The growing prevalence of Internet-connected devices, along with a seemingly endless string of data breaches, is creating more opportunity to convince retailers to safeguard sensitive account data through new technology.
Merchants with an "omni-channel" strategy, allowing consumers to browse and buy from a growing range of Internet-connected devices, are also opening up these channels as potential targets for hackers. Even those retailers focused on in-store sales must contend with a growing number of payment-capable devices including smartwatches, wristbands and mobile phones.
"Retailers are having a proliferation of payment methods. That trend isn't going to stop. There will be more types of devices in retail setting to interact and take payments with NFC," said Michelle Tinsley, director of security and mobile payment retail solutions at Intel Corp. "There can be vending machines that take NFC, wearables that can take payments. How do enable these experiences but do so in a way that is secure?"
Intel's answer is software is designed to shield data from the merchant's terminal as it travels to a bank's server. It developed Intel Data Protection Technology for Transactions in partnership with NCR to encrypt transactions as they move between computing device, point of sale system and server network.
Intel will sell the product to managed service providers, which will then sell the technology to retailers. Intel charges a software license fee to its partners, which then charge a subscription fee to users. Intel did not disclose its fees.
"[With] more varied endpoints and data-capture mechanisms, there are more points of exposure and a greater potential for a fragmented approach to security," said Julie Conroy, a research director at Aite Group. "The Intel offering appears to be providing a holistic encryption solution that will protect the data regardless of the capture mechanism."
More financial institutions are building apps for connected devices, and payment companies such as MasterCard and LevelUp are developing payment uses for wearable computing devices such as smartwatches and Google Glass.
Consumers who are frightened by recent data breaches at large retailers may be less likely to use these new mobile devices to make payments, Tinsley contends.
Intel's software, which will be available to retailers by 2015, supports EMV, mag stripe and NFC readers, and works with all retail point of sale form factors that have certain Intel processors. Initially, the software will be available on Intel Core's second, third and succeeding generations; as well as Intel Atom Baytrail-T and future Atom processors.
EMV-chip technology protects cards from counterfeiting, but a breach at an EMV compliant retailer would still affect unencrypted consumer information, Tinsley said. "EMV is great, but it's not sufficient."
Other payment executives have also suggested EMV would not have been sufficient to prevent last fall's Target data breach.
Intel's new security play also provides a potential alternative to prevailing e-commerce protections, said Al Pascual, director of fraud and security for Javelin Strategy & Research.
"When it comes to e-commerce and m-commerce transactions, the traditional data obfuscation solution has been tokenization," Pascual said. "It is possible that as this technology finds its way into more retailer terminals and consumer-facing devices, it could render tokenization less relevant for both point of sale and card not present transactions. That would certainly affect some of the recent industry initiatives and mobile payment schemes we have seen."