The Green Sheet Online Edition
November 23, 2015 • Issue 15:11:02
What you should know about payment security
Security should be a top priority for every business. While many headlines about data breaches usually focus on large retailers, like Target Corp. and The Home Depot Inc., there are numerous data breaches and fraud instances that we don't hear about, especially those that happen to small and midsize businesses.
According to a recent Kaspersky Lab study titled "Damage Control: The Cost of Security Breaches," http://media.kaspersky.com/pdf/it-risks-survey-report-cost-of-security-breaches.pdf, over 90 percent of respondents had experienced at least one security incident.
One data breach could cause a small business to go under. That's why it's critical for industry professionals to have an excellent grasp of payment security and how it works in new technologies. Here's a look at the different payment methods and the security behind each one.
When making an in-store purchase, you're used to quickly swiping your credit card. As you probably know, this recently changed, and swiping cards will soon become the old way to pay. Although swiping is on its way out, it's good to understand the security behind this method so you can explain the advantages of Europay, MasterCard and Visa (EMV) chip cards.
Mag stripe cards use the same technology as cassette tapes ‒ showing just how far behind the United States was before EMV came into play this year. Data is stored within the stripe on the back of the card, and it contains the consumer's account information. That same data is used repeatedly for every transaction, making it easy for hackers to pull this information off the card and use it to create a duplicate card. Fortunately, the United States has implemented chip cards to make in-store credit card payments more secure, but it'll be a while until swiping is completely gone.
With the liability shift now in effect, chip cards are the new way to pay. Each card contains a microchip that creates a unique token each time it's used during a transaction. This makes it nearly impossible for a criminal to create a counterfeit card to use during an in-store purchase.
When a consumer inserts a card into the EMV slot, also known as "dipping," the data is encrypted and a unique token is created, so even if a hacker were to access a consumer's information, the token displayed wouldn't be tied to the actual card.
During an EMV transaction, consumers are prompted by the terminal to either provide a signature or enter a PIN for verification. In some cases, transactions may not require either, depending on the total purchase amount. Currently, the majority of chip cards issued in the United States require signatures, not PINs. However, if a chip card is stolen, it's much easier to forge a signature than to guess a PIN. Given that PINs enhance security and most of Europe is already using PINs, it'll be interesting to see if the United States eventually changes its approach.
As new mobile payment services enter the market, mobile payment adoption continues to rise. The technology behind mobile payments is called near field communication (NFC), which enables two-way communication between two devices that are within a few centimeters of each other. Data is transmitted wirelessly. With NFC, consumers can complete transactions with a simple tap of a mobile phone. When paying with Apple Pay or Android Pay, consumers are required to enter a password or scan their fingerprints for verification. This enhances security, making it almost impossible for hackers to steal information or make fraudulent transactions.
In newer mobile devices, such as the iPhone 6S, a chip or "secure element" authenticates each purchase and completes the transaction. Similar to chip cards, a unique token is created in place of consumers' information when the data is transmitted. Employing the chip, unique code and touch technology makes it extremely difficult for hackers to access consumers' information.
Another factor to consider is that most consumers are attached to their phones, so even if a mobile phone were stolen and a hacker attempted to make a purchase, it's likely the phone would have already been reported stolen. With credit cards, it takes consumers longer to realize when they are lost.
Security should be top of mind to protect your merchants' data and that of their customers. When speaking with potential and existing merchant customers, explain the differences in security to help validate why they should adopt new technologies for their businesses. With the enhanced security and more consumers using new payment methods, there's no reason to avoid new technologies.
As Cayan's Senior Vice President, Sales, Michael Gavin is responsible for day-to-day management of the company's direct sales efforts including organizational structure, sales forecasts and overall strategies. He also oversees all sales activities within the company's agent channel, a growing network of more than 400 independent representatives throughout the United States. Michael has served as a key leader within the organization since joining the company in late 2000. An individual who has made numerous key contributions, Michael was the architect behind the design and development of the agent channel. Michael is a graduate of Merrimack College where he earned his Bachelor of Arts degree in Political Science. Contact him at email@example.com.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.