2014 has been dubbed the year of the data breach and undoubtedly merchants are looking for ways to better secure their consumers’ data. One of the best ways to go about this is to incorporate software into your point-of-sale (POS) to ensure that it, and any information that enters it, is protected. Here are two technologies that can help keep your customers card data and personal information secure.
Merchants want to protect sensitive information and reduce credit card fraud. Point-to-point encryption (P2PE) is a combination of secure devices, applications and processes that encrypt data from the point of interaction (when the card is swiped) until the data reaches the solution provider. The card holder data is encrypted with an algorithm prior to performing an electronic payment transaction, making the data useless and unreadable to a potential theft or anyone without a decryption key. Even if the POS is compromised, the stolen data is useless without this key. The purpose of P2PE is to reduce the risk of the data being intercepted while in motion during the transmission from the POS terminal to the payment processor. With end-to-end encryption, card data are encrypted when the card is swiped at the point-of-sale and not decrypted until the transaction is forwarded to the card networks for settlement.
Tokenization is the replacement of credit card numbers by a random number, or token, helping to reduce the threat of it being accessed. Tokenization along side end-to-end encryption reduces the vulnerability of the data before the transaction is sent and after it arrives at the processor. With tokenization, card numbers can’t be fraudulently used for purchases.
Tokens can either be transaction-based or card-based. Transaction-based tokens refer to individual transactions and card-based tokens refer to individual card numbers and are reused every time the corresponding cards are used. Tokenization is recognized as one of the best ways of securing data in payments. Tokens reduce the number of points where sensitive information is handled and can be exploited. If an attacker manages to gain access to a merchant’s system, only tokens can be stolen, not actual payment information.
In this day and age, it is essential for merchants to advance their data security practices. By using EMV, encryption and tokenization technologies to store and transmit card numbers more safely, you not only protect your POS but also your customers’ sensitive data.