A priority for the entire payment ecosystem is protecting sensitive customer data and financial information, including clear-text cardholder data. When in the wrong hands, this data is a treasure trove for potential breach, theft, and vulnerabilities. It is vital that the behind-the-scenes payment processing infrastructure — including retailers, merchant banks, and payment processors — combines security and performance to enable safe and secure commerce around the world and minimize audit risks.
Many leading retailers and financial services are turning to two technologies: point-to-point encryption (P2PE) and tokenization to help eliminate clear-text customer data from being anywhere on the network. Combining both P2PE and tokenization creates a security powerhouse, recommends David Close, chief solutions architect at Futurex, as he explains in his latest article in The Green Sheet. Using both minimizes the risk of exposing customer data by storing it in a tokenized format and protecting it at every point of the interaction.
How P2PE works is data is encrypted at the initial point of capture, decrypted within the secure boundary of a hardware security module (HSM), and re-encrypted using a transfer key for payment validation by the processer. Customer data remains encrypted throughout the entire payment process, reducing the exposure of data.
Tokenization is a representation of the data, using cryptographically-generated substitute characters as placeholder data to preserve the data format. The token is linked to that specific cardholder account and, by itself, has no intrinsic value. The adoption of tokenization in this industry has ushered in substantial increases in security and an overall reduction in compliance costs for organizations around the world. In his article, David outlines the differences between vaulted tokenization and vaultless tokenization.
Read about financial services organizations’ security best practices to manage and secure the billions of transactions each and every day.