The Path to Payment Security

With payment security currently in the national spotlight, CSO Rush Taggart and I decided to put together a white paper outlining our findings about recent data breaches and what could have been done to prevent them. The truth is, there’s a lot of misinformation out there—particularly when it comes to EMV—or chip-and-PIN—technology.

If you’ve followed the Target breach at all, you’ve likely heard the enthusiastic declarations that the answer to the world’s payment security struggles is a switch to EMV. Many news reports have implied that if the United States had transitioned all payment cards from magnetic stripe to EMV, the massive data breach would never have happened. That is simply not the case.

While EMV is a necessary step in the right direction in order to make credit cards more difficult and expensive to replicate, it does nothing to protect data while in transit or when stored. It also doesn’t address the issue of card-not-present theft.

Additionally, as we approach PCI 3.0 we have found that although the PCI Council has made some very important updates, compliance will not ensure total protection. In fact, even if the impacted retailers had been PCI 3.0 compliant, there is a high probability they would not have been protected from the attacks.

If EMV isn’t an all-encompassing solution and PCI 3.0 won’t solve the problem of payment security, what else can businesses do to protect their customers?

We believe the solution is clear: a combination of EMV, P2PE (Point-to-Point Encryption), tokenization, and an off-site hosted vault to store sensitive data. Not only would these technologies completely protect sensitive information, but businesses can remove themselves from PCI compliance scope, saving them time and money.

Click here to download our white paper, The Path to Payment Security.