Canadian e-commerce has reached another milestone. According to Insider Intelligence, e-commerce sales will exceed $100 billion in 2022. Businesses of all sizes are competing for some of that revenue, from large e-commerce enterprises and big box stores to small and medium-sized businesses (SMBs). Unfortunately, companies that enter the e-commerce arena will have to contend with not only more than competition, but also the risk of losses from online payment fraud.
When it comes to securing your payment infrastructure, a balanced security approach is a fundamental best practice in the industry. Encryption, tokenization, firewalls for back-office systems and mobile device management (MDM) solutions all play a critical role in preventing data theft — but a purely technology-based strategy isn’t an end-all solution. Employees, from high-level executives to in-store associates, are an essential piece of your tiered security strategy.
One of the most frequently occurring discussions around payment security is regarding PCI compliance. When we talk with our customers, partners and integrators, especially with those who are new to the payments industry, understanding PCI compliance can be complex. The PCI DSS, for example, refers to the Data Security Standard released by the PCI Council that are set up to ensure that all businesses that accept, process, store and/ or transmit cardholder data (i.e., credit card information), do it in the safest way possible. By following the DSS and other related standards, merchants can better protect their payment infrastructures from data breaches. They not only keep customer data safe but also protect their brand reputation.
In an increasingly complex payment environment, many merchants are seeking a more flexible approach to help streamline their payment process, enhance payment security and manage PCI scope. This is where a semi-integrated payment environment comes into the picture.
To understand how a semi-integrated approach to payments can help merchants, we must understand the differences between that and a fully integrated payment environment.
In 2020, 37 billion records were compromised in publicly disclosed breaches and with 2021 just beginning, merchants are more aware than ever about customer data security. In the midst of this, Point-to-Point Encryption (P2PE) has emerged as a security solution that assures payment data is as safe as possible. P2PE works to keep payment data secure in transit as well as prevent tampering at the point of sale (POS) devices themselves, as it encrypts card data at the point of interaction - when a card is inserted or swiped. From that point, the data is encrypted until it reaches the gateway so no cybercriminal or third party can access the unencrypted data.
According to new data from Risk Based Security, the instances of data breaches declined in 2020 by 48%. However, it still managed to compromise over 37 billion records (increasing by 141% over 2019). Cardholder data is a tempting target for hackers, and many merchants are looking to bolster their payment security strategies. One of the ways they can achieve this is by implementing point-to-point encryption (P2PE).
