ncryption & PCI Compliance
Surely you’ve heard about skimmers being placed on gas station pumps or similar, of criminals trying to capture credit card information. PCI-compliance helps merchants avoid potentially dangerous situations like these. Staying PCI-compliant should be a primary concern for any merchant. Security breaches can spell disaster for businesses large and small, as recent headlines have made clear. For that reason, card networks expect merchants to comply with the PCI-DSS to keep everyone from cardholders to the card networks themselves safe from fraud.
Encryption is one such way to keep cardholder data safe. The practice of encryption is a great security measure because…
- The practice helps keep merchants PCI-compliant
- Encryption makes it much harder for cybercriminals to steal data, protecting cardholder, merchants, processors, and card networks from fraud
- Encrypted data requires a decryption key to access, so until the encryption is unlocked the data is safe
How Encryption Works
Like tokenization, encryption converts the card data into an indecipherable code. However, unlike tokenization, the encrypted data but be decrypted (using a randomized decryption key) in order to be used. While a token can be used as is, encrypted data must be “unlocked” to be usable. Only authorized users have the decryption keys necessary to read the data, and these keys change often to guard user data.
While the magnetic stripe on the back of a credit card is encrypted, it is fallible to skimmers. An EMV chip also contains encrypted information, and each transaction is encoded differently, making it safer. EMV (Europay/MasterCard/Visa) chips were introduced in the U.S. around 2014, after several hacks of big-name retailers made consumers wary of credit card transactions.
PayArc and Encryption
PayArc offers an encryption service as part of our PCI-compliance program for merchants. This program is made possible through our partnership with ControlScan, a leading IT security service. PayArc and ControlScan are dedicated to the protection of your customers’ card data, and we will help you every step of the way to make sure that goal is met.