Friday, April 11, 2008

Frontier Airlines Blames Credit Card Processor for Bankruptcy Filing

The Airline Industry, thanks to First Data may now consider HomeATM's PIN Based Platform as their primary payment choice

HomeATM recently signed a deal with Universal Air Travel Plan (UATP) and if anyone was wondering why the Airline Industry is interested in HomeATM's platform, you need to look no further than this mornings announcement that Frontier filed for Chapter 11.

Many will blame the high cost of gasoline, but in fact, the majority of the blame (according to Frontier themselves) is their credit card processor, First Data.

Follow this link to read the letter sent by Frontier's CEO, Sean Menke to it's employees in it's entirety. Otherwise, here's a pertinent excerpt of that letter:

This week, I was notified by our credit card processor that, as of Friday, April 11, due to "current economic conditions, the rise in fuel costs and the other bankruptcies around the industry," they intended to start withholding 50 percent of the credit card funds received from the sale of Frontier tickets.

If they went ahead and did this, tens of millions of dollars owed to us by our customers would have been withheld by the credit card processor, First Data. This would have drained our available cash almost immediately and would have made it impossible for us to continue normal operations.

Therefore, we decided to file Chapter 11 in an effort to fight this unwarranted step by the credit card processor so that we can continue to position the Company for long term success.I want to emphasize to each of you that this was very sudden and unexpected. We are the victims of a credit market that is very fragile and the tolerance for risk is extremely low. As I have stated many times recently, our executive management team has been working diligently and tirelessly to extend our
runway by securing additional cash to bolster our balance sheet. We were successfully making progress on a number of fronts that would position us well for the future and with the protection of the bankruptcy court, we plan to continue to pursue those opportunities.
It's simply amazing to me that a card processor, in order to mitigate "their" risk, instills immediate danger into a company's "very existence" by having control over funds that were not theirs to begin with. The time has apparently come for airlines to position PIN Debit, (not as an alternative payment), but as their primary payment mechanism. Here's more from Bloomberg...

Frontier took the step after its credit-card processor, First Data Corp., began withholding proceeds from ticket sales, the Denver-based carrier said in a statement today. First Data told Frontier April 8 it would retain half the proceeds of bankcard sales and increase collateral to $130 million from $54.5 million, according to a statement by Frontier Vice President Edward Christie filed with the U.S. Bankruptcy Court in Manhattan. If First Data's hold on proceeds went unchecked, ``it would have put severe restraints on Frontier's liquidity and would have made it impossible for us to continue normal operations.'' Menke said. First Data is based in Greenwood Village, Colorado.

I'll include more detail in next week's blog posting(s) but suffice it to say that PIN Based Transactions not only "eliminate the reserve" instituted by credit card processors, but also "lowers the transaction rate" (Interchange Fees) significantly.

Airlines are on the very brink and the issue of credit card reserves is going to explode in this space (if not in their face, as it has for Frontier) if the airlines industry doesn't start taking the necessary steps required to switch their payment choice over to the lower cost, more secure PIN Based transactional methodology that "their partner" HomeATM offers.

First Data actions today could not have driven this point home (or should I say HomeATM) any more clearly.

PCI Standards Again Questioned in Wake of New Breach

Interestingly, the brick and mortar world, (the one chock full of PCI Standard compliance demands), seems less secure than the Online world. Yet online retailers pay exhorbitantly higher fees than brick and mortar retailers. Card Not Present transactions are certainly higher risk transactions, but HomeATM's Internet PIN Debit platform, combined with their PIN Entry Device (PED) could cut risk significantly and thus save online retailers 100 basis points off their Interchange fees.

In yet another breach, this one from Advanced Auto Parts, Retail Wire questions whether or not we should move to Chip and PIN based transactions.

Here's the discussion in today's Retail Wire...

And yet again, an American retailer and its customers go down the road of data theft. In this case, the retailer is Advance Auto Parts and the most recent hack affected 56,000 of its shoppers in eight states - Georgia, Indiana, Louisiana, Mississippi, New York, Ohio, Tennessee and Virginia. Luckily, the customers from the stores in question represent a small portion of the total shoppers that frequent the chain's 3,261 stores across the country.

The discovery of the breach, as with those at other retailers, has prompted Advance to reassess its security measures. Others, at the same time, are once again questioning if Payment Card Industry (PCI) compliance standards are either fair or effective.

In a recent interview with RIS News, Dave Hogan, senior vice president and chief information officer with the National Retail Federation (NRF), expressed the view that more secure forms of payment such as "Chip & Pin" were available and proven in reducing fraud. He suggested that card associations should "provide (at no cost to the merchant) card readers that can accept these new types of cards."

Mr. Hogan also took issue with the amount of data that merchants are required to keep by banks. He called on financial institutions to "state that 'Retailers have the option to no longer store credit card data and they will not be penalized for not keeping credit card data."

To read the Retail Wire discussion, click here. I'm sure it will garner a lot of responses. Here is one from Evan Shuman, former eWeek contributor and StoreFrontBackTalk Editor:

To answer your question, yes, Hogan's concerns are quite reasonable. Much of this, though, is a lot of agreement on the easy issues. There are few who truly argue with the following:

1) PCI is not perfect and retailers who are fully compliant are still fully vulnerable. Even PCI's backers agree with this. PCI was never intended to be perfect security. PCI was never intended to be anything beyond a good starting point.

2) PCI has absolutely improved retail security today. Again, this is pretty much done unanimous. It's not gone nearly far enough, but any movement forward is good.

3) Banks are, for the most part, much better choices than retailers to store sensitive payment data. Again, no one ultimately quarrels with this. The issue involves infrastructure, politics and business costs. To make this transition would require tons of agreement from people who are not motivated to make such agreements. So arguing that it's better doesn't help much if it can't be done given the powers that be.

4) Chip and PIN is more secure than what much of the U.S. is doing. True. But Chip and PIN--as it's deployed in the U.K.--also has many issues. Making the transition would be costly, would meet with substantial infrastructure resistance AND it would still retailers far more exposed than is desirable. For the same extreme effort and cost, we could probably come up with a more secure approach.

It's also true that if all retailers strictly adhered to the common-sense rules (no default passwords, examine traffic logs routinely and seriously, strictly enforce procedures, etc.), we'd also be far better off.

This, however, doesn't address the Hannaford scenario where--based on currently available information--we have a retailer that indeed appeared to abide by all of the rules and still got burned by some aggressive cyber thieves. That's the more rare but far more frightening scenario.

Evan Schuman, Editor,

Disqus for ePayment News