Tokenization, E2EE, and Other Secure Payment Solutions

How can merchants address the threat of a payment data compromise?

Credit and debit cards have rapidly become the preferred payment method across the globe. We all swipe our credit cards at the check-out counter and enter our credit card numbers into e-commerce websites, usually with little thought to where the data ends up. But there are people waiting on the other end of that transaction ready to capture payment data and use it fraudulently.

Network intrusions and data compromises continue to plague the payment card industry. At the 2012 RSA Annual Security Convention, RSAʼs Executive Chairman, Arthur Coviello, told the audience, “Our networks will be penetrated. We should no longer be surprised by this.” His statement came within months of the disclosure that RSA, one of the worldʼs largest and most respected security companies, had been breached and the code to SecureID, their two-factor authentication solution, stolen. Mr. Coviello then told the attendees, “The reality today is that we are in a race with our adversaries and right now, more often than not, they are winning.”

Trends in Payment Security Threats

Although RSA provides a revealing example of the difficulties even large organizations with world-class expertise have in securing their data, small companies should not be lulled into a false sense of security. The 2011 Data Breach Investigations Report (DBIR) identified 731 different data compromise cases, many of them within smaller companies.

These data compromises signal a frightening shift in stealing data from large financial institutions to stealing data from smaller merchants. As stated in the DBIR, “Criminals may be making a classic risk vs. reward decision and opting to ʻplay it safeʼ in light of recent arrests and prosecutions following large-scale intrusions into financial services firms. Numerous smaller strikes on hotels, restaurants, and retailers represent a lower-risk alternative, and cyber criminals may be taking greater advantage of that option.”

While e-commerce sites may appear to be easy and lucrative targets, it is the data retained by retail merchants that is of most value to criminals. In a face-to-face transaction where payment card data is swiped, the information captured from the magnetic stripe provides the greatest return and is, therefore, a criminal’s ultimate goal. Once this data is captured, criminals may manufacture fake cards themselves, or sell the data to counterfeit card makers.

Payment Security Shouldn’t Cost More

Traditional security approaches are no longer practical for merchants. Developing a network and security infrastructure sufficient to protect valuable data and reduce payment fraud requires expertise and a significant investment, both of which are often out of reach for small-to-medium sized, if not most, merchants. Partnering with a secure payment processor can be the best solution.

TrustCommerce works with merchants of all sizes who want the same data security larger companies can afford. TC SMART products offer tokenization and remove the credit card, debit card and other sensitive account information from merchant environments. By removing the data, you minimize your liability and allow specialists to take on the burden of storing, managing and protecting it. By storing data away from servers, networks and systems, you reduce your risk and lower your cost of compliance. TrustCommerce implements fraud defense solutions for both card-present and card-not-present environments that exceed industry standards: e.g., end-to-end encryption (E2EE), address verification (AVS), card security code verification (CSC), and more.

Security and privacy elements are the foundation of all TrustCommerce applications, infrastructure, processing facilities and corporate operations. We don’t believe merchants should pay more for payment transaction security. Using TrustCommerce, merchants won’t pay additional fees for PCI compliant data storage, encryption and tokenization—it’s all part of the transaction.

Our business is based on security and trust. We diligently protect cardholder data as it flows through the payment life cycle. Whether processing in a face-to-face retail environment, or as a card-not-present e-commerce environment, TrustCommerce solutions protect our partners and reduce their risk.