Datacap Logo

Merchants make a push for broader payments security adoption

 Pad Lock on top of Data

NACS, the National Association of Convenience Stores, has issued a statement encouraging payments providers to create an open process for data security standards such as tokenization. By making better use of this technology, retailers will be in a better position to safeguard their customers’ information, which can play a pivotal role in maintaining the confidence of consumers. Developers of point-of-sale technology will want to leverage solutions that support tokenization and other similar data security standards.

As NACS noted, payment card data is vulnerable at three different points: where the card is swiped or information is entered, where the data is stored and where card information is transited. Tokenization technology replaces key bits of account and identity information with unique, randomly generated tokens. This means that no data is stored or transmitted in an unsecured format, which can go a long way in reducing opportunities for credit and debit card fraud or identity theft.

“Tokenization will also be a valuable tool to secure data in other aspects of commerce, such as age verification identity checks, and storage and transmission of electronic health records and pharmacy prescriptions,” the NACS statement explained.

“Ensuring an open standards process for the development of tokenization technology will result in a final standards product appropriate for other aspects of U.S. commerce beyond just payments, and will be more easily and efficiently integrated into all hardware and software business environments,” the organization added.

Increased enterprise use of tokenization

As a separate study conducted by Aberdeen noted, substitution techniques such as tokenization are nothing new – even primitive forms of the process existed hundreds of years ago. However, the use of tokenization, particularly in the context of the Payment Card Industry Data Security Standard (PCI DSS), is relatively recent.

Now, companies can use tokenization for everything from protecting cardholder data to replacing end-user identifiers. According to the Aberdeen report, tokenization use among enterprises nearly doubled from 23 percent in the fourth quarter of 2009 to 40 percent in the first quarter of 2012 and continues to grow. For the most part, tokenization works. The study also found that tokenization users had 50 percent fewer security related incidents (such as unauthorized access to data) and the average cost per data incident is also down among tokenization users.

“Enterprises are benefiting from the broader range of tokenization solutions now available in the market, but selection of a specific solution involves careful planning and due diligence with respect to deployment models, tokenization types and methods, in scope and out of scope boundaries, and the degree of change required to existing applications, databases, files, backup and recovery, and other business processes,” the Aberdeen report concluded.

Tokenization: The answer to many retail problems

The use of tokenization can be a significant boon for retailers and may solve a number of problems they face, which is why point-of-sale software manufacturers need to consider incorporating this technology.

The use of tokenization in the payment process may be just what the doctor ordered in terms of enhancing encryption and protecting data. Gerry Grealish, chief marketing officer of cloud security software company Perspecsys, asserted that the use of encryption and tokenization solutions can reduce the footprint of data by as much as 90 percent, which could significantly cut back on the costly breaches that have affected so many merchants over the past few months.

It all comes down to making the best use of solutions possible. All parties involved with the payment process, from retailers down to the companies producing software for this equipment, should be looking to incorporate tokenization.