So, why is payment security so hard?
Retailers may have many systems and networks running across hundreds or thousands of store locations, and many times that number of connected payment terminals.
The industry is awash with complexity. Large staff numbers, seasonal workers and high turnover rates, create training issues. New stores, new systems, regulations and upgrades contribute to constant change. All of this breeds vulnerability.
Doesn’t PCI stop data fraud?
While the Payment Card Industry Data Security Standard (PCI DSS) has helped to reduce payment fraud at the sales point. It's only as good as its weakest link. For PCI to work, it has to be maintained. Obtaining PCI compliance won’t keep retailers safe for long if security procedures are not kept-up and processes and staff-practices regularly audited.
Up to 80% of merchants fail PCI compliance at interim assessments[iv], which means they are effectively failing to sustain the security controls they have put in place. This could be because of the financial and operational burden PCI can place on organisations – and other pressures on IT teams for time and resource. Especially those with disparate legacy systems and reduced staff.
Encryption can reduce risk
One of the best ways to ease PCI burden and safeguard payments is using PCI Point to Point Encryption (P2PE). Payment details can only be opened at the end of the transaction chain, by the acquirer who has an encryption key.
With P2PE, the merchant doesn’t store or handle unencrypted customer payment data, so it can help reduce PCI scope. Payment service providers here in the UK have been pioneers of P2PE and Verifone has been supplying encrypted payment solutions for over a decade. UK retailers have been amongst the first globally to have benefitted from this and seen significant simplification and cost savings in achieving PCI DSS compliance.