This year, stay-at-home orders and other COVID-19 precautions have forced thousands of brick-and-mortar businesses across the U.S. to pivot to an omnichannel e-commerce model. Sixty-three percent of consumers are currently avoiding in-store shopping, causing a dramatic year-over-year increase in online and mobile sales. If there’s a silver lining to this sudden shift to omnichannel payments, it’s that with more payment options come more opportunities to do business. But there’s also a catch. More points of sale aren’t just convenient for consumers – they’re also easy targets for hackers.
2021 will be a crucial year for cybersecurity. Experts predict there will be a marked increase in ransomware, malware and other threat vectors targeting payment and data intake points, from in-store purchases and e-commerce payments, to healthcare forms, to online financial applications. Here are four critical steps for keeping payment information and sensitive data safer in the New Year.
Make Sure You Meet PCI DSS Compliance
From restaurants and retail businesses to universities and governments, PCI compliance is critical for any organization that accepts credit card payments. The Payment Card Industry Data Security Standards (PCI DSS) are mandatory cybersecurity guidelines to help businesses reduce credit card fraud. Simply meeting the basics of PCI compliance will do a lot to ensure that your data is safe. That includes using PCI-validated payment products and solutions.
Strengthen Your Defenses with PCI-Validated P2PE
Point-to-point encryption, or P2PE, is another critical part of keeping omnichannel payment information secure against cyber thieves. PCI-validated encryption immediately encrypts credit and debit card information entered through a P2PE validated payment device – whether a transaction is card-present, mobile, or even made though a call center.
Not all encryption is equal. PCI-validated P2PE is stronger than E2EE, or end-to-end encryption. To quality for PCI validation, a P2PE solution has to meet three high-level requirements:
- The card data must be encrypted using strong cryptography
- The encryption must be performed within a secure hardware device
- It must not be feasible to decrypt the data within the merchant environment
This process ensures that even if a hacker does gain access to a merchant’s software, systems or network, the cardholder data has been devalued.
Double Down with Tokenization
Encryption is a strong cybersecurity defense, but combined with tokenization, your security will be even more powerful. Tokenization masks clear-text credit card data with a token, or random set of characters. To uncover the meaning of a token and utilize the data stored within them, the token must be passed to the tokenization provider, where it is then retrieved, decrypted and used to process a payment.
Whereas encryption secures data that is “in flight” as it travels through the payment process, tokenization protects data that is stored, or “at rest.” Tokenization is especially important for merchants who need to perform certain billing functions like subscriptions, delayed charges, refunds or credits.
Protect Contactless Payments
During COVID-19, contactless payments in the U.S. increased 40% in just the first quarter of 2020, and if the success of contactless payments overseas is any indicator, this new customer behavior is likely here to stay.
If you’re one of the many organizations that adopted contactless payments this year, it’s critical to choose a payment system that will keep your customers’ data safe. In an interview with Digital Transactions, Ruston Miles, Bluefin’s founder and adviser, warned that not every POS device that accepts contactless payments also encrypts data as it enters the terminal. To ensure that clear-text data never enters your system, you’ll need to choose a contactless solution that’s P2PE certified.
Devalue Your Sensitive Data
The high-level takeaway from these four cybersecurity tips: if you want to secure your omnichannel payments, you must devalue your data. Bluefin specializes in both PCI-validated P2PE and our ShieldConex® tokenization platform to secure payment, PII and PHI data, both at the POS and online.
To learn more about our cybersecurity solutions, contact Bluefin today.