End-point encryption is set to revolutionise Payment Card Industry (PCI) compliance requirements for retailers by simplifying the process and providing increased levels of security.
Vaughan Alexander, Innervation Value Added Services Executive for payments, says that end-point encryption is a new standard issued internationally by the PCI council. It requires the encryption of card holder data in a payment transaction from the point of user interaction for where the card is used, right through to the authorisation of the transaction.
“PCI compliance has always been about protecting the card holder information including their name, card number and so on. However, currently, only the PIN number is encrypted in the transaction, the rest of the information is protected behind the network security of the retailer.
“This will change with end-point security, with the entire process being encrypted from when the card is used, right through to the transaction being delivered to the payment switching provider or bank,” he says.
The increased security of the transaction will also result in PCI compliance requirements being reduced to some degree, making it less onerous for retailers to be compliant.
The standard is currently being rolled out locally by banks and switching providers, with point of sale hardware manufacturers expected to issue new software shortly which will comply with the standard.
Furthermore, regulations issued by the Payments Association of South Africa (PASA) for the tokenisation of the credit card numbers have also increased security around card holder information.
“Instead of credit card information being printed on a slip, the transaction is tracked by a token, keeping the card holder’s information safe at all times,” he says.
These changes are expected to reduce the cost of PCI compliance to retailers in South Africa according to Alexander.
The focus for protecting the information will now move to the switching provider and or bank where the information is decrypted.
“Previously PCI compliance was simply a cost of doing business, but provided no inherent business value. However, end-point encryption will not only reduce the cost of PCI compliance but will provide increased value through the encryption of the cardholder data, thereby reducing risk and compliance costs to the retailer,” he says.
About Innervation Value Added Services
Innervation Value Added Services assists retailers to achieve enhanced customer service, increased revenue and sustainable competitive advantage via strategic engagement and by enabling a wide range of services across all customer touch points. Innervation utilises an agile switching and reconciliation platform to seamlessly integrate to customer touch points (POS, mobile, web, call centre, self -service kiosks and social media) and also to retail enterprise financial and CRM systems. The company’s core product offerings include the Destiny electronic payments switch and the Destiny Stored Value suite of products, including gift card, loyalty, vouchers and coupons. Commodity services such as prepaid airtime and bill payment are supported via interfaces to the Value Added Service Providers preferred by the merchant.