A while back, I spent some time working for Tesco in Welwyn Garden City. I didn’t get the opportunity to make it as a Trolly Wrangler, and I didn’t join the “Meet & Greet” team, but I was lucky enough to be able to spend half a day learning how to operate the till.
I was hired because Tesco were considering the options for a New Payment Platform.
This was around the time of the rapid rise in popularity of the Payment Card Industry Data Security Standard, when anyone able to spell “S-E-C-U-R-I-T-Y” suddenly became a payment expert, and at the same time, there weren’t enough Payment Experts around to tell that they weren’t!
Tesco had hired a bunch of Security Experts.
The Security Experts – ethical hackers, network security experts and security project managers – had essentially thrown away the established transaction processing logic, and operating standards, and everything else, and had created an alternative payment model of their own. I have to say that it looked good, and all the PowerPoint slides moved when they were clicked, and you could see the cards and the baskets and the data riding around in animated trolleys, but it wasn’t really of this world.
The Security Experts were experts in security, but not experts in APACS, ISO or Transaction Processing Logic.
The guys heading up the team realised soon enough that the team was working on the design of a secure system that did payments, when what they needed was a payment system that was secure. I joined the team later on, but my role was to guide the project in the general direction of card payments, without losing sight of the PCI. How could I lose sight of the PCI.
If you recall, this was around the time of the ever popular, and inspirational, PCI Singing Cowboy. We all took PCI very seriously indeed.
I played my part and answered lots of operationally technical questions about retail payment processing. I also helped the guys at Tesco formulate their comments and responses to some PCI Committee that they sat on by virtue of the fact that they represented a pretty large grocer.
I was also engaged with a guy calling himself the “PCI Guru”, who is still going strong, and the PCI Guru was one of the points of reference for the Security Experts. Thing is, the PCI Guru is from the USA and at the time, the USA was the chip card equivalent of the third world and he really hadn’t grasped the workings of EMV. There’s more but this isn’t the time or place, so follow on paymentmonkey.bsky.social.
Since we were developing systems that would ultimately drive the checkouts, it seemed to me to be a good idea for us to get to know the checkout process first hand. None of us had been near a till before.
I arranged for five of us to spend the day in the Hatfield Superstore, learning how to operate the tills, and here is the proof.
I helped with the development of the New Payment Platform processing principles, I helped with the responses to the PCI Committee, and I helped fill the gaps left by thinking that the EMV process was simply a mechanism for reading a PAN from a chip!
One day, one of the team – you know who you are – brought in a small, knitted, PG Tips monkey, wearing his original tee shirt, but with an oversized Visa logo attached by a paper clip. I became known as the Payment Monkey.
You can now find the Payment Monkey on bluesky at paymentmonkey.bsky.social and at paymentmonkey.net.
