Conexxus Progress

Just a few things Conexxus has done, and is doing....

2017

STANDARDS

The Data Security Committee focused on its continuing mission to reduce data risk in the industry.  The Committee substantially completed by year end a new whitepaper, “Remote Access Compliance and Responsibilities”.   This whitepaper is designed to assist in educating and informing retail petroleum store operators/small merchants on cybersecurity issues.

The Retail Financial Transactions Committee substantially completed by year end a new whitepaper “Resources & Guidance for EMV Implementations in a C-Store Environment”.  This whitepaper provides links for educational information and frequently asked questions regarding EMV implementations in the US.

Conexxus created the Digital Offers working group, subsidiary to Retail Financial Transactions, in 2017 to complete its suite of mobile commerce standards (in addition to mobile payments and mobile loyalty).  The ability to easily and securely distribute, use, and accept offers issued by retailers and consumer package goods companies is viewed as paramount to the ultimate success of mobile payments.  The mission of the Digital Offers Working Group is to identify and develop standards for the exchange of data needed in a digital offers ecosystem.

The EB2B Committee substantially completed by year end a new resource guide explaining the benefits of adopting electronic file exchange for c-stores.

Device Integration released Site Asset Specification V1.0 in October.  PCI DSS V3.2 Section 9.9.1 requires retailers to maintain a list of devices in which cardholder data could pass through (including make, model, location, and serial number or other unique identifier). This standard enables retailers to electronically transmit this data and more for any device in your store environment.  Read an abstract of the Site Asset Specification on our Standards Page.

EVENTS and EDUCATION

Conexxus hosted members attending the National Retail Federation’s Big Show at the Javits Center in New York. 

The Conexxus Annual Conference was held at Loews Annapolis, with a record 174 people in attendance. Check out some great moments captured at the conference!  Committees met over 4 days to set their respective 2017 work agendas; covering topics such as EMV, data security, mobile commerce, digital promotions and device integration.  Keynote speakers Jeff Ma, member of the MIT Blackjack team, spoke about relying on analysis to stay on strategic mission, and Washington Post columnist Gene Marks spoke on staffing and marketing in the age of Mobile Millennials.  Education sessions were also presented on diverse topics such as:

  • Mobile checkout using NAXML,
  • Technology in Japan Convenience,
  • CIO Insights and
  • Industry Trends

Conexxus held its Annual Strategy Conference in Salt Lake City, hosted by Maverik at its downtown headquarters known as “Base Camp”.  The group of 30 staff and Gold members worked on improving Conexxus’ value to the industry, with special focus on the evolution of how standards play in the “API Economy”.  Wovyn (Internet of Things startup) and GoSkip (mobile self-checkout startup) presented their vision and products to the attendees.

Conexxus anchored the NACS Show’s Technology Edge program and floor area, serving over 700 IT professionals attending the NACS show and sessions.  Sessions included:

  • Enabling the mobile workforce
  • Preparing for EMV
  • Strategies for Customer Engagement
  • Using the NIST Framework for Data Security

Conexxus presented nine webinars, covering topics such as PCI compliance updates for small merchants (Level 4), ransomware, third party risk management, and payment security and risks. View a complete archive of the monthly Conexxus webinars.

ADVOCACY

Conexxus continued work that advocates for open access to technology and the needs of our industry.  Areas of focus are:

  • EMVCo: Conexxus is one of the only retail organizations that participates in the creation of chip-based payment platforms.  Through its membership, Conexxus intends to represent industry concerns and identify future specification requirements.
  • World Wide Web Consortium (W3C): Conexxus has, for over 2 decades, been one of the only retailer organizations to actively participate in this group that creates Standards for the internet.  Conexxus represents the industry through leadership in three areas of work:
    1. Web Payments – how web applications access standardized payment systems
    2. Digital Promotion – how web applications can readily integrate and support promotions pushed to consumers.
    3. Verifiable Claims – how web applications can identify or verify consumers without exposure to existential personal data.
  • US Payments Forum – representing industry concerns regarding deployment of EMV and Mobile Payments.
  • X9 – more than 2 decades of representing industry issues to this ISO body tasked with structuring the payments industry Standards in the US and abroad.
  • US Federal Reserve (various) – a decade of representing our segment’s issues and concerns related to the US payment system.
2016

STANDARDS

Mobile Payments standard v2.0 released, incorporating Loyalty standard and usability feature upgrades.  This standard continues to be the only complete mobile commerce standard in existence and is slated to have digital promotions and couponing adding to provide a complete mobile commerce ecosystem.

Conexxus was nominated by the card brands and EMVCo to design fleet operation tags that leverage the PAR discretionary data in the EMV specification.  This work is intended to provide complete indication of the unique fleet operations associated with future fleet chip cards.

Forecourt Device Controller Working Group (FDC) completed specification of integrating US requirements into the existing IFSF standard to achieve a singular global interface to control forecourt devices.

EVENTS & EDUCATION

Conexxus hosted members attending the National Retail Federation’s Big Show at the Javits Center in New York.  Booth tours at IBM, Microsoft and NCR were arranged, followed by a group dinner on Columbus Circle.

Conexxus provided nine webinars to the general industry that covered critical topics such as EMV, protecting dispensers and ATMs from skimming attacks, data security and response in the distributed network, and mobile commerce.  A complete archive of Conexxus webinars can be found here: https://www.conexxus.org/content/webinars

The Conexxus Annual Conference was held at the Loews Ventana Canyon, with a record 165 people in attendance.  Committees met to set their 2016 work schedule and finalize work done to date.  Futurist Michael Rogers provided the keynote address, and additional programming addressed key topics such as EMV, enterprise cloud computing, mobile payments and data privacy.  A complete agenda can be found here: https://www.conexxus.org/content/2016AnnualConference

Conexxus held its Annual Strategy Conference in San Jose, CA; hosted by VeriFone at its headquarters.  Along with working on marketing strategy to improve Conexxus’ value to the industry, attendees participated in select portfolio start-up company presentations related to mobile enterprise, artificial intelligence applied to data security.  Conexxus works with venture capital firms Kleiner, Perkins, Caufield, Byers, Greylock Partners, and Andreessen-Horowitz to identify relevant technologies for the industry, identify upcoming standards and keep the industry on the cutting edge in retail technology.

Conexxus anchored the NACS Show’s Technology Edge program and floor area, serving over 700 IT professionals attending the NACS show and sessions.  Sessions included:

  • Preparing for EMV
  • Strategies for Customer Engagement
  • Data Security

Conexxus membership visited the Microsoft Retail Experience Center (REC) in Redmond, WA.  The REC is a working demonstration lab of the latest retail technology, including mobile commerce, remote ordering, consumer tracking and behavior, interactive retail media and inventory management.

ADVOCACY

Conexxus intensified its work with the EMV Migration Forum (EMF) Petro Working Group to identify the multiple headwinds faced by our market in meeting the October 2017 liability shift deadline.  The issues identified by this group played no small part in the card brands’ decision to delay liability shift until October 2020, saving the industry close to $1B in added expense and liability.

Conexxus focused on expanding standards work within the World Wide Web Consortium (W3C, https://www.w3.org/ ) to standardize tomorrow’s web-based retail landscape to fully leverage the coming mobile improvements anticipated with the release of 5G mobile networks.  Conexxus led work centered in three key areas that improve the interoperability of online and instore mobile commerce:

  • Mobile Payments – work aimed at simplifying web/mobile commerce connectivity to the various forms of authenticated payments that may emerge.  This will allow tomorrow’s web-based customer shopping experience, with the security of today’s “app” functionality.
  • Verifiable Claims – work intended to provide personal identity information without exposing existential PII.  Through this work, age, identity and other PII facets can be validated without exposing critical personally identifiable information.
  • Digital Offers – this initiative seeks to standardize the usage of all manners of digital promotions from within the web application

Conexxus membership began work on reconciling ISO8583 payment standards in the fuels retail segment with the upcoming ISO20022 in conjunction with IFSF and nexo (FR), that has also received Conexxus input through its leadership within X9.  This work is in anticipation of global migration to the new payment standard from the existing bitmapped standard, and aims to have the petroleum use case included.

Conexxus also continued its work and advocacy with the US Federal Reserve payments initiatives, BACPAC payments roundtables, and Mobile Payment Workgroups.

2015

Annual Conference held in Annapolis included committee face to face work as well as an expanded offering of education content

Sponsored a technology leadership summit in Austin, TX, meeting with the Center for Identity at the University of Texas as well as Retail me Not

Hosted technology field trips to Microsoft Retail Experience Center

Continued to provide cutting edge content for the Technology Edge at the NACS Show and hosted the Technology Edge Center on the show floor

Continued to host monthly webinar series covering a variety of data security and technology topics

Electronic Payment Server (EPS) standard V2.7 and V2.8.1 released

Loyalty standard V1.1 released

Mobile Payments standard V1.0 released

Payment Systems Product Codes V3.7 released

Continue to participate in regulatory work efforts:

  • Federal Reserve Banks of Boston & Atlanta Mobile Payment Initiative Workgroup
  • Federal Reserve Bank of Richmond BACPAC
  • ANSI X9
  • World Wide Web Consortium (W3C)
  • EMV Migration Forum (EMF) - sponsoring member of the Petro Working Group
2014

PCATS rebranded Conexxus – to reflect its expanded mission and commitment to the industry

Re-launched the Annual Conference which allows committees to meet face to face and bring attendees premium education content

Payment Systems Product Codes V3.6 released

POS/Back Office V3.5 standard released

Electronic Payment Server (EPS) V2.6 standard released

Point-to-point Encryption (P2PE) V1.0 standard released – first standard based on X9 119.1 standard

Delivered on its mission by hosting a technology leadership meeting for attendees in the San Francisco Bay area.  Meetings were held with various venture capital firms and Microsoft executive leadership. 

Provided cutting edge content for the Technology Edge at the NACS Show

Advocated for the industry on Capitol Hill by providing the retailer's view on how payments, data security and privacy should be regulated and implemented

Created a monthly webinar series covering data security and emerging technology

Continue to participate in regulatory work efforts:

  • Federal Reserve Banks of Boston & Atlanta Mobile Payment Initiative Workgroup
  • Federal Reserve Bank of Richmond BACPAC
  • ANSI X9
  • World Wide Web Consortium (W3C)

 

2013

Global standards work - convergence of standards with IFSF

          -Device integration – Forecourt Controller

          -Electronic Payments – EPS Standards homogenization

Mobile Commerce work items added to Retail Financial Transactions Committee agenda

          -Added digital coupons and promotion to Loyalty Working Group

          -Mobile Payments Working Group to focus on interoperability with emerging technologies

Electronic Business to Business (EB2B) Retail Merchandise V1.5.22 standard released

Industry Data Breach database launched

Continued work with PCI and card brands to reduce complexity of small merchant risk mitigation

Participation in regulatory work efforts:

          -Federal Reserve Banks of Boston & Atlanta Mobile Payment Initiative Workgroup

          -Federal Reserve Bank of Richmond BACPAC

          -Sponsored ANSI X9/Federal Reserve conference on EMV

2012

POS to Back Office (POS/BO) V3.4.4 standards released

Electronic Payment Server (EPS) v2.5 standard released

Certification Committee becomes the Standards Quality Assurance (SQA) committee to improve standards clarity and implementation

Reducing card data risk of the industry:

          -Provided IP for NACS’ launch of the “We Care©” risk mitigation program

          -Held retail industry’s first breach simulation exercise, dimensioning preparedness for breach event

          -Created “8 Points” for small merchant data risk reduction, receiving endorsement from other trades

          -Negotiated simplification of Self Assessment with Visa, allowing small merchant use of SAQ

          -Released guides for protecting card data at forecourt

                    -Video on inspecting dispenser payment terminals

                    -Guide for protecting dispenser payment terminals from skimmers

                    -Employee training Guide for data security

2011

POS to Back Office (POS/BO) V3.4 standards released

Point-to-point Encryption (P2PE) Working Group established

Creation of Technology Research Committee

Standard document formats for specifications and standards established

2010

Integration of operations with NACS

          -PCATS remains independent organization with integral role in NACS

                    -Self-sustaining

                    -Self-directed

          -Becomes NACS’ technology resource for knowledge and advocacy

Data Security Committee (DSC) established

Reducing card data risk of the industry: SAQ compliance web tool launched

2009

Retailer Business Requirements (RBR), Technical Advisory (TAC) and Certification Committee efforts aligned:

          -Define Core Detailed Standards with the "which, why and how?"

          -Certification lab up and running

          -Expand PCATS Gateway participation

          -Complete standards documentation

Former data security Subject Matter Experts community – becomes Data Security Committee

2008

Standards Documentation

          -Detailed standard with business case

          -Established standards development and approval processes

Working Committee Efforts

          -Loyalty Standard

          -Open Site Architecture release

          -Electronic Sign Specification

AutoSafe Specification

2007

Content Management System

          -CMS tool online

          -Standards repository created

Working Committee Efforts

          -POS/Back Office Interface 3.4.1

          -EB2B Retail Merchandise 1.5

          -EB2B Motor Fuels 1.5

Pilot Efforts

          -PCATS Gateway

          -Lottery

2006

Initiated Retailer Business Requirements (RBR) Committee

Electronic Payment Server (EPS) Collaboration with International Forecourt Standards Forum (IFSF)

2005

Began standards work and expanded working groups

2004

Incorporated as Industry Standards Body

Acquired IP from NACS

Established Technical Committees