Beyond Stone Walls and Guards: Protect Your Payment Castle with Multi-Layered Security


Image Source:

Among many conversations in the payments industry right now, payment security is one of the biggest ones around. With credit card fraud and data breaches on the rise in the U.S., merchants need to make sure their payment solutions are secure.

Payment security has evolved and so has the technology to penetrate these systems. For merchants, being prepared to accept EMV chip cards is one way to improve payment security, but they need to look beyond EMV and be equipped to combat all forms and causes of credit card fraud.


Image Source:

Multi-Layered Security is Like a Castle: Many layers of defense help counter fraud

This is where a multi-layered security approach to payments comes into the picture. To understand the multi-layered security approach, think of castles from medieval times. These ancient castles weren’t just guarded by a single layer of stone walls and guards, they had multiple layers of defense to protect themselves from attackers. Each of these layers had a different function and protected the castle in their own ways. Similarly, a payment transaction needs to have multiple layers of security to better protect itself from data breaches and fraud. Two payment security technologies – point-to-point encryption (P2PE) and tokenization – help merchants with just that. Here’s how:

  • Point-to-point encryption (P2PE): Reduces card data compromise

The retail environment is a valuable hub of customer data that has caught the fancy of many cybercriminals over the years. Since the famous data breach of Target in 2013, many other retail stores across the U.S. have also been victims of such attacks. A point-to-point encryption (P2PE) solution cryptographically protects card data from the point where a merchant’s POS accepts the payment to the secure point of decryption. By using this technology, credit card data is unreadable until it reaches the secure decryption environment, which makes it useless if cybercriminals steal the data.

  • Tokenization: Protects the cardholder data

Complementing EMV and P2PE, tokenization rounds out the multi-layered security approach to help fully protect the castle, i.e. – customer’s card data. Tokenization replaces the card data with a secure encrypted token which prohibits cybercriminals from accessing the actual data. These encrypted tokens are useless to anyone until it has reached its final destination – the payment processor.

Multi-Layered Security is the Way to Go for Merchants: Payment security protects customers and the brand

As technology evolves, merchants need to move forward with it by investing in a secure payment solution that not only benefits them but provides assurance to the cardholder that their data is secure. As merchants upgrade their payment technology to support EMV, NFC/contactless payments, they should also opt for a multi-layered security approach. Here’s why:

  • EMV is not enough: 


    (Image Source:

    EMV chip cards protect the credit card data, but are only a piece to the puzzle of payment security. EMV when combined with P2PE and tokenization, can provide optimal security to both the merchant’s and customer’s data.

  • Protection against data breaches:

    With data interception technology becoming increasingly sophisticated, security measures such as P2PE help protect a transaction from potential cybercriminals and ensure a secure transaction.
  • Protect your brand:

    Merchants face the risk of harming their brand’s reputation in an event of a data breach. With sensitive credit card information at stake, brands that are victims of these data breaches resulting in theft of customer’s card information can receive a lot of negative publicity, thus having a dramatic impact on their brand reputation and customers’ willingness to buy in the wake of these occurrences. By upgrading their payment infrastructure to support EMV, merchants not only protect themselves from any liability but also safeguard their brand image in the eyes of the consumer.

P2PE and tokenization are proven technologies in helping curb data breaches and credit card fraud and are increasingly being adopted by merchants. If you would like to learn more about these technologies and how you can deploy them, watch our webinar - Digital Transaction’s Beyond EMV: Why You Need Multi-Layered Security. 

Dr. Robert Martin is the Vice President of Security Solutions, North America / Ingenico Group

Share your comments