There was an interesting interview a couple of weeks ago with Jeremy King, the director of the European arm of the PCI Security Standards Council. In the interview, he talks about how new payment technologies like mobile payments and e-commerce transactions are creating additional security challenges (and compliance challenges) for the PCI DSS.
In the interview, conducted by the Information Media Group’s Tracy Kitten, King says that some of the biggest concerns regarding PCI security and compliance are the difficulties of properly securing mobile payments and malware attacks leveled against payment card networks.
In addition, King also mentions “weak passwords” and “the overall security of integrated software” as concerns for anyone accepting payment cards. The whole interview is worth a read, and King brings up several other major points regarding challenges facing merchants and the payment card industry as a whole.
Of course, none of this is exactly news – those of you who have tried to achieve PCI compliance in the past know that the challenges of achieving and maintaining it are numerous and varied. Data is extremely tricky to keep secured, especially online, and trying to balance security with a simple system for end users is even trickier.
That’s why I’ve always liked the simplicity and elegance of tokenization as a security method. Instead of worrying about encrypting and storing the payment information for hundreds or thousands of individuals, you pass the data – and the risk – off to the tokenization provider. All you keep are the tokens, which have no value and present no security risk (or compliance obligation, for that matter).
And the best thing about tokenization is that it’s scalable and nearly invisible to end users. There’s no need for your customers to jump through extra hoops in order to complete their orders or payments – a tokenized payment interface can reside comfortably within your environment without ever transmitting any risky data to you or your system. It all looks the same on the front end, but provides layers of extra security for you, your business, and your customer.
If you’re interested in learning more about tokenization and how it can help provide security for your business, contact TokenEx. We’re a Level 1 PCI-certified provider of tokenization services for payment cards and other data, and we would be happy to discuss our security solutions and how they can help your business.