With no governing body regulating the payments industry in the United States, card data security for online service merchants can be an iffy proposition.
And the tactics of payment providers without a set of regulatory eyes monitoring their moves can lead to some devious behavior.
But it also opens doors for companies such as Braintree Inc., a Chicago-based online payments and data security software provider, to rectify those uncertainties.
“With the lack of oversight, the ramifications for the payments industry in the U.S. is that it can be rife with unscrupulous practices,” Braintree CEO Bill Ready, a former executive with Accel Partners of Palo Alto, Calif., tells PaymentsSource.
Some processors inform online merchants who try to switch to another processor for service that they will keep the credit card data of the merchant’s customers, causing those customers to have to re-enter card data during their next purchase, Ready says.
“That’s why we believe in data portability,” Ready says. “If you go [to another company], the data is yours and you should take it with you. It should not be held hostage.”
Braintree banks on that type of reputable customer service to secure more clients and force other online processors in the industry to re-examine their own policies.
Industry analysts have said Braintree isn’t likely to knock out an online payment processor giant like PayPal Inc. any time soon, but the company, which is a registered independent sales organization and member service provider of Wells Fargo Bank, N.A., projects it will process more than $4 billion in online credit card payments for 2011.
A major reason for that success stems from Braintree’s view that credit card data security and compliance to Payment Card Industry standards is a vital service it can provide online merchants, Ready says.
In addition, Braintree persuades merchants they could lose potential sales by allowing customers to switch to another company’s site to complete a purchase checkout.
Before Braintree came into existence in 2007, e-commerce services available to merchants offered a system in which the customer making an online purchase would leave the merchant website at checkout through a link to the payment provider site, Ready explains.
Braintree’s approach is unique because the system takes care of 95% of the PCI overhead for merchants so they can be 100% compliant by no longer storing data, while the software assures merchants do not lose control of the checkout process, Ready says.
The company provides online payments processing and data security services for more than 2,000 online merchants, including restaurant reservation service OpenTable Inc., beauty salon reservation service Lifebooker.com, and hotel room finder Hotel Tonight Inc.
When a consumer pays OpenTable online for a restaurant reservation for a large party or special occasion with a credit card, the data is encrypted and a “token” created for the merchant. When that same consumer makes a future purchase, the merchant website sends the customer token to Braintree, which has the corresponding credit card data stored.
Calling the system a “cloud-based payment vault service,” Ready says the merchant system never touches the data that Braintree secures in its cloud-based vault.
“This is a tried-and-proven method, but the novel element for us is that the consumer never leaves the merchant website,” Ready says.
Online service merchants found a niche partly because consumers calling a restaurant directly and leaving a credit card number for a reservation had no way of knowing if an employee was just scribbling those numbers down on a napkin or piece of paper, Ready says.
Europe has a better system for dealing with the online payments structure through a regulatory initiative of the European Commission, Brian Riley, a senior research director and analyst with Needham, Mass.-based TowerGroup, tells PaymentsSource.
“In Europe, they have a whole special set of regulations for trusted service managers through the Payment Services Directive,” Riley says. “In the United States, we’re not quite there yet, so the consumer has to be careful about data security online.”
Braintree falls in line with PayPal in making data security one of its most trusted features, Riley contends. “That’s been PayPal’s story from the beginning,” he says.
Consumers should protect themselves by using a separate debit card for online purchases and keep only a small amount of money in that account, Riley suggests.
“There are no barriers for entry into the market for those online service merchants, and sometimes their security problems are just sloppiness, so the consumer has to be really cautious,” he adds.
Online services for restaurant or hotel reservations seem like great ideas when first introduced, but without knowing what kind of data security support they use, the consumer has to weigh in on the practical liabilities, Riley says.
Braintree increased its number of online merchants significantly just months after securing $34 million in venture capital from privately owned Accel Partners last summer (
What do you think about this? Send us your feedback.
