What’s New in Payment Security? (More than You Think)

Encryption Keys

The payment industry is continually performing a balancing act. Consumers want fast, easy payment options — which could be a deal-breaker for some customers. A Baymard Institute survey found 34 percent of consumers have abandoned a purchase during online checkout because the site wanted them to create an account, and 26 percent decided not to buy when faced with a long, complicated checkout process. Also, 51.3 percent of in-store shoppers, according to the 2018 Global Path to Purchase Survey, will leave a store without making a purchase if lines are too long. However, even though consumers demand quick and easy customer experiences, they don’t want to sacrifice payment security to get them — they expect merchants to do everything they can to protect their payment card data and their accounts.

The constant search for the most convenient, most secure payments is driving advances in payment technology. Two new developments at Datacap demonstrate how we are making payments experiences easier, both for consumers and for your merchant clients, while also providing state-of-the-art payment security.

PCI-Validated P2PE

The Payment Card Industry (PCI) Security Standards Council defines point-to-point encryption (P2PE) as “applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.” With P2PE, merchants can assure their customers that clear-text cardholder data is never available to anyone with access to the network. 

A solution that’s designated as “PCI-validated P2PE” has been assessed and audited by a P2PE Qualified Security Assessor (QSA) to ensure it meets all PCI requirements for the application used at the point of interaction, secure management of encryption and decryption devices, and use of secure encryption methods and cryptographic key operations, key generation, distribution, loading or injection, administration, and usage.

Datacap’s PCI-validated P2PE uses our NETePay solution to accept a sale request from the merchant’s point of sale system and to communicate with the merchant’s EMV-enabled PIN pad. It then transmits encrypted card data to Datacap’s NETePay Hosted gateway, which sends encrypted data for decryption and transmission to the appropriate processor. The processor’s response is sent to NETePay Hosted and then back to the merchant’s POS system and PIN pad. 

In addition to payment security, one of the most substantial benefits the solution offers merchants is significantly reduced PCI scope. Datacap directly controls the PIN pad/card reader, so card data is always managed outside the point of sale system. Using the PCI-validated P2PE solution may also make merchants eligible to complete the self-assessment questions (SAQ) and reduce the number of questions they need to answer by 90 percent. They may also be eligible for the Visa Technology Innovation Program that enables approved merchants to discontinue the annual assessment process for PCI DSS compliance, or the Visa Secure Acceptance Program, which provides a safe harbor for fees if a Level 3 or 4 card-present merchants are compromised.

For Datacap partners benefits include a PCI-validated P2PE solution that doesn’t require additional integrations, an option for an easy transition to EMV, and a solution for compliant card acceptance using consumer mobile devices.  

Cross-Platform Tokenization

Tokenization is another technology that provides convenience along with payment security. Tokenization substitutes customers’ payment account numbers with tokens — usually randomly generated alphanumeric codes. The merchant can use the token to help recognize customers and automatically populate information during a payment transaction, streamlining some processes for customers, while removing sensitive card data from the merchant environment.

Additionally, like P2PE, tokenization reduces PCI scope, since readable payment card data is never stored in the POS system.

Tokenization has traditionally been payment processor specific, so, if a merchant changed processors, they’d have to update tokens. However, Datacap now offers cross-platform tokenization, which unties the token from a specific payment processor, giving merchants more flexibility regarding the processors they use. 

Cross-platform tokenization can result in significant time savings for merchants, especially those that depend on the technology for recurring billing, so they can provide uninterrupted, convenient, and safe processing that helps build customer trust and loyalty – without sacrificing processor mobility

Choose a Partner on the Cutting Edge

The push and pull between payment security and convenience will probably never end, especially as technology, the threat landscape, and consumer preferences continue to evolve. The smart choice for ISVs and VARs is to partner with an integrated payments company that won’t ever stop innovating and providing your customers with the convenient options they need to stay competitive – and secure.


Related Articles: