Decembers breaches made the most headlines, but the bad news for retailers seems to keep coming every few days, alternating with the latest weather reports to make up a good chunk of every evening newscast.
While theres nothing you can do about the weather, retailers do have recourse. And that means its time to become proactive. Point to point encryption combined with the EMV standards is one way merchants can up their crime fighting capabilities.
By late 2015, the EMV chip card is going to be the new standard. The EMV chip card incorporates an embedded microprocessor chip. When it is inserted into a card device, the card is read and the customer enters a PIN number, instead of signing the receipt. Think about how useless a signature isanyone can sign a name, and when was the last time a store clerk actually compared a signature? And how does a clerk checking a signature even prevent a data breach?
So, problem solved?
EMV is still about the interaction with the card and the reader device. And that means the device could send clear-text account information to the POS, which is the same information as when a magnetic stripe, PIN debit or signature card is used.
Furthermore, PINs are hardly foolproof. Hackers can steal them, especially since many people still use easily guessed PINs such as 1234.
The key is to go one step furtherto the heart of payment technology.
Fortunately, upgraded commerce technology, referred to as point-to-point encryption or P2PE, is becoming available in North America. P2PE provides hardware-to-hardware payment data encryption and a secure terminal distribution chain, as well as streamlined and straightforward PCI DSS compliance.
P2PE works by encrypting all sensitive data once it hits the point-of-interaction device (POI) or payment terminal where consumers swipe their cards. From the swipe to the POS and all the way to the payment services provider, all sensitive financial data is encrypted. Additionally, the unencrypted data never touches the retailers memory, hard drive or network.
Because the sensitive information is never available in a useable format in the POS, the now-infamous malware and third-party network hacking attacks of late likely would have been prevented.
P2PE also has proven to be affordable because the responsibility for managing and maintaining PCI compliance is greatly reduced for the merchant, leading to decreased operational overhead and time lost to the audit process. In addition, as merchants deploy EMV-enabled POI terminals, implementing P2PE is an easy additional step.
Deploying a robust P2PE-enabled commerce platform when updating POS devices to EMV makes future expansion into mobile payments, incentives and better business intelligence simple. It also covers operational best practices regarding program maintenance.
While EMV paired with P2PE will ensure the highest levels of data security for every retailers payment platform, it isnt the only step worth taking. Retailers should also educate staff, share best practices with other companies, publically release information about hackings and communicate with consumers to rebuild trust.
Hackers will always be with us, but theres no reason to sit back and take it. By being proactive and using the latest technologyand facing problems as they occurthe chances of landing any unwelcome headlines will be sharply reduced.
Chris Kronenthal is Chief Technology Officer of FreedomPay