The payment industry is continually performing a balancing act. Consumers want fast, easy payment options — which could be a deal-breaker for some customers. A Baymard Institute survey found 34 percent of consumers have abandoned a purchase during online checkout because the site wanted them to create an account, and 26 percent decided not to buy when faced with a long, complicated checkout process. Also, 51.3 percent of in-store shoppers, according to the 2018 Global Path to Purchase Survey, will leave a store without making a purchase if lines are too long. However, even though consumers demand quick and easy customer experiences, they don’t want to sacrifice payment security to get them — they expect merchants to do everything they can to protect their payment card data and their accounts.
The constant search for the most convenient, most secure payments is driving advances in payment technology. Two new developments at Datacap demonstrate how we are making payments experiences easier, both for consumers and for your merchant clients, while also providing state-of-the-art payment security.
PCI-Validated P2PE
The Payment Card Industry (PCI) Security Standards Council defines point-to-point encryption (P2PE) as “applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.” With P2PE, merchants can assure their customers that clear-text cardholder data is never available to anyone with access to the network.
A solution that’s designated as “PCI-validated P2PE” has been assessed and audited by a P2PE Qualified Security Assessor (QSA) to ensure it meets all PCI requirements for the application used at the point of interaction, secure management of encryption and decryption devices, and use of secure encryption methods and cryptographic key operations, key generation, distribution, loading or injection, administration, and usage.
Datacap’s PCI-validated P2PE uses our NETePay solution to accept a sale request from the merchant’s point of sale system and to communicate with the merchant’s EMV-enabled PIN pad. It then transmits encrypted card data to Datacap’s NETePay Hosted gateway, which sends encrypted data for decryption and transmission to the appropriate processor. The processor’s response is sent to NETePay Hosted and then back to the merchant’s POS system and PIN pad.
In addition to payment security, one of the most substantial benefits the solution offers merchants is significantly reduced PCI scope. Datacap directly controls the PIN pad/card reader, so card data is always managed outside the point of sale system. Using the PCI-validated P2PE solution may also make merchants eligible to complete the self-assessment questions (SAQ) and reduce the number of questions they need to answer by 90 percent. They may also be eligible for the Visa Technology Innovation Program that enables approved merchants to discontinue the annual assessment process for PCI DSS compliance, or the Visa Secure Acceptance Program, which provides a safe harbor for fees if a Level 3 or 4 card-present merchants are compromised.
For Datacap partners benefits include a PCI-validated P2PE solution that doesn’t require additional integrations, an option for an easy transition to EMV, and a solution for compliant card acceptance using consumer mobile devices.
Cross-Platform Tokenization
Tokenization is another technology that provides convenience along with payment security. Tokenization substitutes customers’ payment account numbers with tokens — usually randomly generated alphanumeric codes. The merchant can use the token to help recognize customers and automatically populate information during a payment transaction, streamlining some processes for customers, while removing sensitive card data from the merchant environment.
Additionally, like P2PE, tokenization reduces PCI scope, since readable payment card data is never stored in the POS system.
Tokenization has traditionally been payment processor specific, so, if a merchant changed processors, they’d have to update tokens. However, Datacap now offers cross-platform tokenization, which unties the token from a specific payment processor, giving merchants more flexibility regarding the processors they use.
Cross-platform tokenization can result in significant time savings for merchants, especially those that depend on the technology for recurring billing, so they can provide uninterrupted, convenient, and safe processing that helps build customer trust and loyalty – without sacrificing processor mobility
Choose a Partner on the Cutting Edge
The push and pull between payment security and convenience will probably never end, especially as technology, the threat landscape, and consumer preferences continue to evolve. The smart choice for ISVs and VARs is to partner with an integrated payments company that won’t ever stop innovating and providing your customers with the convenient options they need to stay competitive – and secure.
Related Articles:
Featured
Cash may be king, but it’s also very costly for businesses. Could integrated payments make sense for your business?
Datacap offers ISVs and VARs the opportunity to integrate PCI-validated P2PE and cross-platform tokenization with the point of sale and payment solutions they provide.
As more businesses adopt omnichannel point of sales software to cater to their customers’ love of multiple payment options, it’s given identity thieves more avenues to steal.
“Recent data breach” is an often search term of late. It seems not a day goes by without word of a major retailer being attacked by a cybercriminal. The numbers certainly seem to suggest as much, as last year, there was nearly a 45 percent increase in data breaches for business…
Some POS dealers have been sued for selling systems that were not compliant with PCI DSS standards. How can you protect yourself if you face a civil suit?
Datacap Systems, Inc. has announced a new partnership with Bluefin Payment Systems and Monetary LLC to provide Bluefin’s PCI-validated Point-to-Point Encryption (P2PE) solution to point-of-sale (POS) …
Many merchants across the US do not accept NFC payments even though they have the ability to do so. What’s stopping businesses from supporting NFC?
Three major standards changes are hitting the POS industry this year. How can POS developers and resellers prepare for them?