Dubai: Businesses processing credit and debit payments can help protect themselves against new and evolving fraud threats by implementing EMV chip technology, tokenization and encryption security technologies in conjunction. Today, payments industry stakeholders are looking at many security technologies to protect their businesses and customers, according to Smart Card Alliance Payments Council.
Chip technology: It improves the security of a payment transaction by providing cryptographic card authentication that helps protect against the acceptance of counterfeit cards. The EMV specification also offers cardholder verification and several means of transaction authentication that help safely authorise transactions.
A key objective for the payments ecosystem is to move away from the dependency on static data and toward the use of dynamic cryptographic data to secure all transactions. Recent data breaches have given acquirers, issuers, and merchants a clear understanding of the increasing risk associated with relying on static magnetic stripe data for transaction processing. Merchant processors and acquirers, who process, transmit, and store transaction data must secure it. Issuers must employ costly fraud mitigation schemes to prevent counterfeit transactions.
Moving to EMV technology reduces the burden on issuers, processors, acquirers and merchants. The cryptogram is unique for each transaction, and the data cannot yield the information required to create a counterfeit magnetic stripe or chip card. Issuers enjoy increased security due to dynamic authentication. Both merchants and issuers can make authorisation decisions with more confidence.
Encryption: Encrypting transaction data (both cardholder data and other data describing a transaction) can prevent intermediaries, such as hackers, internet providers, or application service providers, from discovering or tampering with the data. Two approaches to encryption are commonly used to provide such protection: end-to-end encryption (E2EE) and point-to-point encryption (P2PE). In a P2PE solution, the data is decrypted at each stop (e.g., merchant to processor, processor to issuer, issuer to merchant). In an E2EE solution, the cardholder data is encrypted at the point of entry and decrypted only at the intended recipient end. Both methods require an originating party to encrypt data so that it is readable only by the intended recipient. Both methods can simplify PCI compliance requirements for a merchant.
Tokenisation: Tokenisation replaces card data with surrogate values (or tokens) that are unusable by outsiders and have no value outside of a specific merchant or acceptance channel.
Tokenisation is a process that replaces a high-value credential (eg, a payment card primary account number) with a surrogate value that is used in transactions in place of that credential. Tokenization can map the credential to a new value that is in a different format or that is similar to the format of the original high-value credential. In payments, the objective of tokenization is to remove account data from the payment environment and replace it with something that is useless outside of the environment in which the token was created. While tokenization is not a new concept, recent data breaches have increased awareness of the need to protect payment account credentials.
There are different kinds of tokens and different ways to create them. A token can be merchant specific. It can be single use or multi-use. It can be stored and managed in the cloud, in a token vault, or at a merchant location.
