Select Page

The move to online payment channels means more convenience… and more risk.

The past year has been marked by a shift to online payment channels and brick-and-mortar businesses were forced to pivot due to the pandemic. This dramatic increase in online and mobile sales has been a difficult transition for some, even as it has been a hidden boon by moving merchants to omnichannel payments. Omnichannel payments present more opportunities to serve customers, but they also come with a large target for hackers.

As merchants become more comfortable operating in omnichannel territory, there will be a greater focus on security. This is timely as we begin to see an increase in malware, ransomware, and other emerging threats. No industry is immune from these threats, making it imperative that merchants keep sensitive data and payment information secure across the board. Here are some ways to do so.

Prioritize PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS) outline specific security guidelines that help organizations guard against fraud. PCI compliance is critical for all organizations that accept payment cards, and organizations often have a dedicated person or team to ensure that all criteria are met at all times. In addition to avoiding fines and fees, PCI compliance goes a long way in securing sensitive personal and payment data. In many cases, PCI compliance extends to the vendors and solutions you employ, so be sure that you’ve covered all your bases when evaluating compliance and scope.

Protect Customers with PCI-Validated P2PE

Point-to-point encryption (P2PE) is a great way to keep cyber criminals away from omnichannel payment information. With PCI-validated encryption, organizations can encrypt payment card information that gets entered through a P2PE-validated payment device. This includes payments through various channels, including call center payments, mobile payments, and card-present payments. End-to-end encryption (E2EE) is another type of encryption; however, it has not been reviewed and validated by the PCI Council. So E2EE does not reduce PCI compliance scope, complexities or costs. PCI-validated P2PE on the other hand, meets the following stringent criteria:

  • Encryption is performed within a PCI validated secure hardware device
  • Card data is encrypted with strong cryptography
  • Unfeasible to decrypt the data in the merchant environment
  • Devices are tamper proof and key injected by a PCI validated facility
  • Following these protocols ensures that sensitive data is devalued, making it worthless to any hacker that may gain access to a merchant’s software.

Add Extra Defense with Tokenization

Encryption provides strong security alone, but when combined with tokenization, it takes things to the next level. Tokenization replaces sensitive data text elements with a non-sensitive element, called a token. This token is not exploitable because it has no extrinsic meaning or value. The only way to drill down to the sensitive data within the token is via the tokenization provider, which retrieves and decrypts the token. That information can then be used to process a payment. Another way to look at it is that tokenization protects “at rest” data while encryption secures “in-flight” data that is traveling through the payment process. The former is especially helpful for merchants that process subscription payments, credits, refunds, or delayed charges.

Optimize Contactless Payments Security

According to one study, 30% of consumers have started using contactless payments since the start of the pandemic. Many posit that this consumer behavior will outlast COVID-19 as people adapt to the convenience of contactless payments. If your organization utilizes contactless payments, it’s important to safeguard your customers’ data by implementing a contactless solution that is P2PE validated.

Taking the steps above to secure omnichannel payments can help you optimize the customer experience while minimizing risk. If some of these steps sound overwhelming, reach out! Our team at Arrow Payments has deep, broad experience across all aspects of omnichannel payments security and we’d love to be of service. Contact us today for a free consultation.

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Higher Education’s Guide to Cryptocurrency

Higher Education’s Guide to Cryptocurrency

According to Coinbase, twice as many students report having taken a crypto course in 2019 and 41 of the top 50 universities have at least one student-led crypto and/or blockchain club. As people around the world continue to learn about and invest in cryptocurrency,...

How Ecommerce Merchants Can Avoid Falling Victim to Carding

How Ecommerce Merchants Can Avoid Falling Victim to Carding

Carding occurs when bad actors use large volumes of stolen credit card data to attempt to make small purchases on an ecommerce website. It’s sometimes referred to as credit card stuffing or just plain old fraud, and it’s bad news for eCommerce merchants.  What Does...

5 Cybersecurity Facts to Know in Higher Ed

5 Cybersecurity Facts to Know in Higher Ed

Data breaches have become an unfortunate part of life, and cybersecurity is now more important than ever. Many universities are struggling to adapt to managing data sprawl, cloud services, and a variety of digital payment methods. As things only become more complex,...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery