Retail payment secured through combination of numerous features
The retail industry is committed to securing consumer information during transactions. This is done thanks to innovations in payment security technology.
Secured payments necessitate several key components
Europay, MasterCard, and Visa
Europay, MasterCard, and Visa (EMV) is the designation for that little microchip in modern credit and debit cards. This technology means that there is no more need to swipe the card to gather the data. Moreover, it makes the payment more secure than ever before. However, EMV is not the only thing that makes card payments in chip and PIN point-of-sale (POS) readers secure. Many other security measures go on behind the scenes that combine with EMV for consumer protection.
Person-to- person encryption
If the EMV card is meant to be the solution for identity, verifying the card user’s authenticity, point-to-point encryption (P2PE) is the solution for ensuring that cardholder’s information is secure when travelling to the authorizing bank. When the POS terminal reads the card data, the P2PE system automatically encrypts it in a code that can only be read by the authorizing bank’s decryption program. This is the point where the data is decoded to read as normal information again so that the bank can fund the payment from the cardholder’s account.
Confirming the payment
Once the P2PE encryption is decoded and read by the bank’s system, the funding of the transaction is approved. The system then needs to send a message to the terminal to let the retailer know the transaction is successful. However, this is not done by sending the same data back via P2PE. This time, a different option is used. Tokenization is the method of transmitting the acceptance or refusal of payment to the POS terminal. And in this instance, none of the card data is sent back, to ensure further protection of consumer information. Instead, a “token” code is sent. This is a unique identifier for the customer and retailer, in the form of a string of numbers, known as the Transaction Reference on the receipt.
The token does not need to have any information on it other than the reference number. This unique identifier can be used to track the payment in the event of fraud and compile non-sensitive data on purchasing trends for the retailer. It is also the only thing that is needed if the retailer has cause to provide a refund to the customer. By simply entering the code into the POS terminal, the retailer can refund the cardholder for the transaction without the card being used, or even present. And the security provided by tokenization is that the unique reference number is useless for anything else, as it holds no cardholder information.
In a recent study by the National Retail Federation (NRF), it was shown that implementing EMV technology to combat credit card security was their biggest challenge of 2016. The study, “The State of Retail Payments 2016”, also showed that retailers were making a lot of progress in transitioning to EMV enabled terminals.
Improving customer service
Adopting the new EMV systems also means that retailers can improve their customer service opportunities. The EMV data sent to the banks can be used to read trends in purchase markets, identifying what people like and want, and enabling the banks to better advise their retail merchants. This in turn allows the retailer to look at what they are selling and how they sell it, and improve both stock availability and customer service both in stores and online. And to top it all off, it offers the most secure option of payments to reduce the risk of fraud, and gives the consumer peace of mind and trust in the POS system.
Retail payment is going to evolve further
EMV, P2PE and tokenization are not the end of the security process. This is just the beginning. With contactless cards and mobile payments becoming more popular, payment security is getting better by the day. And this is reducing fraud even further. Making POS terminals whether chip and PIN or contactless, the most secure payment method available.
Related articles published in Cardholders Data security :
- Tokenization: Securing data with random numbers
- Secure Communication Prevents Eavesdroppers
- Secure payments: Beating credit card fraud
- Digital payments open to major security risks in India