Payment Security Questions That Keep Merchants Up at Night

Payment Security Questions That Keep Merchants Up at NightBeing a part of a payments and security company, my colleagues and I have the opportunity to speak with merchants on a regular basis, during which we hear a lot of questions. Some are confused about which payment solution is the best fit for their business needs, while others are looking to understand how they can do more with their terminals. One of the biggest concerns they have is payment security.

Below are some of the most common security questions we hear from merchants. I’ll go more into depth on these in our upcoming webinar, "PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance."

The webinar will take place this week, but I want to give you a glimpse of some of the topics we’ll be covering. Let’s take a look at some of the most commonly asked security questions that are keeping merchants up at night:

“What is PCI-DSS?”

It is extremely important for all merchants to understand the Payment Card Industry Data Security Standard (PCI DSS). The security standard set by the council not only protects customers’ data but the merchant’s business as well. PCI recently announced the release of its PCI DSS version 3.2. Following these security guidelines is one way for merchants to stay ahead of the changing requirements.

We also hear lots of questions around the difference between PCI DSS, PCI PA-DSS, and PCI PTS, and with all of these different acronyms, we understand why this is creating so much confusion. During the webinar, we’ll break down the differences between these standards so you can finally have a clear understanding of what each one means and which ones apply to you.

“How do I become PCI compliant?”

Merchants are also concerned about becoming PCI compliant. The PCI Council has fined merchants that aren’t following their security regulations. Moving to PCI compliance is a multi-step process that can vary by merchant.

We’ll be talking about PCI-DSS in depth during our webinar, and about the steps you need to take to ensure compliance with the latest standard.

“What is point-to-point encryption (P2PE)?”

This is a very common question that comes from all types of merchants. With the U.S. EMV migration still underway, retailers have been upgrading their payment technology to support chip cards, but they have also taken the opportunity to implement encryption services to protect their businesses from data breaches.

Even though these major retailers remain a major target for cyber criminals, small merchants are also vulnerable to such attacks. According to the U.S. Department of Homeland Security, 31% of all cyberattacks now target small businesses with fewer than 250 employees, and 44% of small businesses have reported being victims of hacking.

This threat environment should encourage merchants of all sizes to gain a better understanding of how they can protect their business and their customer’s sensitive data.

This is where point-to-point encryption (P2PE) comes into play. According to the PCI Security Standards Council, P2PE “is a combination of secure devices, applications and processes that encrypt data from the point of interaction until the data reaches the solution provider’s secure decryption environment.”

In simple terms, this means converting confidential payment card data and information into encrypted code at the time the card is swiped, so it cannot be hacked or stolen. A P2PE system provides the infrastructure and processes to perform this encryption and protect payment data from the point of sale to the point of the payment processor, which safely decrypts the data for bank authorization.

“How do I know if I’m already using P2PE?”

A lot of merchants we speak to are under the impression that they’re already using a P2PE solution, but the reality is that this isn’t always the case. There is a common misconception that encryption solutions, such as P2PE, are already part of the payment solution provided to the merchant. A P2PE solution doesn’t come built into a point of sale device and needs to be added to existing payment solutions. Merchants should check with their payment solution provider or seek third party expertise to review their current system and ensure they are actually using P2PE.

Do you have similar questions regarding payment security? Ingenico Group’s VP of Security Solutions, Dr. Rob Martin and I discussed the most commonly asked payment security questions we hear from merchants in our recent webinar “PCI at the POS / What’s New, What’s Next and What Merchants Can Do to Simplify Compliance.”  Get the answers you’ve been looking for around P2PE, PCI compliance, and other payment security related topics.

Don’t let security keep you up at night. Watch the recorded webinar now.

Watch the PCI Webinar


Nate Potter is Director, Strategic Retail Accounts at Ingenico Group / North America

Share your comments