Though the EMV transition is a significant step in the effort towards making payments more secure, this EMV liability shift won’t solve mass data breaches on merchants.
This is because credit card data is stored, processed and communicated over a merchant’s network and then sent to the processor in clear text. Because of this, criminals are constantly trying to get into merchants’ networks in order to obtain credit card data, as well as other information.
This means that payment security requires a comprehensive approach, often with multiple security solutions – extending beyond cards to both the point of sale (POS) and storage.
Point-to-point encryption (P2PE) and tokenization have become a popular addition to EMV upgrades with merchants.
P2PE and tokenization remove payment data from merchants’ networks to a point-to-point solution, where payments will go directly to a terminal over a separate communications line while being encrypted throughout the entire process. Therefore, if a merchant were to be breached, there would be no available credit card data to be hacked.
Furthermore, P2PE also reduces the PCI scope for merchants so that less time needs to be spent on PCI compliance issues and more time can be invested in growing the business. It’s clear that the payments industry is moving towards a more secure system that provides benefits to merchants and credit card customers alike.
Because of that, there are many new P2PE solutions coming to the marketplace.
For P2PE to work, the data key needs to be loaded onto the terminal before it is sent to the merchant. The key is generally loaded by an Encryption Services Organization (ESO) inside their secure room to allow for maximum security efforts.
The less stress on the reseller and the retailer when it comes to payment security, the more everyone can focus on growing the business and improving customer service.
Beatta McInerney is business development manager of payments for ScanSource POS and Barcode.