Protecting cardholder data at the point-of-sale is critical, with many merchants struggling with the choice of deploying tokenization or encryption. And throwing EMV into the mix takes the decision process to a new level. But Tiffany Trent-Abram, VP Global Product, Transaction Network Services sat down with MPD CEO Karen Webster to clear up the confusion and address where merchant focus really needs to be.
With the liability shift deadline quickly approaching, all eyes are on EMV, as both consumers and point-of-sale terminals prepare to make the switch to chip-enabled cards. But as Trent-Abram explained, safeguarding cardholder data requires much more than just EMV.
“EMV, of course, isn’t an end-all for replacing encryption and tokenization; it is simply validating that the consumer is who they say they are. It doesn’t change the fact that transmitting data from the merchant and getting it approved through to the processor still needs to be encrypted,” Trent-Abram said.
Preventing hackers from accessing and stealing data while in transit is crucial, which is where tokenization and encryption solutions are needed the most.
However, many merchants are still confused when it comes to implementing tokenization and encryption, ensuring PCI compliance and the implications of where and how EMV fits in.
“Merchants come to us typically looking for one or the other, either managed POS encryption or tokenization. But as we start the discussion about how the two solutions work together, more times than not they decide to go with both, simply because they didn’t realize how encryption works or the power of tokenization but specifically the power of both of them combined,” she explained.
One of the biggest hurdles comes in not only understanding how tokenization, encryption and EMV work together to secure transactions but also determining the priority in which these should be implemented.
According to Trent-Abram, merchants are beginning to realize a phased or layered approach is key. This allows the merchant to focus on encryption and tokenization first, with EMV and changing out terminals a very close second.
But establishing encryption and tokenization solutions, while also remaining compliant with newly released PCI standards, can pose many challenges to merchants.
The managed POS encryption and tokenization solutions offered by TNS aim to address the difficulties that come with bringing these services in house, such as setting up and maintaining the necessary servers, infrastructure and associated expenses.
“We are taking that burden from the merchant. They just simply know that the data is encrypted from the point-of-sale, and then we will hand them back a token and they are loving that,” Trent-Abram explained.
“It’s not a short process by any means, but once they have that, they still aren’t bound to a specific processor, can have their gateway at the front end and send transactions wherever they want to. All of this is possible while knowing the data is tokenized and the transactions are secure. But most of all, knowing that for them the burden of PCI compliance and the risks associated with those transactions is greatly minimized.”
TNS is also able to help merchants navigate the added complexities tokenization brings, brought on by an ever-growing number of tokens generated by a variety of payments players.
“We are, for lack of a better term, acting as a clearing house for merchants and their tokens, allowing data to be tokenized from any one of their various processors, to some of the networks they are processing and even within some internal processes,” Trent-Abram added.
“It was really an interesting solution for TNS to enter into, but we just really felt that there was a need for someone to act in that role, to be a bit more flexible with all of the various types of transactions and all the various processes.”
Not only are managed encryption and tokenization solutions attractive to merchants, but acquirers are also looking to use them as an opportunity to provide the value-added services on behalf of their merchant clients.
“We have even had some of the acquirers come to us and ask us to run their tokenization and encryption solutions for them. They’ve found that it’s very difficult to even have that information in house. They still want to make sure merchants are secure, but they are finding it’s much more challenging for them to get them to market faster,” Trent-Abram said.