Conferma Enables Email Confirmations for Virtual Cards as Alternative for Faxes

Conferma now can deliver virtual card confirmations to participating suppliers via email, a practice that Payment Card Industry Data Security Standards previously did not allow without proper encryption. The new Conferma Connect service safely transmits its clients' virtual card information to all suppliers but will be especially useful for hotels, as it will eliminate the need to fax payment details.

Earlier this year, Conferma established a method to send virtual card details via direct connections with hotels, another option to get around faxing.

"I've spent the last seven years defending faxes," said CEO Simon Barker. "I should [get] an award for keeping that business going because we've sent hundreds of billions of faxes. Now I feel slightly hypocritical to say, 'Now we have a different way that's better than faxes.'"

Sending a PCI-compliant fax can cost between 9 and 16 cents, depending on the location, according to Barker, and Conferma estimates that Conferma Connect emails will cost corporate customers at least 60 percent less.

Conferma Connect will be a standard offering for Conferma clients. "We don't see Conferma Connect itself being a revenue generator," Barker said. "Our business is about driving more and more virtual card adoption and delivery around the world. We don't want to introduce a new cost."

How Conferma Connect Works

To be PCI compliant, emails have to be encrypted, ensuring that data cannot be intercepted. Until recently, though, an email recipient—or in the corporate world, the recipient's company—had to download third-party software to ensure that emails they received would remain encrypted, Barker said. Few companies take that step, though. "It always felt like email was the answer to transmission and delivery of virtual cards [to hotels], but making email secure was pretty much impossible."

However, many email servers—including the most common one, Microsoft Exchange—now accommodate Transport Layer Security, which embeds the encryption capability in each email, according to Barker. That means that any email that a Microsoft Exchange user receives is automatically encrypted. The same goes for emails sent to users of other email servers that accommodate TLS.

It's because TLS is becoming universal and encryption thus is becoming standard that virtual card information can be sent securely in most instances. Still, suppliers must opt in to Conferma Connect to allow Conferma to access the supplier’s email server in order to verify that the recipient's email address is capable of maintaining encryption, whether via TLS or another encryption protocol. “They agree that our email service can interrogate their email system to establish that they can meet the required encryption standards,” Simon said.

Each time Conferma is going to email a virtual card number, it again verifies that the supplier’s email system continues to meet encryption standards. That’s because it's possible for an email recipient to lose encryption capability, via a cyberattack, for example, or because the supplier changed its email setup.

If Conferma Connect detects that a hotel no longer is using an email server that supports TLS, it will automatically revert to faxing. If a hotel no longer has a fax machine, the corporation's travel management company can manage the transaction by phone, Barker said.

Acceptance

As TLS technology has gained acceptance, Conferma has been working on its email confirmation and transmission process with providers like MasterCard, Visa, American Express and Barclays and with PCI authorities to ensure they were satisfied with the process. "They all agreed it was a lot more secure than faxing," Barker said.

"A few things have come together," Barker said, citing Conferma's proprietary opt-in system for suppliers, the widespread availability of TLS security and Conferma's per-transaction verification that encryption is in place.

Conferma also has spoken to about 1,000 hotels—independent properties, not chains—to gauge interest and refine the workflow. It has piloted with 75 of them in the United Kingdom and Australia. "We've been dealing with a lot of hotels in Australia where they have email but don't have fax machines, so it's a great place to start," Barker said. Still, "it's early days yet ... and any change takes time."

Conferma expects more traction once it fully launches with TMC and global distribution system partners. "We see them as being the people who will be discussing this with their suppliers," Barker said.