OMNIPAYMENTS / OMNICLOUDX

The Needs Today

Merchants must modify their customer service approach and refocus their operation to address a multichannel oriented business. They need to accept payments through traditional in store POS devices plus state-of-the-art mPOS, laptops and cell phones connected to internet. They expect both, the agility needed today to grow the business as new technologies emerge, and the availability of an Active/Active implementation that minimizes operational risk.

Transaction Processors expect their switching software to process and block fraudulent transactions generated through “physical cards” at traditional POS and ATM devices or through an increasing number of transactions generated using “virtual cards” stored in digital wallets. They expect to comply with government regulations though increased reliability while exploiting Active/Active implementation replicating data in both directions in real time.

Banks expect to extend their traditional approach approving/declining transactions in favor of an expanded role to join the Acquiring Business enrolling merchants and setting up connections with Payments Aggregators and Facilitators in an Active/Active implementation.

For short, a payments ecosystem where transactions can be processed using technology that is always available.

The Learnings

OmniPayments has been in the transaction processing business for 25+ years. During this period, we have witnessed the evolution of the payments industry and learned a lot from our interaction with customers.

We understand that consumers expect to be able to buy anytime, anywhere, and anyway they choose utilizing whichever channel and payments method suits them best at that moment in time.

Not so long ago (in the late 90’s), financial transactions were mostly generated using physical cards swept at traditional POS and ATM devices. Authentication methods were limited to PIN insertion and interaction with HSMs (High Security Modules). Back then, two factor authentication was not used in the payments industry, cloud offerings for payments processing were not yet available, and chip cards, virtual cards, digital wallets, and tokenization were only a dream.

Despite the general move towards internet-based payments, web services and APIs, we learned from our Customers in Latin America that payments in cash performed at remote correspondent banking locations need to work along with the concept of a “Cupo”, which assesses for each correspondent banking participant (based on some scoring criteria and risk factors), the amount of cash that can be kept on site before a flag is raised and transaction processing stopped. We also understood the importance of a solution that can compensate transactions to reward all players in the electronic funds transfer ecosystem, the amounts and complex government tax formulas owed as a result from their participation. We also acknowledged the use of fingerprints and biometrics at a local level as a means for user authentication.

The Evolution of the Business Model

10 years ago, Merchants, Processors and Banks didn’t have a choice.

The “On Premise” business model for a payments’ solution was predicated around the investment of capital to get software licenses, a hardware platform, and assign internal human resources to master, implement, and operate the solution. During the last 10 years we have witnessed how “payments’ solutions” have failed to meet customer expectations as represented by significant deviations in capital investments, need for frequent hardware technology upgrades, penalties arising from failure to meet PCI and local regulations, constant training of human resources, increased payroll expenses, etc. For short, the “On Premise” model for a payments’ solution has failed to positively contribute to the Merchant’s corporate Vision and Mission.

This paradigm has shifted towards a “Cloud” business model, where Merchants lease everything: software, hardware, and human resources to implement and operate a PCI based solution. Merchants pay for the services they consume, forget about software and technology upgrades and focus on their corporate business objectives while leaving the operation of the payments’ solution in the hands of experts. In turn, any Merchant can pay today a low monthly fee to use a world class payments solution.

OmniPayments is “Cloud” ready.

Our solution offers a robust fault tolerant, secure, PCI compliant, and scalable multichannel payments solution that will meet the sales growth while providing a superb payments experience to end customers and operational excellence through our team of payments experts complying with agreed SLAs.

The Challenges

The landscape of the transaction processing business is evolving.

The brands (Visa, MC, AMEX) are extending their reach in many countries looking for additional market share. For example, in Mexico and in Colombia, Visa and MasterCard have set up local entities to compete for the Clearing House business with established local processors. Visa is also promoting direct access to Visanet to reduce the dependency on established local processors in the countries.

OmniPayments has stepped up to this challenge and has been already certified to operate as a Visa Endpoint Processor. OmniPayments is using these licenses today to elevate transactions directly to both Visa and MasterCard for customers in Latin America.

Direct connectivity to Visanet enables OmniPayments to offer customers the consumption of Visa Value Added Services (VAS) as represented by Visa Direct, Visa Token Services and Visa Fraud.

The OmniPayments Standard Offerings

OmniPayments has been able to keep up with many of the challenges that characterize the evolving payments industry. Backed up by our expertise in cryptographic security, we have developed products and services that support the use of mobile devices to pay over the internet for goods and services.

OmniPayments provides full blown solutions to support online payments for Merchants, Processors and Banks. The following picture represents a high-level architecture of the ways in which OmniPayments can be deployed.

• Accepts transactions from any device, source or system.
• Validates device credentials, authenticates card holders and blocks fraudulent transactions in real time before they are routed to any destination.
• Complies with PCI PA-DSS mandates along with current EMV standards.
• Runs without disruption, while exploiting fundamentals of the HPE NonStop platform under a Service Oriented, Active/Active, extreme high availability Architecture.
• Proven to support + 1,000 million transactions per month.
• Interacts with Visa and MC global networks.

The Standard Offering

OmniPayments has been engineered taking these challenges into account. It includes the following “off the shelf, pre integrated” functionality enabled from our Omni software suite:

• Configuration Engine (we call it the OmniUI).
  • Represents a single point of access & control.
  • Complies with PCI expectations.
  • Implemented as a web service on the NonStop platform, it enables the configuration of all elements needed to deploy services, certify components and setup a production environment.
  • Eliminates the need-to-know details related to the low-level Procedure Calls required to manage a NonStop machine.
  • Enables a high-level view of software components using terminology familiar to experts in the Payments industry.
  • Reduces the risk of incorrect human intervention while solving production incidents.

• Access Control Layer (ACL).
  • Enables the registration of users to our “Windows Like” configuration engine.
  • Defines privileges, roles and responsibilities for each user.
  • Defines the rules applicable to each registered user.

• PCI Auditing.
  • Traces the activity of each user that gains access to the configuration engine.
  • Displays and reports activity detailing actions taken by registered users in the Configuration Engine, e.g. old and new values assigned by a user to some “timeout” parameter.

• Message Formats
  • Traditional ATM/POS devices and ISO8583 message formats have become legacy and merchants are deploying state of the art mPOS devices.
  • Processes transactions generated through old and new devices through the deployment of software components to manage XML, REST, JSON messages.

•  Merchant and Device Configuration.
  • Enables the setup of merchant information, including e.g. names, nicknames, locations, contacts, phone numbers, etc
  • Enables the setup of ATM/POS devices to be front ended by the application.
  • Includes the setup of e.g. serial numbers, encryption keys, application release, etc

• Cryptography (We call it OmniCrypto).
  • Represents a security broker with ample functionality managing PINs, Files, Tokenization, Keys, Digital Certificates.
  • Enables the setup of HSM modules to encrypt and decrypt keys.
  • Configures and executes dynamic key exchanges.
  • Translates PINs for “Not On Us” transactions.
  • Validates PINs for “On Us” transactions.
  • Defines the credentials for the delivery of email reports.

• Default Message Validations.
  • Checks content of incoming messages.
  • Confirms that Merchants and Terminals have been properly setup and are enabled to drive transactions.
  • Confirms that Merchants acting as correspondent banks have not reached “on premise cash flow security limits” (CUPO).
  • Checks the validity of Prefixes for acquiring and issuing institutions.
  • Confirms the expected routing for each transaction.
  • Confirms card numbers meets basic criteria to drive transactions.
  • Teams up with our Crypto Engine to manage the PIN.

• User Exits
  • Provides the functions to map the incoming request elements from client to the outgoing request elements to the provider and vice versa.
  • Enables the deployment of business logic needed to personalize transaction flows.

• Transaction Log (We call it the Four Point Logger).
  • Logs the transaction content at predefined registration stages.
  • Big aid used by administrators to trouble shoot transactions.
  • The first log is taken when the message gets delivered to OP. The second log occurs right before the message is sent to some “provider”, e.g. for authorization. The next log occurs when OP receives the response message from the “provider” and the final and fourth log is taken just before the response is delivered to the requester.
  • A fifth logging point exists and represents the financial content of each transaction.
  • The cumulative transaction set of all the fifth logging points is represented by the Settlement Extract File that is used by Compensation engines for the liquidation of transactions.
  • The Extract File is generated following Visa standard layouts.

• Scheduler Log (We call it the OmniScheduler).
  • Useful off the shelf presource for all maintenance activities.
  • Enables the scheduling of jobs (daily, weekly, monthly, at cutover time, on demand, etc) required to consistently report OP operation or to refresh data needed by OP for real time operation.
  • A set of standard reports are readily available and can be scheduled for email delivery.

• Fraud Engine.
  • Some of our customers call it the Fraud Blocker.
  • This functionality enables security departments and risk organizations to set up a set of rules to mitigate risk.
  • Blocks transactions perceived as fraudulent in real time.
  • Reports success for each rule.
  • Enables rules administrator to try out the performance of a rule under a Sandbox before deploying rules to the production environment.

• Data Replication.
  • OMNIPOS can run in an Active / Passive mode, or in an Active / Active configuration.
  • In any case, data has to be replicated between two machines (From the Active node to the Passive machine, or, between both Active nodes, while replicating data in bidirectional mode).
  • Our infrastructure looks at the NonStop audit trails and triggers replication accordingly.

• Dashboard
  • This functionality runs off the NonStop platform under the auspices of a Linux environment.
  • It enables managers to monitor the performance of OMNIPOS.

• Graphical information is nicely displayed to summarize transaction related information (every minute, hourly, daily, monthly, etc).