Sensitive data protection in the retail card payments ecosystem
Securing sensitive data in a cost-effective manner is often one of the biggest challenges in processing payment transactions.
Securing payment transactions is serious business. Get it wrong and the consequences can be catastrophic in terms of financial loss and business reputation.
Year after year, the threat landscape is widening as fraudsters conceive of more sophisticated methods to compromise payment credentials for monetary gain. The payment industry invests heavily in onward development of an infrastructure which is often referred to as the ‘payment rails’ and operated by the various global and regional payment brands including American Express, Mastercard and Visa.
Hardware-based security (underpinned by rigorous solution certification schemes) is prevalent at multiple nodes in the infrastructure to protect the numerous cryptographic keys that enable participants to transact securely. Compliance with the formal security standards (developed and managed by organizations including EMVCo and PCI SSC) is a pre-requisite.
This document provides an overview of the challenges in securing payment data, and the mix of technology solutions available to address them.