Merchant who store, process or transmit cardholder data, must be compliant with the PCI Data Security Standard. More often than not, PCI DSS Compliance is a starting point for protecting payments, not an achievement that can be crossed off a check list.
Headlines remind us of the ongoing risk of data compromise. A franchising company is the latest example. According to the company’s press release, an internal forensic investigation, launched after fraudulent activity was found on several payment cards that had been used at the company’s locations, identified suspicious files, including malware, on the licensees’ computer systems at 108 locations in 10 states. The franchising company is concerned that the suspicious files could indicate that an attacker(s) may have accessed data, including credit and debit card information. It is yet to be determined whether credit or debit card data was exposed.
To help you better understand how TrustCommerce’s security products could have helped prevent this “malware” attack, here are some key points.
Encryption at the Point-of-Capture
As illustrated by the recent breach, securing data at the point-of-capture is paramount. TrustCommerce supports point-to-point encryption (P2PE) through the use of encrypting card readers. With our integrated software solution, payment processing is not possible without the TrustCommerce key-injected point-of-sale (POS) device, helping to thwart “malware” attacks by turning the provocative payment card data into non-payment data. Thieves cannot steal what you do not have. Encrypting card readers protect payment data “in flight” as follows:
- Data is encrypted at the swipe “head” while still in the Capture hardware, no clear-text/PAN in POS
- Merchant does not have keys to decrypt the data
- Protects payments at the point of entry and is not susceptible to “malware” attacks
Tokenization
TrustCommerce provides a highly integrated tokenization solution that complies with and/or exceeds industry standards are replaces the need to even the encrypted card data “at-rest” with in back office databases and/or systems. Once generated, payment tokens are used as if they are the actual primary account numbers (PAN) or card-holder account numbers (CHAN) for any supported payment types.
Our Commitment
Whether processing in a face-to-face retail environment, or a card-not-present E-Commerce environment, TrustCommerce solutions protect our partners and reduce their risk. Our solutions are designed to protect cardholder data as it flows through the payment lifecycle.
Security and privacy elements are the foundation of all TrustCommerce applications, infrastructure, processing facilities, and corporate operations. TrustCommerce conforms to, and exceeds, all applicable industry security standards. TrustCommerce is fully PCI DSS compliant and remains so year after year. We are listed on the Visa Global List of PCI DSS Validated Service providers: http://www.visa.com/splisting