The move to online payment channels means more convenience… and more risk.
The past year has been marked by a shift to online payment channels and brick-and-mortar businesses were forced to pivot due to the pandemic. This dramatic increase in online and mobile sales has been a difficult transition for some, even as it has been a hidden boon by moving merchants to omnichannel payments. Omnichannel payments present more opportunities to serve customers, but they also come with a large target for hackers.
As merchants become more comfortable operating in omnichannel territory, there will be a greater focus on security. This is timely as we begin to see an increase in malware, ransomware, and other emerging threats. No industry is immune from these threats, making it imperative that merchants keep sensitive data and payment information secure across the board. Here are some ways to do so.
Prioritize PCI DSS Compliance
The Payment Card Industry Data Security Standards (PCI DSS) outline specific security guidelines that help organizations guard against fraud. PCI compliance is critical for all organizations that accept payment cards, and organizations often have a dedicated person or team to ensure that all criteria are met at all times. In addition to avoiding fines and fees, PCI compliance goes a long way in securing sensitive personal and payment data. In many cases, PCI compliance extends to the vendors and solutions you employ, so be sure that you’ve covered all your bases when evaluating compliance and scope.
Protect Customers with PCI-Validated P2PE
Point-to-point encryption (P2PE) is a great way to keep cyber criminals away from omnichannel payment information. With PCI-validated encryption, organizations can encrypt payment card information that gets entered through a P2PE-validated payment device. This includes payments through various channels, including call center payments, mobile payments, and card-present payments. End-to-end encryption (E2EE) is another type of encryption; however, it has not been reviewed and validated by the PCI Council. So E2EE does not reduce PCI compliance scope, complexities or costs. PCI-validated P2PE on the other hand, meets the following stringent criteria:
- Encryption is performed within a PCI validated secure hardware device
- Card data is encrypted with strong cryptography
- Unfeasible to decrypt the data in the merchant environment
- Devices are tamper proof and key injected by a PCI validated facility
- Following these protocols ensures that sensitive data is devalued, making it worthless to any hacker that may gain access to a merchant’s software.
Add Extra Defense with Tokenization
Encryption provides strong security alone, but when combined with tokenization, it takes things to the next level. Tokenization replaces sensitive data text elements with a non-sensitive element, called a token. This token is not exploitable because it has no extrinsic meaning or value. The only way to drill down to the sensitive data within the token is via the tokenization provider, which retrieves and decrypts the token. That information can then be used to process a payment. Another way to look at it is that tokenization protects “at rest” data while encryption secures “in-flight” data that is traveling through the payment process. The former is especially helpful for merchants that process subscription payments, credits, refunds, or delayed charges.
Optimize Contactless Payments Security
According to one study, 30% of consumers have started using contactless payments since the start of the pandemic. Many posit that this consumer behavior will outlast COVID-19 as people adapt to the convenience of contactless payments. If your organization utilizes contactless payments, it’s important to safeguard your customers’ data by implementing a contactless solution that is P2PE validated.
Taking the steps above to secure omnichannel payments can help you optimize the customer experience while minimizing risk. If some of these steps sound overwhelming, reach out! Our team at Arrow Payments has deep, broad experience across all aspects of omnichannel payments security and we’d love to be of service. Contact us today for a free consultation.