Back to Banyan Hills Insights

5 Ways Businesses Can Protect Their Payment Infrastructure

Woman near a payment terminal

Employees need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

October 19, 2020 - PCI Compliance is a recurring topic that feels like a thorn in everyone’s side.

It comes up again and again during conversations and integrations and it’s is an important discussion to have. There are many PCI compliance standards that you may have heard of including PCI DSS, PCI PTS and so on. These standards were designed to keep payment solutions in check and make sure the sensitive card data remains safe.

The PCI DSS, for example, refers to the Data Security Standard released by the PCI Council that are put in place to ensure that all businesses that accept, process, store or transmit cardholder data (i.e., credit card information), do it in the safest way possible. By following these regulations, merchants can better protect their payment infrastructures from data breaches.

But, PCI Compliance is not enough anymore. Threats from criminals are constantly evolving and becoming more sophisticated. Businesses need to take additional security measures to protect sensitive cardholder data and their payment technology investments.

Here are a few ways businesses can protect their payment infrastructure:

1. Take a Semi-Integrated Approach
A semi-integrated approach reduces the communication between the terminal and the electronic cash register (ECR) to nonsensitive commands. Sensitive card data is isolated, encrypted and directly sent from the terminal to the intended processing hosts or gateway. This way, the payment card data never touches the point of sale (POS) system, keeping it safe from any vulnerabilities. The semi-integrated approach also keeps the POS system out of the PCI audit scope, saving businesses time and money.

2. Use Point-to-Point Encryption (P2PE)
Payment data can be stolen in many ways and a common way these thefts happen is when the data is in transit. A P2PE solution helps protect the card data while it is on the move during the payment process. It is an industry-proven solution that helps protect sensitive card data from cybercriminals.

3. Use Tokenization
To complement P2PE, tokenization helps protect the card data at rest. It replaces the sensitive information with a secure encrypted token, protecting it from cybercriminals. After many data breaches over the years, current PCI standards do not allow businesses to save and store credit card details unless they are tokenized on their POS system or databases after a transaction. If the open data is stored and stolen, it can be used to create counterfeit cards. When this data is tokenized, it becomes useless to any cybercriminal as it can only be decoded by the payment processor. Storing tokenized data helps retailers associate these tokens to specific customers and can further enable them to study spending patterns without compromising the security of sensitive credit card information.

4. Use Mobile Device Management (MDM)
In a lot of instances, many businesses may use consumer-grade mobile devices to work with their POS systems. This is where MDM can come in handy. MDM, or mobile device management, is a type of security software that allows businesses to remotely deploy and securely manage their mobile POS solutions. This software solution also helps businesses protect their mobile POS solutions from security threats.

Read more: Why Mobile Device Management is a Critical Tool for Modern IT Operations

5. Train Your Employees
Sometimes the biggest breaches can be caused by simple negligence on the part of the ignorant staff. A staff member picking up a random flash drive and plugging it into their computer is a simple example that can be catastrophic for the business. Employees also need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

Businesses need to routinely inspect their public-facing devices for signs of tampering to avoid data thefts or breaches. Effective training of employees regarding basic security protocols can help curb such mistakes and better protect your business. Security threats will keep evolving and so will the solutions built to fight them. It is important for businesses to be aware of these changes and developments to stay one step ahead of cybercriminals.

This content was developed in partnership with Ingenico Group, a leading provider of secure payment solutions.

Resources For Learning About the Internet of Things

Stay up-to-date in this fast moving industry

Embrace These Technologies To Enable Your Digital Transformation

We can think of ‘digital transformation’ in terms of its discrete parts. Each of them builds on one another and progressively yields more value to the business.

Read more
Files listed inside Canopy.
Canopy Update: See The Useful New 'Files' Feature

A few months back, we took feedback from customers and created a new feature called … you guessed it: Files. While the name may sound simple, this new functionality is extremely useful and helps you get even more out of Canopy.

Read more
Woman looking at a mobile device
Why is Mobile Device Management Important?

Mobile devices can represent a unique type of cyber threat for companies operating in today’s global economy. An MDM program can help alleviate the associated risk.

Read more
Canopy screenshot
No Longer Beta: New Version of Canopy Ready For All Users

The redesigned Canopy is now in general release and available to all customers. The new version includes lots of new features.

Read more
Improving the Odds of a Successful Digital Transformation

What can be done to improve the odds of a successful digital transformation? Here are a few ideas based on our own observations.

Read more
Case Study: Boosting Revenues With Software Subscriptions

Self-storage owners needed a way to move operations to the cloud, giving them remote management capabilities and the ability to support multiple properties. Banyan Hills Technologies provided the solution.

Read more

Awards and Recognition

A few of the places where Banyan has received recognition

Inc. 500 logo
IoT Innovations logo
Industry Today logo
Business Radio X logo
RFID Journal logo
VxChange logo
COVID-19 Update: Our commitment to our customers. Learn more