Protecting Your Business Beyond EMV, Chip and Pin

worldpay terminal

By Chester Ritchie, SVP, Worldpay US 

The payments industry has been abuzz with news surrounding the EMV liability shift that occurred on Oct. 1, 2015. While preparing to transition to EMV-compatible technology should remain a top priority for merchants, the often neglected, broader approach to payments security is something businesses of all sizes should be discussing as well.

In addition to EMV, cloud-based security solutions help businesses guarantee that all bases are covered by adding an extra layer of protection for cardholders. Most of these solutions ensure that the cardholder’s information never touches the merchant’s servers, placing the responsibility of data security on the payments processor rather than the merchant. Combined with EMV, these features will help protect your business from fraud. 

Tokenization

Tokenization is the process of converting cardholder data into a unique string of digits, or a token, that can only be used for the transaction at hand. To help visualize this process, think of your 16 digit credit card number being tokenized into a list of 16 random letters. If a hacker were to intercept this token, it would be useless because it only holds value to the payment processer that houses the card number. By masking the actual credit card number with a token, merchants and payment processors minimize account visibility and reduce the risk of breaches occurring.

End-to-end encryptionworldpay table

End-to-end encryption, often utilized in tandem with tokenization, secures cardholder data throughout the entire transaction. E2EE captures data at the earliest possible point in your POS system and uses an algorithm to create an encrypted version of the data that is immediately transmitted to the payments processor. After decrypting and authorizing the data, the processor re-encrypts the data and transmits it back to the POS to complete the transaction. By bypassing the merchant’s servers completely, E2EE guarantees zero exposure of plain text information, which protects both customers and retailers from attacks.

 

Vaulting

Vaulting mechanisms are used to establish recurring electronic payments, usually on a retailer’s website. With a vault in place, customers enter their credit card information when completing their initial transaction and select the “remember me” option to store the information for future transactions. Vaulting shifts the responsibility of securing data from the retailer to the payment processor, making the business more secure and providing a seamless checkout for consumers. Vaulting is an essential feature to have in place for online transactions because businesses cannot authenticate EMV cardholder information in person.

 

PCI complianceworldpay chip

Any organization processing, storing and transmitting credit card information is required to follow security standards set by the payment card industry to protect cardholder data. These standards minimize liability by establishing industry-wide security standards enforced on four levels, based on the transaction volume processed by each merchant. Therefore, depending on its size and the volume of transactions, a retailer may be subject to a level of PCI compliance beyond the minimum standard.

As the new global standard for payments security, EMV will affect consumers across all industries. Although EMV will ensure more efficient payment authorization, it cannot protect the full spectrum of your business’ operations. By incorporating cloud-based solutions into your security strategy, you can relieve the burden of securing and storing customer data yourself.

About the Author

Chester Ritchie is SVP of Worldpay US, a leading global payments technology and services company that offers services across the entire payments value chain and in any environment: in-store, online and via mobile devices. To learn more about Worldpay and how to prepare for EMV and beyond, visit www.worldpay.com/us/emv.

 

EMV – Chip & Pin is the hottest topic right now in Point of Sale.  Here are some other articles that we recently published:

Why Your New #Chip-and-Pin Card Reader Might Not Be Ready For Use
Verifone Talks About Credit Card Chip and Pin Issues
EMV Equipment, what is hot, what is available
EMV Progress Update – Cloudy with a chance of sunshine
Highline enables first EMV and Apple Pay purchases in Manhattan
The Point of Sale Industry Transitions to EMV. What progress thus far?
Clover Point of Sale Now Processing Chip-and-Pin

 

Subscribe using the Subscribe link on the left. Get the news once a month, once a week or once a day.  We respect your privacy and it’s free. 
 
The Point of Sale News ™ – www.pointofsale.com welcomes new advertisers/sponsors and great relevant content.  For more info use the Contact link at the bottom of the page
 
Need info on a specific topic or company?  Use the Search link on the upper left side menu to scan over 4,000 articles on this website.