Payments security is a common topic in the news these days. From the migration to EMV chip card technology to reports of high profile data breaches, security concerns dominate much of the conversation about payments. What is most concerning is the misinformation that can confuse and overwhelm small business owners. I want to take the opportunity to clarify some of the terms so payments solution developers can evaluate their options and take action. Let’s start by reviewing the following:
- EMV chip card – The first important thing to understand is that EMV does not protect businesses from data compromises. Instead, chip cards are designed to help stop card-present-counterfeit fraud. When a merchant adopts EMV technology, they are helping to protect their business against the potential fraud liability of accepting a counterfeit card to complete a transaction– not preventing card data from being compromised.
- Network security – To prevent a breach that compromises sensitive card data, merchants and solution providers need to enable strong network security. This includes firewalls as well as segmenting communication networks that transmit sensitive information that hackers want to access. It is also critical to run continuous scans of these networks to detect and patch vulnerabilities.
- Data security – Unfortunately, even the best network security measures may still get hacked. If it can happen to the U.S. government, it could happen to anyone. Implementing data security will help make the data stolen worthless. We typically address this issue with two technologies: encryption to help protect data in flight, and tokenization to help protect data at rest. We have seen more and more POS solutions coming to market that enable EMV with encryption and tokenization. This is a great strategy for a small merchant looking to invest in a POS technology upgrade.
- Physical security – This item often goes overlooked, but it is a critical component. Businesses need to make sure that physical access to the POS is limited and secure. Merchants can do simple things to help improve their physical store security, like not writing down card numbers and other customer information.
If any of this seems very complex, it’s because it can be. It is very important that merchants make the decision to either create an internal discipline around security, or find a trusted technology partner to handle security on their behalf. This is the first step in protecting their business from the financial and reputational damage that security vulnerabilities can cause.
As a solution provider that enables payments it is paramount to offer some type of security solution to your customers. Security can be positioned as a differentiator for your business by how easy the solutions can be implemented and used, and by making sure that the solution does not impact other critical business functions like reporting, reconciliation, and analytics.
To learn about the payment security solutions Vantiv offers that you can leverage for your solution, contact us.