Back to Banyan Hills Insights

5 Ways Businesses Can Protect Their Payment Infrastructure

Woman near a payment terminal

Employees need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

October 19, 2020 - PCI Compliance is a recurring topic that feels like a thorn in everyone’s side.

It comes up again and again during conversations and integrations and it’s is an important discussion to have. There are many PCI compliance standards that you may have heard of including PCI DSS, PCI PTS and so on. These standards were designed to keep payment solutions in check and make sure the sensitive card data remains safe.

The PCI DSS, for example, refers to the Data Security Standard released by the PCI Council that are put in place to ensure that all businesses that accept, process, store or transmit cardholder data (i.e., credit card information), do it in the safest way possible. By following these regulations, merchants can better protect their payment infrastructures from data breaches.

But, PCI Compliance is not enough anymore. Threats from criminals are constantly evolving and becoming more sophisticated. Businesses need to take additional security measures to protect sensitive cardholder data and their payment technology investments.

Here are a few ways businesses can protect their payment infrastructure:

1. Take a Semi-Integrated Approach
A semi-integrated approach reduces the communication between the terminal and the electronic cash register (ECR) to nonsensitive commands. Sensitive card data is isolated, encrypted and directly sent from the terminal to the intended processing hosts or gateway. This way, the payment card data never touches the point of sale (POS) system, keeping it safe from any vulnerabilities. The semi-integrated approach also keeps the POS system out of the PCI audit scope, saving businesses time and money.

2. Use Point-to-Point Encryption (P2PE)
Payment data can be stolen in many ways and a common way these thefts happen is when the data is in transit. A P2PE solution helps protect the card data while it is on the move during the payment process. It is an industry-proven solution that helps protect sensitive card data from cybercriminals.

3. Use Tokenization
To complement P2PE, tokenization helps protect the card data at rest. It replaces the sensitive information with a secure encrypted token, protecting it from cybercriminals. After many data breaches over the years, current PCI standards do not allow businesses to save and store credit card details unless they are tokenized on their POS system or databases after a transaction. If the open data is stored and stolen, it can be used to create counterfeit cards. When this data is tokenized, it becomes useless to any cybercriminal as it can only be decoded by the payment processor. Storing tokenized data helps retailers associate these tokens to specific customers and can further enable them to study spending patterns without compromising the security of sensitive credit card information.

4. Use Mobile Device Management (MDM)
In a lot of instances, many businesses may use consumer-grade mobile devices to work with their POS systems. This is where MDM can come in handy. MDM, or mobile device management, is a type of security software that allows businesses to remotely deploy and securely manage their mobile POS solutions. This software solution also helps businesses protect their mobile POS solutions from security threats.

Read more: Why Mobile Device Management is a Critical Tool for Modern IT Operations

5. Train Your Employees
Sometimes the biggest breaches can be caused by simple negligence on the part of the ignorant staff. A staff member picking up a random flash drive and plugging it into their computer is a simple example that can be catastrophic for the business. Employees also need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

Businesses need to routinely inspect their public-facing devices for signs of tampering to avoid data thefts or breaches. Effective training of employees regarding basic security protocols can help curb such mistakes and better protect your business. Security threats will keep evolving and so will the solutions built to fight them. It is important for businesses to be aware of these changes and developments to stay one step ahead of cybercriminals.

This content was developed in partnership with Ingenico Group, a leading provider of secure payment solutions.

Resources For Learning About the Internet of Things

Stay up-to-date in this fast moving industry

IoT enabled factory using automation software
Using Automation With The Internet of Things

IoT-enabled equipment sending data to automation software will unleash productivity gains for years to come.

Read more
Mask wearing employee helping a mask wearing customer in a retail shop.
Using Technology To Optimize the Customer Experience

Good customer experiences are vital to business success. Sixty-nine percent of consumers say they will move on from a brand after a bad experience.

Read more
IoT Automations
IoT Campaigns are now IoT Automations

The next time you log into our IoT platform, Canopy, you will notice a change in the name of one of our modules.

Read more
Woman near a payment terminal
5 Ways Businesses Can Protect Their Payment Infrastructure

Being only PCI compliant is not enough. Businesses need to take additional security measures to protect sensitive cardholder data and their payment technology investments.

Read more
Technician truck riding down the road for a service call.
Using IoT to reduce truck rolls and improve customer satisfaction

Service organizations across a wide swath of industries (retail, healthcare, enterprise IT, industrial, aerospace, manufacturing) want to reduce truck rolls. It's no wonder when you look at the cost.

Read more
Software developers working in a room.
Building vs. Buying IoT Software: How To Know When Buying Makes Sense

We get this question all the time: Why should I buy Internet of Things software when I can develop my own inhouse? Here are seven reasons why buying often makes more sense.

Read more

Awards and Recognition

A few of the places where Banyan has received recognition

Inc. 500 logo
IoT Innovations logo
Industry Today logo
Business Radio X logo
RFID Journal logo
VxChange logo
COVID-19 Update: Our commitment to our customers. Learn more