According to a recently published survey by Boston Retail Partners (BRP), the top IT priority for retailers in 2015 is focused on improving payment security, and protecting the confidentiality of sensitive information. For the first time in 16 years, more than 63% of the retail respondents in the BRP 2015 POS/Customer Engagement Benchmarking Survey indicated that payment security is among their top three priorities for 2015.
The emphasis on payment security is revealed in the fact that 650% more retailers plan to support EMV (Europay, MasterCard and Visa) by October 2015. This is not surprising, given breaches at several top retailers, high profile hacking plus the looming October 2015 deadline shifting some credit card liability to the retailer for those not compliant with EMV policies.
While EMV is getting lots of attention, it’s not the Holy Grail, or even the first or second line, of defense against credit card hackers. A multi-tiered approach, with a combination of encryption, tokenization, and EMV is the key to a successful payment security platform.
151% Increase in Encryption by End of 2016
End-to-end encryption is a critical component in the line of defense in the fight for data security with a reported 151% increase in its use by the end of 2016. Optimally implemented encryption protects sensitive at the swipe that could be compromised in the event of a breach. By comparison EMV adoption does not actually reduce the risk of a breach; rather it weakens the incentive for thieves to steal credit card information by requiring that the physical card (and its security chip) be present at the transaction. Encrypting credit card data at the swipe is also highly recommended. Our survey respondents are moving towards this with 35% having already implemented end-to-end encryption and another 45% planning to implement it by October 2015.
Tokenization Use will Increase by 145%
The next protective layer involves a process called tokenization, with a 145% increase in its use by the end of 2016. Tokenization enables retailers to remove sensitive information in flight and at rest from their network. Once a unique card/transaction data is converted into a token, using a token vault outside of the retailer’s environment, the data is worthless if it becomes compromised. One-third of the respondents have implemented tokenization for payment processing and another 40% plan to implement it before October 2015.
Payment security will remain a concern for retailers for the foreseeable future. Most of the retailers involved in our survey reported moving towards a security plan with multiple layers to protect sensitive customer and organization data.
I encourage you to read the complete survey report for additional insights on retailers’ top priorities.
Download Now: 2015 POS/Customer engagement Benchmarking Survey
I welcome your thoughts and opinions. Please share your comments below.