{"id":2385,"date":"2015-05-19T11:00:22","date_gmt":"2015-05-19T15:00:22","guid":{"rendered":"http:\/\/www.nationaltransaction.com\/credit-card-merchant\/?p=2385"},"modified":"2015-05-19T11:00:22","modified_gmt":"2015-05-19T15:00:22","slug":"payments-threefold-defense","status":"publish","type":"post","link":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/payments-threefold-defense\/","title":{"rendered":"PAYMENTS\u2019 THREEFOLD DEFENSE"},"content":{"rendered":"<div id=\"attachment_2349\" style=\"width: 310px\" class=\"wp-caption alignnone\"><a href=\"http:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-content\/uploads\/2015\/05\/11406966045_b64704aece_o.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-2349\" class=\"size-medium wp-image-2349\" src=\"http:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-content\/uploads\/2015\/05\/11406966045_b64704aece_o-300x199.jpg\" alt=\"Security\" width=\"300\" height=\"199\" srcset=\"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-content\/uploads\/2015\/05\/11406966045_b64704aece_o-300x199.jpg 300w, https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-content\/uploads\/2015\/05\/11406966045_b64704aece_o-1024x678.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-2349\" class=\"wp-caption-text\"><a href=\"&lt;iframe src=\">&#8220;&gt;Credit: Flickr<\/a><\/p><\/div>\n<p>We\u2019re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion. While there is seemingly unanimous agreement on the need for heightened security, there\u2019s uncertainty about those who are tasked with actually implementing it. Let\u2019s dig deeper into EMV, P2PE and tokenization. How each will play a part in the next generation of securing payments, and how without properly working together they might just fall short.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Europay, MasterCard, and Visa<\/strong> <strong>(<\/strong><strong>EMV) &#8211; <\/strong>A powerful guard against credit card skimming. EMV also uses cryptography to create dynamic data for every transaction and relies on an integrated chip embedded into the card.<\/p>\n<p><strong>Downside:<\/strong> For Independent Software Vendor (ISVs), the biggest downside of EMV is the complexity of creating an EMV solution.\u00a0ISVs interested in certifying PINpads with a few processors face up to 22 months of costly work, and because there are a large number of pending certifications, processors will be backed up over the next few years.<\/p>\n<p>It\u2019s not impossible for an ISV to build EMV solutions in-house, but it\u2019s difficult and unnecessary when there are plug-and-play EMV solutions available. These solutions include pre-packaged and pre-certified APIs that remove most of the need for research, the complexity and the burden of time and cost.<\/p>\n<p><strong>Point to Point Encryption (P2PE) &#8211;\u00a0<\/strong>Secures devices, apps and processes using encrypted data with cryptographic keys only known to the payment company or gateway from the earliest point of the transaction, from tech-savvy criminals, jumping at their chance to intercept POS systems and scrape the memory from Windows machines.<\/p>\n<p>How does a key get into card reader? Through an algorithm called derived unique key per transaction <strong>(DUKPT)<\/strong>, or \u201c<strong>duck putt<\/strong>.\u201d DUKPT generates a base key that\u2019s shared with device manufacturers securely, where output cardholder data is rendered differently each time a card is swiped, making it impossible to reverse engineer the card data.\u00a0P2PE not only benefits the cardholders, but also the ISVs and merchants. PA-DSS certification was designed to address the problems created with cardholder data which is not encrypted.<\/p>\n<p><strong>Downside:<\/strong> P2PE isn\u2019t cheap if an organization wants to do it in-house. The secure cryptographic device needed to manage the keys, Hardware Security Module (HSM), can cost $30-40,000 but when it\u2019s built out, that total cost can jump to $100,000.<\/p>\n<p><strong>TOKENIZATION &#8211; <\/strong>The best way to protect cardholder data when it\u2019s stored is using tokenization, a process which the PCI Security Standards Council describes as one where the primary account number is replaced with a surrogate value <strong>a token<\/strong>.\u00a0For merchants dealing with recurring billing, future payments, loyalty programs and more, tokenization is critical.<\/p>\n<p><strong>Downside:<\/strong> Tokenization doesn&#8217;t prevent malware that\u2019s remotely installed on POS devices. It\u2019s possible, as seen with recent retail card breaches, for data to be stolen before it is tokenized. That\u2019s why it\u2019s essential to group tokenization together with P2PE and EMV to offer optimal security.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We\u2019re now nearly midway through 2015, and payment security still remains a topic that stirs up great concern and confusion.<\/p>\n<div id=\"more-button\"><a class=\"btn btn-more excerpt-more\" href=\"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/payments-threefold-defense\/\">Continue Reading<\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,109,629,830,11],"tags":[1960,1173,504,225,2777,1049,345,1315,1178,21,392,102,34,10,23,2773,2774,9,222,913,2776,2772,49,101,2775,2324,2687,808,59,1313,1373,1362,212,405],"class_list":["post-2385","post","type-post","status-publish","format-standard","hentry","category-best-practices-for-merchants","category-credit-card-security","category-emv-europay-mastercard-visa","category-payment-card-industry-pci-security","category-visa-mastercard-american-express","tag-pos-systems","tag-account-number","tag-billing","tag-card","tag-card-breaches","tag-card-reader","tag-cardholder","tag-cardholder-data","tag-chip","tag-credit-card-2","tag-data","tag-dss","tag-emv","tag-europay","tag-gateway","tag-independent-software-vendor","tag-isvs","tag-mastercard","tag-merchants-2","tag-p2pe","tag-payment-company","tag-payment-security","tag-payments","tag-pci","tag-pinpads","tag-point-to-point-encryption","tag-pos-devices","tag-processors","tag-security","tag-security-standards-council","tag-token","tag-tokenization","tag-transaction","tag-visa"],"_links":{"self":[{"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/posts\/2385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/comments?post=2385"}],"version-history":[{"count":4,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/posts\/2385\/revisions"}],"predecessor-version":[{"id":2389,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/posts\/2385\/revisions\/2389"}],"wp:attachment":[{"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/media?parent=2385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/categories?post=2385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nationaltransaction.com\/credit-card-merchant\/wp-json\/wp\/v2\/tags?post=2385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}