through rights to PrivaSys's portfolio of patents, First Data will be able to expand and develop its contactless product offerings and migrate quickly to other emerging payment offerings such as mobile payments for debit, credit, and stored-value accounts,” a First Data spokesperson tells Digital Transactions News in an e-mail. “PrivaSys's technologies and solutions enable a secure choice and ease of use for consumers.” PrivaSys's technology can be used with various form factors, including conventional magnetic-stripe cards, key fobs linked to card accounts, and cell phones and personal digital assistants. The PrivaSys systems produce a so-called Dynamic Authentication Code (DAC). The transaction-specific code generates a unique set of trailing data in the discretionary data fields of the magnetic-stripe data packet for each transaction. The trailing data are decrypted to authenticate the cardholder. Protected by a portfolio of issued and pending U.S. and international patents, PrivaSys's technology aims to eliminate skimming of cards' mag-stripe data and card cloning because each DAC is used for only one transaction. At a Visa-sponsored security conference last month in Washington, D.C., Visa USA president and chief executive John Philip Coghlan said Visa would soon start testing what it calls dynamic authorization, essentially the same group of security technologies built around one-time transaction codes and authentication data that goes far beyond the traditional user identification and password. The First Data spokesperson would not comment on Visa's initiative. In its news release, Greenwood Village, Colo.-based First Data said it aims to become a “clear leader” in the processing of contactless and other emerging payment transaction forms. The spokesperson, however, refuses to give details of how the company will achieve that goal. “The licensing agreement with PrivaSys puts First Data at the forefront in being able to deliver the secure contactless and mobile-payment solutions our clients need to meet the demands of consumers for choice, convenience, and security at the point of sale,” she says. “As consumers choose wireless technologies, First Data will be ready to support the offering for merchants and for financial institutions. First Data is engaged with key players in the contactless arena to drive trials and device deployment and to test new business models, however, we cannot disclose specifics at this time.” Although concrete examples of what First Data will offer with the PrivaSys technology have yet to emerge, new systems that put the security onus on the transaction device and payment-processing systems and take the merchant out of the business of protecting cardholder data are the right choice, according to Steven K. Sprague, president and chief executive officer of Wave Systems Inc. Wave is a Lee, Mass.-based maker of software applications that support the so-called Trusted Platform Module security chips now on 50 million personal computers used by businesses and coming to consumer PCs. “Moving trust into the hands of the user is a very useful thing,” Sprague says. Noting the huge breach at retailer TJX Cos. Inc. that compromised more than 45 million cards, he notes, “today we give all our details to the merchant and we close our eyes and trust them.” While First Data could gain an early advantage as one of the first third-party processors to make a major move into mobile payment security, Sprague expects more processors to begin offering similar services. “At the end of the day, it's becoming very clear that securing this information is becoming very critical, and any processor that doesn't do it puts their business at risk,” he says.
