Retailers Beware: You Have a Target On Your Back

Banks are working hard to change every policy they have for fraud prevention to reduce their losses. It starts later this year with the EMV deadline for merchants. At that time banks officially push fraud liability directly onto the merchant if the merchant is found to be out of PCI compliance. Banks are well within their boundaries to demand merchants be in PCI compliance—as every responsible business should be—but merchants need adequate tools to fight fraud before ultimatums are set. As a retailer, EMV is just the beginning of your worries because banks and financial institutions are lobbying congress to develop stricter laws for merchants with regards to data breaches that expose personally identifiable information (PII) as well as payment data.

To attract customers, you have to accept payments through an omni-channel environment ranging from in-store card-present transactions to card-not-present transactions through mobile devices, e-Commerce web sites, and other app-based payment methods. The very nature of omni-channel acceptance creates multiple risk points where sensitive data is vulnerable to a breach. EMV is supposed to be the saving grace for securing payments, but it’s a technology created 20 years ago and has no affect on card-not-present fraud. In fact European merchants have been bombarded with card-not-present fraud even with EMV in place. Most merchants have such minimal card-present fraud that the cost of changing to EMV devices is prohibitive given its ineffectiveness against card-not-present transactions.

Empower Retailers with the Right Fraud Fighting Tools
The systemic problem is that many merchants have razor thin profit margins to begin with and their internal IT and security budgets cannot keep up with both PCI compliance and maintaining software to fight fraud. Fraud detection and chargeback prevention companies are sprouting like springtime flowers because merchants are desperate for a way to detect and defend against the liability of card-not-present fraud. Meanwhile, to prevent fraud through data theft, banks and financial institutions worldwide are calling for merchants to get the toxic data out of their internal IT systems by using tokenization. Tokenization is the ideal solution for preventing data theft. But it’s not ideal to have your data locked up by one payment provider’s proprietary tokenization system, leaving you with limited choices to work with other service providers or to change payment processors. Nor is tokenization a stand-alone solution for fraud detection. You need layers of security that work together to stop data theft and detect fraudulent use in real-time.

Layered Protection Secures Your Omni-channel Environment
Layering your security technologies is the best strategy, as no one layer works by itself, but rather in synergy with other effective solutions. Start with tokenization by an independent provider to remove all toxic data from your environment, so in the event your systems are breached, the cyber thieves get meaningless records, not a treasure trove of payment or personal data. The TokenEx Cloud Security Platform provides complete tokenization and data vaulting services, but also acts as the central integrator with fraud prevention, chargeback, and marketing services. We integrate your choice of service vendors right into your payment streams, keeping toxic data out of your system so your PCI compliance can be reduced to the minimum number of controls, saving you significant IT funds that can be allocated to other services.

So even after fully securing your data with tokenization, integrating an authentication solution in the real-time payment streams decreases instances of fraud while also reducing false-positive rejections that frustrate your customers and result in lost sales. For example, TokenEx integrates directly with our partner Kount. When your systems receive a new payment, TokenEx works with Kount’s advanced artificial intelligence, transaction scoring, and business intelligence reporting to provide immediate card validations or warnings. TokenEx works with many of the top payment service providers and is payment processor agnostic, giving you the tools you need to protect your payment data and defeat payment fraud for all your payment acceptance channels.

To learn more about custom tokenization and integration of authentication services visit Follow us on LinkedIn and Twitter.

Topic(s): payments , data security , tokenization

Keep Up With Our PCI & Privacy Blog