Separating Fact from Fiction with Payments Security
Ray Moorman, Director of Product, EMV Solutions
The topic of payments security is all over the news these days. Whether it is the migration to EMV/chip technology or another high profile data security breach, stories of, and concerns about payments security are everywhere. What worries me is the amount of misinformation and half-truths out there that can confuse and overwhelm the small business owner. I want to take the opportunity to lay things out as straight forward as possible so that small business owners can evaluate their options and take action. Let’s start by getting some clarity about each of the terms below
- EMV/Chip card – The first important thing to understand is that EMV is not a technology to protect businesses from data compromises. Chip cards are used to help stop card present counterfeit card fraud. When a merchant migrates to support chip card technology they are increasing their protection against the potential fraud liability of accepting a counterfeit card to complete a transaction.
- Network Security – In order to help prevent a breach from happening in the first place small businesses need to enable strong network security. This includes firewalls as well as segmenting communication networks that transmit sensitive information that hackers would want to obtain. It is also critical to continual scan these networks to look for vulnerabilities, and patch those that are discovered.
- Data Security – Unfortunately even the best network security measures may still get hacked. If it can happen to the U.S. Government, it could happen to anyone. Implementing data security will help make the data stolen worthless. We typically break this term down into two technologies, encryption to help protect data in flight, and tokenization to help protect data at rest. We have seen more and more POS solutions coming to market that enable EMV with encryption and tokenization. This is a great strategy for a small merchant looking to invest in a POS technology upgrade.
- Physical Security – This item often goes overlooked, but it is a critical component. Businesses need to make sure that physical access to the POS is limited and secure. There are other simple things that merchants can do like not writing down card numbers and other customer information that will help improve their physical store security.
If all of this seems very complex that’s because it can be. It is very important that businesses make the decision to either create an internal discipline around security or find a trusted technology partner to handle on their behalf. Doing so is the first step in protecting their business from the financial and reputational damage that security vulnerabilities can cause.
Reach out to us if you need more information on how to secure your business.