October 12, 2009
-
News: Visa Looks At End-to-end Encryption
Visa released a document which outlined the credit card network's best practices in alignment with the Payment Card Industry (PCI) Security Standards Council. The PCI Security Standards Council was developed to ensure financial data security standards in payment transactions associated with debit and credit card, pre-paid cards, e-purse, ATM, and gift cards. The organization's aim is to enhance electronic payment data security through education and awareness of industry standards. The agency was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. The document indicates that Visa Inc. will be implementing end-to-end encryption and the use of tokens in its credit card payment processing.
The head of Visa's Data Security, Eduardo Perez said that there is no totally inclusive data security system In existence to deter all credit card fraud; however, "data field encryption" is the most comprehensive and effective. According to an independent study by PricewaterhouseCoopers who surveyed 125 companies, both encryption and tokenization emerged at the top of efficiency. Data indicates that by partnering the two systems, credit card information will experience the highest form of protection from the moment the card is swiped and as it travels across the internet. The procedure would remove and prevent merchant systems from storing any customer card information making them less vulnerable to theft.
In its document, Visa also mentioned the idea of an "alternate account" or "transaction identifier" that would encompass other merchant programs such as customer loyalty programs, merchandise returns, and fraud management. Merchants will continue to be challenged in meeting any standard that would prevent them from storing credit card information since some lenders require they maintain card data for up to 18 months. It will also be difficult for many retailers from a financial standpoint since many of their systems do not support the technology and upgrades would be very costly. Nevertheless, the pressure remains on merchants to take the necessary steps to insure consumers' card and personal information is protected. Currently, end-to-end encryption and tokenization appear to be the best route in meeting those goals.