Ensuring data is protected in the transaction space

Sean Dudley
Sean Dudley
By Sean Dudley on 20 October 2014
Ensuring data is protected in the transaction space

With the US market in the midst of the transition to EMV, Sean Dudley spoke with Intel’s Brad Corrion about the adoption challenges that retailers face and how they should be protecting their data

How can the industry help with EMV adoption rates in the US?

Consumers need to be educated about how to use the new cards and provided with the support they need. Most PIN-based transactions in the US are based on debit cards and most of these cards are issued by a local bank, so if you have a problem you can walk into a bank and get help. Credit cards don’t typically come from a local bank though, so issuers will need to make it as easy as possible for customers to get the support they need.

What challenges do US retailers face?

The biggest challenge is that EMV doesn’t protect the data that you are collecting at the point of sale; EMV is really of benefit for protecting against the fraudulent use of credit cards. During this time of transition, it’s going to be of questionable value for data protection until it is well deployed, which will not happen for a few years. On top of spending to deploy new EMV capable devices, retailers will need to deploy additional technologies to protect the credit card transaction, whether it’s an old mag stripe or a new EMV transaction.

How can retailers ensure data is secure?

They need to focus on things like point-to-point encryption and using tokenisation solutions. Growing terminal capabilities also means there are more cryptographic credentials and configurations to manage. The EMV algorithms require protection and updates over time, and so most of these deployed devices need far more management than they ever required in the past. Merchants have to go and figure out how they’ll work with their vendors and provide lifecycle management on these devices.

What progress has been made so far?

Even though positive steps have been taken recently to tokenise all the information around credit cards that could be transmitted from a smartphone, the merchant who receives the transaction has no way of knowing that that’s actually protected, and still has the need to protect a tokenised transaction as they would normal NFC transactions coming from any other device or NFC card. Customers invest in cutting-edge smartphones offering great data protection, but the merchant is still not able to benefit from these technology investments, and is still left wanting a data protection solution that works for all transactions.

So how can retailers keep up?

From Intel’s point of view, while data protection is a priority, merchants also need to invest in the new devices that enable new customer experiences, and we see all of these deployments happening – involving multiple vendors, multiple devices, and multiple form factors inside the merchant environment. In all likelihood, these devices will need payment acceptance capabilities for flexible customer experiences – which will come from more vendors still – and they all have maintenance responsibilities and data protection requirements.

What is Intel doing to address this?

Intel’s been investing in a technology called ‘Intel Data Protection Technology for Transactions’, the intent of which is to provide effective encryption for the protection of transactional data, as well as providing common management mechanisms. This ensures that devices and payment experiences from different manufacturers can be managed concurrently in a simpler fashion. The goal is to help the merchants focus on the customer experience while protecting customer data in all types of transactions.

Number of views (5823)/Comments (-)

Comments are only visible to subscribers.

Theme picker