Consumers are increasingly concerned about the security of their personal information. Nearly half of Americans believe their personal information is likely to be accessed by an unauthorized person within the next 12 months, and nearly half of cardholders are likely to avoid stores hit by data breaches. The result to small businesses is nothing short of devastating – 80 percent of small businesses that suffer a breach go out of business after 18 months.
POS credit card processing can seem risky for small businesses, but it’s a necessity as consumers use a debit card to pay nearly 60 percent of the time and a credit card 55 percent of the time. In this article we will take a look at four of the important security features for POS credit card processing.
One way to protect cardholder data during POS credit card processing is to use a system that employs tokenization. During tokenization, card data is replaced with a “token.” This token is generated by a third-party service provider, and is only useable by those entities with the payment card data required to process the transaction. The intent of tokenization is to address the risk of unauthorized access associated with stored cardholder data. Tokens are particularly useful in situations where a merchant needs to store the card number for future use like recurring billing or tip adjustment. In short, tokenization protects data at rest.
2. End to end encryption (E2E)
Another way to protect cardholder data during POS credit card processing is by using a system equipped with E2E, which encrypts card data from the moment a card is swiped, through the duration of the transaction. The intent of E2E is to address the risk of unauthorized interception associated with cardholder data-in-motion such as during transmission of a transaction from the POS terminal to the payment processor. In short, E2E protects data in transit.
EMV is the new payment security standard implemented by Visa, MasterCard, Discover and American Express. It refers to the use of payment cards embedded with a tiny “chip” which offers greater security features than a magstripe card when used with an EMV enabled device. Effective October 1, 2015, Merchants who have not made the investment in chip-enabled acceptance technology may be held financially liable for in-store fraud that could have been prevented with the use of a chip-enabled acceptance device.
4. PCI DSS
The PCI DSS (The Payment Card Industry Data Security Standard) includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. All merchants that accept card payments must comply with PCI. Non-compliance leaves a merchant vulnerable to a data breach and the ensuing negative fallout including fines, fees and lost business. PCI compliance is a critical piece of secure POS credit card processing.
While these four features are important for security in POS credit card processing, they are not the be-all-end-all. For more information, contact your trusted POS reseller and payment processing partners.