Protecting payment card data is critical to reduce the risk of fraud and identity theft. TransFirst® advocates a multi-layered approach to payment security including EMV® acceptance, end-to-end encryption, tokenization and Secure Commerce Architecture.
EMV cards, also known as chip cards or smart cards, have an embedded microchip which is difficult to replicate, making them nearly impossible to counterfeit. Chip card transactions involve dipping the card into the chip card reader. During the transaction data generated by the chip authenticates the card to the issuer. EMV transactions may also include a PIN, for debit or credit cards, which authenticates the cardholder to help prevent fraud through lost or stolen cards. The code generated during a purchase is only valid for that single transaction which means even if hackers were to obtain it, it would be useless information.
With end-to-end encryption (E2EE) and tokenization, payment data is encrypted from the moment it’s collected at the point of swipe and it remains encrypted or tokenized as it travels to and from the merchant and the processor. E2EE is IT terminology used to describe a solution that encrypts communications from one endpoint to another endpoint. It includes protections of both confidentiality and integrity of card data from the start of the authorization all the way through its path to the issuer. It involves the originating party encrypting the data to be readable only by the intended recipient, and the recipient then decrypting it, with no third party involvement in encryption.
Tokenization is the process of replacing a traditional card account number with a unique identifier — or token — that cannot be mathematically reversed. The payment token is restricted in how it can be used with a specific device, merchant, transaction type or channel. By using tokenization, merchants can store payment tokens, used only for their designated purpose, to eliminate the need to store card account numbers.Even if cybercriminals managed to get their hands on payment data that is encrypted and tokenized as it travels to and from the merchant and processor, it would be useless to them.
Another important layer TransFirst adds to effective payment system protection is Secure Commerce Architecture (SCA). It connects the terminal directly to the processor and prevents payment data from entering the integrated POS, or PC-based POS system. SCA eliminates the integrated POS as the channel most commonly targeted by cybercriminals for large-scale theft of consumer payment data.
SCA also provides the architecture through which merchants can engage consumers with targeted advertising, digital loyalty coupons and product offers at the point of sale to create more value for their customers.
TransFirst offers secure payment processing products and services and can help you to achieve and maintain PCI compliance to decrease your risk of electronic data fraud. Read our PCI Compliance Overview for more information on ways PCI compliant solutions offer important protection to merchants and cardholders.
EMV is a registered trademark or trademark of EMVCO LLC in the United States and other countries. www.emvco.com