Tokenization and Encryption Offer Layered Protection Against Data Breach
With the recent credit and debit card breach at Target, where over 40 million card numbers were stolen along with PIN numbers and CVV1 codes, consumers and retailers alike are expressing increased concerns over card security. What can merchants do in order to protect themselves?
The smartest choice for merchants to help avoid potential data breach involves a layered approach to card protection. A combination of both tokenization and point-to-point (P2PE) encryption can help ensure safety and security throughout the entire transaction process.
Encryption addresses the point after card data is captured, but is still waiting for authorization. This is a particularly vulnerable moment for payment information, but utilizing P2PE encryption can help mitigate risk. P2PE encryption takes the card data and turns it into ciphertext, which is unreadable. It creates this ciphertext using algorithms. In order to decrypt the ciphertext and get the good stuff, a key is necessary.
Tokenization is concerned with transactions that have already been authorized. A token, or surrogate value, is used as a replacement for the actual payment card data. Only the merchant implementing the tokens can figure out what the real numbers are. Tokenization is another intelligent choice in cardholder data protection: tokens are worthless numbers to criminals. It also protects the sensitive data once it is authorized, as the token is generated for transaction purposes and used while the real card data is kept securely in a server.
Utilizing both of these methods concurrently can create a comprehensive security solution to payment processing. Payment information is particularly vulnerable in these two areas: before and after authorization. By implementing a risk management structure as a two-pronged attack, merchants can protect valuable cardholder information and help eliminate the chances of something as devastating as a data breach.
Supported by the PCI DSS, P2PE encryption and tokenization are both smart methods of protecting data from breach. Luckily, Forte Payment Systems uses both technologies in a number of their products and services. Credit card processing with Forte implements encryption and tokenization, and our processing environments are hosted within tier 1 data centers that feature on-site armed physical security and 24/7 video surveillance. Alongside the multi-layered protection of the iDynamo card reader in our Mobile Payments solution and other POS technologies, you can rest assured that data is kept safe and secure throughout the entire transaction process.
Photo credit: rosmary