Retailers’ Options to Protect Customer Data

by Raymond Pucci 0

Payment card data breaches are now a regular occurrence, and typically it is the merchant’s data system where cybercriminals find a gold mine of customer information. As the following article relates, merchants have a number of security tools at their disposal.

As retailers test and adopt more payment technologies, such as mobile wallets, they are facing a more acute need to protect their customers’ data. Fraud costs U.S. retailers roughly $32 billion in 2014, up from $23 billion in 2013, according to a recent story in Business Insider.

Leading the precautionary measures are much-talked-about chip credit cards (EMV), which require special hardware at the register. Three-quarters of surveyed retailers put EMV implementation among their top three payment-related challenges this year, according to the report “The State of Retail Payments 2016,” from the National Retail Federation and Forrester. Eighty-six percent plan to be EMV-ready in 2016. Following are three ways retailers said they plan to protect their customers’ data through 2017:

Wall-to-wall coding: Ninety-three percent of the 59 North American retailers surveyed said they expect to have point-to-point encryption (P2PE) up and working by the end of 2017. Think of P2PE as the Cloak of Invisibility used in the Harry Potter stories. It conceals the credit card data from the moment it enters a payment portal, so it is encrypted before even being sent to the service provider.

Tokenization beyond a symbolic gesture: Six in 10 of the retailers surveyed (61%) expect to put multichannel tokenization into practice by the end of 2017. Tokenization, a technology that first caused a lot of buzz in 2014, is the practice of substituting sensitive customer data with a benign equivalent of identification symbols. “Tokenization protects cardholder data that is at rest in a retailer’s or vendor’s system by replacing the real 16-digit card number with another 16-digit reference number, thereby making it useless to a hacker,” the report explains.

Near-field communications are nearer: Half of the retailers surveyed said they would have near-field communications (NFC) in place by the end of 2016. An additional 22% plan to have it ready by the end of 2017. NFC enables two devices to communicate with each when at close range, making it especially relevant for mobile payments. Android, Windows and newer iPhone models (iPhone 6 as well as the Apple Watch) all include NFC technology.

In the EMV transition, merchants have faced their biggest systems upgrade since they converted from mechanical cash registers to POS computer terminals. They are now discovering that EMV does not solve all security issues, and customer card data still remains vulnerable to worldwide hackers. More software upgrades will be necessary to utilize the added security measures. Merchants will be looking for a cost effective solution as well as a seamless integration with their existing systems.

Overview by Raymond Pucci, Associate Director, Research Service at Mercator Advisory Group

Read the full story here

Featured Content