As the number of cyberattacks continues to climb, businesses have remained vigilant in doing all they can to protect their customers’ payment card data. Data protection strategies have varied from regularly testing and strengthening network perimeters to ensuring stolen data is worthless to hackers. Devaluing data so that it is no longer desirable to thieves can be achieved by implementing EMV chip, Point-to-Point Encryption (P2PE), and Tokenization.
EMV chip technology prevents payment cards from being cloned. The embedded chip enables a transaction code to be created for each purchase. A transaction code is unique to each purchase and cannot be replicated by counterfeit cards. Although online purchases are not protected by EMV technology, in-person transactions are safer when made with EMV cards.
Point-to-Point Encryption (P2PE) encodes card data as it travels throughout the transaction. Card data is encrypted when a customer enters the data to make a purchase, and the data continues to be encrypted until it reaches the merchant’s e-commerce database. Original card data is transformed via an algorithm and is only readable upon decryption by the receiver. By masking the card data in transit, P2PE makes the data utterly useless to thieves.
Tokenization allows merchants to avoid storing card data within their payment systems. Card data is replaced with a token which is a string of letters and numbers. Since the token is randomly generated, there is no algorithm for thieves to reverse-engineer to obtain the original card data. Merchants use this token to access their customers’ credit card information which is stored at a highly secure, offsite location.
With the increasing sophistication of hacking techniques and cyber incidents, safeguarding data has never been as critical as it is today. Devaluing the very data that thieves are after is a key strategy of card data protection. Whether it is through EMV chip cards, P2PE, Tokenization, or a layered approach employing all three solutions, businesses can make their card data more difficult to access and essentially valueless to cyberthieves.
