It seems as though every few months, we hear about a major data breach of a large company that leaves the personal information of thousands, even millions of consumers, exposed and vulnerable. You might recall hackings in recent years of household names including eBay, JPMorgan Chase, Home Depot and Target. Just at the start of this year, Wendy’s was the victim of a widespread breach that has potentially stretched to what could be considerably more than the 300 North American restaurant locations originally reported.
According to the Identity Theft Resource Center (ITRC), the total number of breaches to date in the U.S., captured in the 2016 ITRC Breach Report, has reached 489. This is an increase of 19.8 percent compared to this time last year. Since 2005, an alarming total of 6,300 breaches have been recorded and the trend is on the rise.
This brings us to a very obvious, yet necessary, point of discussion: better security. While hackers are moving quickly to outsmart companies and their systems, the increased acceptance of EMV technology throughout the country has been heralded as the only saving grace, an assumption which is just not the case. While EMV is an effective measure for reducing card-present fraud, chip cards in no way thwart potential hackers from carrying out a harmful data breach. So what else should be done? How do we protect customer credit card information no matter the payment method?
The straightforward answer is a combination of point-to-point encryption and tokenization — a level of protection that not only keeps customer information safe, but can significantly reduce PCI’s regulatory mandates (and costs) for businesses.
Let’s talk about what this combination really means. Point-to-Point Encryption (P2PE) is a payment security solution that guarantees the strongest encryption protection for card-present transactions, like those completed with terminals and mobile devices, as well as key entry transactions. To ensure cardholder data is truly being protected from the point of entry at a store, all the way to the bank, it’s important to use a PCI-validated P2PE solution. For example, CardConnect developed a P2PE-validated solution that is compatible with Ingenico devices. For more information on P2PE, check out this video from the PCI Council.
Just as P2PE is important for payment hardware, tokenization is the preferred security solution for online transactions. Tokenization is an irreversible mathematical process of substituting sensitive cardholder information with non-sensitive equivalents, or tokens, that would have absolutely no meaning to a hacker if they were to break into a system. For eCommerce, if payments are integrated into a website or application, a tokenization solution should fully protect all areas customers enter sensitive data. For more information on tokenization, Gartner, Inc. released a report — Market Guide for Merchant / Acquirer Tokenization of Payment Card Data — outlining the advantages of tokenization and notable vendors (including CardConnect).