of retailers indicate that payment security is a top priority, but only 22% have implemented EMV

Payment Security

In the wake of major data breaches at Target, Home Depot, and JPMorgan Chase & Co., retailers are being forced to reexamine their policies surrounding data and security. Simply being PCI complaint is no longer enough. Was it ever? Enhanced measures are necessary to adequately defend against malicious attacks by increasingly sophisticated hackers.

A multi-tiered approach is vital

A security approach that employs separate but operationally conjoined layers of protection is a retailer’s most powerful line of defense. Industry best practices dictate implementation of the following:

  • End-to-end encryption (E2EE) starting at the time of card swipe or data entry in the mag head / chip reading device and a single decryption point at the processor
  • Tokenization at the earliest point possible outside of the retailer’s environment and for all data at rest
  • EMV technology to validate payment card authenticity for in-store purchases

How We Help

We help retailers develop and implement a best practice payment security strategy. Using our proven methodology, we develop a strategy and implementation approach that is based on the individual retailer’s risk and maturity profile, existing and planned payment infrastructure, and supported omni-channel business processes and underlying systems.

One of the biggest challenges retailers face is deploying an advanced payment card strategy that provides superior protection without eliminating progress made in unified commerce. As customers exceedingly desire a seamless retail experience, this will remain a struggle for retailers who desire to innovate yet are held back by technological constraints.

A top priority for all retailers must be to examine the adequacy of current information security practices. Retailers need to budget resources and funds to identify and implement measures that will protect the valuable consumer data your organization processes every day.

Do you have a comprehensive inventory of all sensitive data and a prioritized plan to address all of the associated risk points which also includes buy-in from your key vendor partners?

Case Studies

Luxury Fashion Retailer

Luxury Fashion RetailerA leading fashion retailer engaged Boston Retail Partners (BRP) to help with the development of a strategy and roadmap to meet their payment and customer data security objectives. BRP analyzed the retailer’s current landscape of vendors, systems, databases and business processes related to payment card data and led design workshops (with an internal cross-functional team and external vendors) which resulted in a solution combining end-to-end encryption (E2EE) and tokenization for their in-store, e-commerce, call center and CRM systems. BRP’s innovative solution design supports deployment across all of the retailer’s sales channels at the desired deployment pace including support for their existing omni-channel business offerings and robust customer management environment. The new solution completely eliminates the storage and processing of credit card information within the retailer’s environment, which helps remove their current sales systems from PCI scope while protecting the company from potential payment card breaches.

© Copyright 2017 - BRP