Food Forum: Payment protection

Data security should remain a top priority as grocers look to provide customers with more flexible payment options. By Tim Horton When grocers evaluate their payment systems, the ability to keep up with data security and fraud protection tools—and be one step ahead of fraudsters’ schemes—has never been more critical. A data security program that does not include the most up-to-date barricades throughout the payment processing chain will fail. While today’s grocers increasingly understand the advantages of a multi-level approach to data security and fraud detection, many remain vulnerable. In fact, Aite Group reports that card fraud in the U.S. already costs the card payment industry $8.6 billion a year and experts believe that fraud will reach $10 billion per year by 2015. For retailers, a more alarming statistic is that 43% of consumers who have been the victims of fraud stop doing business with the merchant where the incident occurred, regardless of whether they were at fault, according to Javelin Strategy and Research. Fortunately, readily available fraud prevention and detection tools solutions are already shaping the way businesses protect payments and customers’ personal information. Here is a look at the key industry-changing drivers: Tokenization and Encryption Customer payment data, typically housed in back-end systems, many times for an extended duration, is one of the main opportunities for data breach. Tokenization and encryption are increasingly popular approaches for the protection of sensitive cardholder data. Encryption refers to algorithmic schemes that encode plain text, such as a card number, into a non-readable form called ciphertext. This represents an increasingly vital measure that businesses can take to protect cardholder information as soon as the data is captured. This step means the transaction is never transmitted in plain text in the frame relay, dial-up or Internet connection, where the potential exists for interception by fraudsters. If the data gets siphoned off once it is encrypted, it is virtually useless to thieves. The tokenization process eliminates actual cardholder data from entering a business environment after a transaction has been authorized by replacing card data with a token number that preserves the value of card data for business operations but removes all value for fraudsters. While encrypting data is a valid security measure, it doesn’t significantly reduce the requirements a company must meet because the cardholder data is still present—albeit encrypted, but it is still there. By complementing data encryption with tokenization, merchants remove sensitive card data from their applications and storage systems.  This effectively reduces the cardholder data environment and subsequently reduces the cost and extent of scans required within Payment Card Industry Data Security Standards. EMV Despite  progress in understanding security obligations and recent  technology advances, grocers need to keep pace with evolving trends and future needs, such as EMV, which stands for EuroPay, MasterCard and Visa. EMV refers to a set of fraud reduction technology standards that ensure payment applications using chip-based cards are compatible around the world. A chip-based payment transaction occurs when microprocessors embedded in a plastic cards or mobile phones connects to an EMV-enabled POS terminal, either contact or contactless, in order to execute a payment. The smart card technology provides an additional form of authentication while validating the legitimacy of the payment type and reducing risk. Evolving Commerce Commerce is also undergoing a complete and rapid transformation. Part of this revolution is the idea of  universal commerce—or commerce that is integrated, personalized, secure, open, and smart. While some technologies have been around for years, the emergence of smart, connected mobile devices means consumers now expect much more. Examples include real-time offers and coupons based on location and personal preferences. Grocers must continue looking for flexible systems that support a scalable approach and should weigh technology decisions as part of a dedicated effort to securing customers’ sensitive information and addressing evolving business strategies.