High-profile card data breaches made headlines in 2014 and aren’t expected to slow down2 into the New Year. While merchants can bolster their defense with PCI compliance and protect themselves from downside financial losses with insurance, there are additional methods that can help protect against the reputational damage and customer attrition that may accompany a card data breach.
In this post, we’ll discuss two technologies that can help combat the problem: end-to-end encryption (E2EE) and tokenization. Let’s take a closer look at both.
E2EE is a methodology that addresses security when card data is in transit. PCI compliant companies employ some level of E2EE as they are required to encrypt the data during transmission and “protect” it when it is stored. Most often this protection is in the form of encryption. In this scenario, the data has to be decrypted for processing and encrypted before being stored or transmitted.
Tokenization addresses security when the card data is in transit, at rest, and while in use. It replaces card account information with “tokens” generated by a third-party service provider and does not require merchants to store any card data. Tokens are designed to be used in place of card numbers by all of the merchant’s systems. While both techniques offer their own benefits, they can also be combined to create an even more robust solution. Every merchant implementation is different, so it’s important to choose a vendor with features that provide the most security and require the least amount of IT investment.