If you are a U.S. retailer, and you haven’t implemented an EMV solution yet, this an excellent opportunity to upgrade your enterprise security at the same time.

While use of chip-and-pin-enabled credit cards and POS terminals can resolve security issues with card-present transactions by preventing the use of counterfeit cards, EMV does not protect the consumer or merchant against breaches for data in use, data in motion, or data at rest.

Data in use is any data stored in the RAM (Random Access Memory) of a retailer’s POS terminals or computers in order to process a credit card transaction.

Data in motion is data that is being transmitted from one point in a payment network to another point in the payment network at any given time.

Data at rest is cardholder information that is stored by merchants on their computers for possible later use such as returns, exchanges, refunds, recurring charges or reporting.

In order to protect cardholder data at every stage of its use cycle and safeguard against future enterprise security breaches, RedIron recommends that retailers implement End-To-End Encryption (E2EE) and Tokenization at the same time as the switch to EMV.

Tokenization does a great job of protecting data at rest, by replacing a consumer’s personal account number (PAN) with surrogate token values. These token values can be easily accessed whenever required by retailers to process exchanges or refunds without having to know a customer’s credit card number. Tokenization therefore removes the incentive for hackers to steal credit card information from retailers because any tokenized data they could potentially access would be meaningless to them.

End-To-End Encryption (E2EE) does a great job of protecting consumer data in use and data in motion by using computer algorithms to transform all readable text information into unreadable cipher text. This information can’t be deciphered without the use of a key algorithm. While it may be possible for a cyber criminal to intercept this encrypted information, it is very unlikely that they will be able to break the encryption.

Adding these two additional layers of security protection also helps retailers with PCI compliance.

At RedIron, we have done more than 25 EMV implementations for major retailers in both Canada and the United States, and most of those have also included End-To-End Encryption (E2EE) and Tokenization as part of the project.

Adding additional enterprise security is just one of the lessons learned that we outline in our 2016 white paper entitled, “7 Lessons Learned From 25 EMV Implementations”. We invite you to download a complimentary copy by clicking on the graphic below.

EMV White Paper Download