Back to Banyan Hills Insights

5 Ways Businesses Can Protect Their Payment Infrastructure

Woman near a payment terminal

Employees need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

October 19, 2020 - PCI Compliance is a recurring topic that feels like a thorn in everyone’s side.

It comes up again and again during conversations and integrations and it’s is an important discussion to have. There are many PCI compliance standards that you may have heard of including PCI DSS, PCI PTS and so on. These standards were designed to keep payment solutions in check and make sure the sensitive card data remains safe.

The PCI DSS, for example, refers to the Data Security Standard released by the PCI Council that are put in place to ensure that all businesses that accept, process, store or transmit cardholder data (i.e., credit card information), do it in the safest way possible. By following these regulations, merchants can better protect their payment infrastructures from data breaches.

But, PCI Compliance is not enough anymore. Threats from criminals are constantly evolving and becoming more sophisticated. Businesses need to take additional security measures to protect sensitive cardholder data and their payment technology investments.

Here are a few ways businesses can protect their payment infrastructure:

1. Take a Semi-Integrated Approach
A semi-integrated approach reduces the communication between the terminal and the electronic cash register (ECR) to nonsensitive commands. Sensitive card data is isolated, encrypted and directly sent from the terminal to the intended processing hosts or gateway. This way, the payment card data never touches the point of sale (POS) system, keeping it safe from any vulnerabilities. The semi-integrated approach also keeps the POS system out of the PCI audit scope, saving businesses time and money.

2. Use Point-to-Point Encryption (P2PE)
Payment data can be stolen in many ways and a common way these thefts happen is when the data is in transit. A P2PE solution helps protect the card data while it is on the move during the payment process. It is an industry-proven solution that helps protect sensitive card data from cybercriminals.

3. Use Tokenization
To complement P2PE, tokenization helps protect the card data at rest. It replaces the sensitive information with a secure encrypted token, protecting it from cybercriminals. After many data breaches over the years, current PCI standards do not allow businesses to save and store credit card details unless they are tokenized on their POS system or databases after a transaction. If the open data is stored and stolen, it can be used to create counterfeit cards. When this data is tokenized, it becomes useless to any cybercriminal as it can only be decoded by the payment processor. Storing tokenized data helps retailers associate these tokens to specific customers and can further enable them to study spending patterns without compromising the security of sensitive credit card information.

4. Use Mobile Device Management (MDM)
In a lot of instances, many businesses may use consumer-grade mobile devices to work with their POS systems. This is where MDM can come in handy. MDM, or mobile device management, is a type of security software that allows businesses to remotely deploy and securely manage their mobile POS solutions. This software solution also helps businesses protect their mobile POS solutions from security threats.

Read more: Why Mobile Device Management is a Critical Tool for Modern IT Operations

5. Train Your Employees
Sometimes the biggest breaches can be caused by simple negligence on the part of the ignorant staff. A staff member picking up a random flash drive and plugging it into their computer is a simple example that can be catastrophic for the business. Employees also need to be aware of the possibility of device tampering, which allows criminals access to sensitive information.

Businesses need to routinely inspect their public-facing devices for signs of tampering to avoid data thefts or breaches. Effective training of employees regarding basic security protocols can help curb such mistakes and better protect your business. Security threats will keep evolving and so will the solutions built to fight them. It is important for businesses to be aware of these changes and developments to stay one step ahead of cybercriminals.

This content was developed in partnership with Ingenico Group, a leading provider of secure payment solutions.

Resources

Stay up-to-date on software connectivity

 
Woman standing before a vending machine.
Our Software Agent, Leaf, Grows the Capability for All Devices to Connect

Learn more about Leaf, an easily extensible software agent that runs on any base operating system/device hardware platform.

Customization and Automation of Remote Device Management
Customization and Automation of Remote Device Management Stirs New Trends, Benefits

The next wave of innovation stemming from remote device management will be leveraging AI and ML to further the benefits.

Is Remote Device Monitoring and Management Changing Operational Capabilities for Good?
Is Remote Device Monitoring and Management Changing Operational Capabilities for Good?

From retail, to connected kitchens, EV charging stations, manufacturing, smart buildings and critical surveillance and security, remote device management has become an integral and vital component of leading-edge business.

COVID-19 Update: Our commitment to our customers. Learn more