For a major global payments processor we executed a detailed analysis on their core transaction processing technology architecture to establish a comprehensive requirements definition for a 6-year, multi-phase, EFT payments platform modernization project. Phase 1 of the project involved consolidation of two discrete debit platforms to a third one, and included moving 2 dozen EFT network links, thousands of ATMs, and hundreds of core banking interfaces from the deprecated platforms to the target platform. It also involved creation of advanced API middleware technology and CSS based GUIs for uniform user access to platform functionality.

For a well-known national credit union transaction processing network, established a comprehensive Vendor Compliance program that systematized regular gathering and performance of due diligence on relevant compliance operations related artifacts. The Vendor Compliance program also provided a automated method for handling customer compliance requests in a streamlined manner.

For the largest global retailer, served as consulting expert on a major lawsuit seeking damages for losses suffered due to a large processing outage sustained by a major Electronic Benefit Transfer (EBT) processor for 19 U.S states. Also, for a leading issuer & acquirer of branded payment cards, served as an expert witness on a federal case in which our client was seeking damages from a major payments brand for banning the sub switching of the transactions of that payment brand by our client.

For a leading global supplier of data protection technology, evaluated PCI compliance of a next-generation Hardware Security Module (HSM) product with PCI DSS 3.2, PCI PIN Security 2.0, and PCI Card Production 1.1 (Physical and Logical) Security Requirements, and PCI Mobile Payment Security Guidelines 1.1. Also, performed an analysis and executed certain remediation efforts on a new HSM Remote Management product with PCI PIN 2.0 and ANSI TR-39-2009 security standards for this vendor.

For a top 20 payment card issuer served as Project Manager for conversion of a Visa credit and debit card portfolio to MasterCard based EMV credit and debit cards. This involved working with a wide variety of credit and debit card processors, MasterCard, Open Solutions (Fiserv), credit union employees, vendors, and business partners.

For a large issuing and acquiring processor, developed the business requirements for a “connected-car” based petroleum C-Store merchant transaction interface which connects from the car through the cloud to Automated Fuel Dispersers (AFDs) to enable AFD functions and process pay-at-the-pump transactions.

For a global payments processor, developed requirements for an integrated client portal that provides a common user interface to 4 disparate debit card issuing platforms, 2 credit card issuing platforms, 2 prepaid card platforms, and 2 loyalty platforms.

For Merchant Customer Exchange (MCX) developed the network operating rules for open loop and decoupled debit payments on customer mobile wallets at the merchant POS.
For the largest credit union processor in the U.S., rewrote the shared branch operating rules to merge several discrete shared branch networks into one national network, and modernize the rules to address current technologies and industry data security standards.

For a tier-1 multilane retailer, analyzed the enterprise payment processing platform, technology infrastructure, and systems architecture employed by this retailer for processing electronic payment transactions in its 4,700 retail store locations and internet channel. We performed a detailed assessment of their corporate data center based payment processing infrastructure which is dedicated to supporting card and check based electronic payments for the overall enterprise. We also evaluated the technology configuration and approach that is in place at their retail stores for acceptance of electronic payment transactions.

Performed a detailed PCI DSS assessment on a major community bank on the technology infrastructure and operational policies and procedures which consisted of thousands or servers and workstations in a highly complex network topology. The bank supports over 200 branches and drives approximately 500 ATMs with an inhouse payment switch platform. This project was successfully completed and the bank now is one of the most PCI DSS compliant banks in North America.

For a global fuel pump manufacturer performed, a PCI PIN & TR-39 based security audit and provided remediation support for multiple Pump based SCDs, EPPs, Card Readers, Key Loaders, HSMs, and KDHs that cryptographically distribute keys, perform cryptographic pairing with other devices to perform processing payment cards.

Developed technical specifications and the initial business plan for implementation of a complete P2Pe solution for multiple PIN Entry Devices models from multiple vendors for a large government agency that deploys the PED with over 70,000 POS terminals and Kiosks.

Served as solution architect for the implementation of a tokenization solution for a fortune 50 multilane retailer to enable tokenization of card-based payment card transactions. Also, assessed this retailers payment card acceptance technology and established a future state payment technology architecture and roadmap based upon commercial off-the-shelf (COTS) solutions. Once the new architecture was implemented, it permitted the retailer to support new payment technologies as need by the business.

Established a new credit card processing architecture for a large Credit Union, including development of future state architecture blueprint, execution of an RFP process for acquisition of a card management system and related subsystems. Served as overall Project Manager for the conversion to the processor.

For the largest retailer in the U.S by number of outlets, developed the future state payments architecture, executed an RFP process for technology and acquiring processing, supported the implementation through to implementation of the future state architecture as originally designed. In this project we assessed the current state technology architecture of the client’s debit and credit card acceptance infrastructure which consisted of 80,000 POS terminals and kiosks at 30,000 physical brick and mortar locations. Then we developed the future state payments architecture for this client, and executed an RFP process to procure the technology and processing based upon the future state design we established. This architecture is currently processing more than 400 million debit and credit card transaction per annum.

For the largest credit union EFT payment network in the U.S., performed a detailed analysis on the network’s legacy telecommunications network infrastructure, and defined the future state telecommunications architecture to convert 6,000 ATMs & 1,000 core banking connections from leased lines to advanced network technologies such as MPLS, DSL and wireless. Executed an RFP to select a vendor to replace the legacy telecommunications environment with the future state design that we defined.

For multiple merchant processors and large retailers performed benchmark testing on various payments software applications such as commercial payment switches, POS & ATM driving, intercept switching, settlement and reconciliation.

For a large quick serve restaurant (QSR), developed Front-Of-House POS payment platform future state architecture as well as a transition plan for migration of the existing infrastructure to the future state.

Executed a payment risk assessment and recommended remediation measures for a leading global fuel pump manufacturer. The focus of this assessment was on the protection of customer-related aspects of security including card numbers, magnetic stripes, keys, PINs and other sensitive information, and on security related issues pertaining to facilities (i.e., the secure room for loading of keys to PIN pads, and other devices, etc.), PCI-PIN and TR-39. We examined the company’s potential vulnerabilities and risk exposure beyond certification and compliance requirements including identification of what the personal liability was to the executives in charge. From this we determined what types of protections (insurance, training, etc.) were needed, and outlined the security-related attestations (e.g., submitting a TR-39 report to a debit network) to be signed off on.