I've covered several different technologies related to credit card security over the last few weeks. Which ones should you implement and when?
I recommend implementing point-to-point / end-to-end encryption first. This virtually eliminates the potential for large-scale theft of credit card data from your system. It will likely require an update to your POS software and/or processing gateway and all new payment terminals, so it is not an inexpensive option, but it is well worth the investment. Check with your software provider to determine if and when the new technology will be available for your system.
The second most helpful technology is EMV / Smart Card technology. However, it only stops invalid card numbers from being used; it doesn't stop them from being stolen. So, it offers more protection for the consumer than the merchant. Also, it won't be generally available until sometime next year, and a lot can happen within a year.
I think tokenization is the least valuable of these technologies right now, although I believe it will become more important once point-to-point encryption becomes more widespread. Ideally, it will be implemented in conjunction with P2PE, for maximum protection.
--Lynda
I recommend implementing point-to-point / end-to-end encryption first. This virtually eliminates the potential for large-scale theft of credit card data from your system. It will likely require an update to your POS software and/or processing gateway and all new payment terminals, so it is not an inexpensive option, but it is well worth the investment. Check with your software provider to determine if and when the new technology will be available for your system.
The second most helpful technology is EMV / Smart Card technology. However, it only stops invalid card numbers from being used; it doesn't stop them from being stolen. So, it offers more protection for the consumer than the merchant. Also, it won't be generally available until sometime next year, and a lot can happen within a year.
I think tokenization is the least valuable of these technologies right now, although I believe it will become more important once point-to-point encryption becomes more widespread. Ideally, it will be implemented in conjunction with P2PE, for maximum protection.
--Lynda