Demos
How To Use Demos

How to use demos

Learn more about usage and features with our collection of demonstrations.

Tag Archives: tokenization

5 Steps to Reduce PCI DSS Scope

Because the scope of PCI DSS requirements can be so large and complicated, companies are constantly searching for ways to reduce and even eliminate it. Below are five ways businesses can potentially reduce the size of their PCI DSS scope.

  1. Consolidation:Identifying and eliminating redundant data sets and consolidating applications and information storage can reduce scope.
  2. Centralization:Encrypted data stored in a highly secure on-site central data vault. The payment card numbers are replaced with tokens in other applications or databases. Since cardholder data is only stored in one central location, PCI DSS Scope is minimized
  3. End-To-End Encryption (E2EE) or Point-To-Point Encryption (P2PE):Ensures that card numbers are encrypted from first card swipe at the point-of-sale (POS), and while in transit all the way to the payment processor eliminating most PCI requirements.
  4. Outsourcing:Outsourcing all or some of your payment card processing capabilities to a PCI DSS compliant service provider can reduce PCI scope. This is especially relevant to companies conducting eCommerce transactions only.
  5. Tokenization:Stores card numbers and other sensitive data such as social security numbers in an off-site highly secure data vault. The payment card numbers are replaced with tokens in all other databases and applications. Not storing cardholder data anywhere greatly simplifies the scope of PCI Requirement.

These 5 steps can simplify PCI compliance for POS-centric and card-not-present (CNP) environments, but choosing the best method for your company will depend on the level of security you are looking to achieve. For example, the first two techniques mentioned will minimize the scope of PCI Requirement 3, but will not eliminate it. Card numbers will still be stored on-site, giving access to all sensitive data if a hacker does decrypt your information.

Your next layer of protection will be utilizing a third party tokenization solution. Tokenization is a solution that affords business the opportunity to eliminate the storage and/or transmission of cardholder data in enterprise systems and applications. Implementing tokenization can make reaching compliance much easier than replacing an existing application with a PA-DSS compliant one, according to Verizon’s Business report.

If you are searching for the complete package, a combination of a third party tokenization and a point-to-point encryption P2PE solution will get you closest to completely eliminating your PCI scope depending on your current payments landscape. Utilizing P2PE will remove your entire network and PCs by tokenizing card numbers before they ever touch your network.

If you have questions regarding PCI DSS Compliance or Tokenization solutions, please contact us to schedule a time to speak with one of our Payments Industry Experts.

 

 

tokenization

Beyond PCI with Tokenization: Next Generation Security

Recently, tokenization has gained widespread attention as one of the most effective solutions organizations can implement to protect sensitive cardholder data. Though encryption is a prevailing security solution as well, there are vast differences among the two solutions that may or may not be a good fit for your organization’s needs.

With traditional encryption, there are three common challenges that grow exponentially more difficult for organizations that have payment data in multiple, disparate systems. Those challenges are cost, key management, and application integration. Tokenization helps solve these challenges.

Many people view the core definition of tokenization as the substitution of a credit card number for a meaningless replacement value that has no intrinsic value to criminals on the black market. But what is tokenization, really? A token can be thought of as a reference or pointer to a credit card number, without actually having to handle the credit card number. The bottom line is that tokenization is an evolution of the better known, but lesser qualified, traditional encryption. With tokenization, sensitive data is completely removed from enterprise systems. And, as an added bonus, the technology is complimentary to ERP systems.

Drilling deeper, tokenization affords companies that opportunity to eliminate the storage of sensitive information. This technology intercepts cardholder data entered into an enterprise payment acceptance system like a web store, CRM, ERP or POS, and replaces it with a surrogate number known as a token – a unique ID created to replace the actual data associated with a specific card number. This makes tokenization security best in class regarding data security. More than 25 percent of Gartner clients have already adopted payment card tokenization to reduce the scope of their PCI assessments, and three out of four clients calling about PCI inquire about tokenization.

By ensuring that business applications, systems and infrastructure are processing randomly generated numbers instead of regulated cardholder data, organizations can drastically reduce the controls, processes and procedures needed to comply with PCI DSS. This is particularly true if tokenization is provided to merchants as a service from a third party that maintains data management.

The task for merchants is to find an electronic payment security solution that integrates into existing workflows while also:

  • Protecting sensitive cardholder data
  • Achieving and maintaining PCI DSS compliance
  • Reducing the scope of compliance
  • Conducting business as usual
  • Deploying in a cost-effective manner

Click here to learn more about Paymetric’s data security solutions, or contact us.

tokenization and pci compliance

Tokenization to Shape Future PCI Compliance

PCI Security Council mulls response to retail malware attacks

The next version of the PCI DSS standard for securing credit card data is likely to require or strongly urge merchants to invest in tokenization, encryption and dynamic authentication, according to two of the council’s most senior members.

Attacks on Target, Kmart, Home Depot, Staples, Neiman Marcus and Dairy Queen have brought the security practices of retailers into sharp focus and has led some analysts to argue that the bar for PCI compliance – as a baseline of IT security for those that hold credit card data – needs to be raised.

The breach at Target left 40 million cardholders vulnerable, while attacks on Home Depot’s systems exposed closer to 56 million cards, at huge cost to issuers. Trustwave, the PCI auditor of Target, was threatened with a lawsuit by affected issuers over the matter.

The breaches have put considerable pressure on the council that sets the Payments Card Industry Data Security Standard, which is made up of representatives of the major credit card schemes (American Express, Mastercard, Visa et al) and volunteers from within the financial services and retail industries.

Click here to read the full article.

Paymetric featured on PYMNTS.com podcast about payments trends and ideas in the U.S.

PYMNTS.com: Securing $30 Billion Worth of B2B Payments [Podcast]

Take any type of payment within an enterprise, enable its acceptance through seamless ERP integration, and secure it with a token. That’s the job of of enterprise payment acceptance solution provider Paymetric, which is driving over $30 billion worth of payments, says Paymetric CEO Asif Ramji.

During the podcast, Ramji shares how Paymetric helps global Fortune 500 brands accept, secure and optimize payments, and how future payments trends and ideas in the U.S. will shape the industry as a whole.

Read the full story and listen to the podcast here.

data breaches

5 Critical Factors to Help You Stay Protected from a Mega Data Breach

Data breaches are hitting the news more than ever before and the trend is getting worse. How much do you know about these breaches and what you can do to protect your data? Read on for the top 5 takeaways from our recent webinar to learn how you can keep your SAP-based business protected.

1. What causes data breaches?

According to a study by the Ponemon Institute, over 37% of data breaches are caused by a malicious or criminal attack, 35% are caused by a negligent employee or contractor and 29% are caused by system glitches. The takeaway here? Data breaches can- and do- result from a multitude of causes and it’s important to make sure your business is taking precautions to protect itself from each type of threat.

2. The impacts of a breach to your business are HUGE

Once a potential breach is discovered, the effects begin to snowball. Companies affected by data breaches not only face fines and litigation fees, but must foot the bill for investigations and audits. Perhaps the worst, however, is when the news hits the media. Breached companies can be faced with a negative brand reputation, loss of business and customer trust and even a potential decline in share value.

3. So what can you do?

Imagine thieves breaking into a vault they think is full of gold. But once they get it open- it’s totally empty. Thieves cannot steal what is not there and the same goes for your data. Turn the sensitive data that is left in your system into data that is totally worthless to anyone on the outside through the use of tokenization.

4. Understand the premise behind tokenization- and use it!

Tokenization replaces a sensitive data value with a “token” value that is useless to anyone outside of your system. Systems that use tokenization are no longer storing raw sensitive data or encrypted data. And unlike encryption, tokenized data cannot be reverse engineered back to the original data. If the system is breached, the original data is safe.

5. Tokens can protect more than just credit card data

So maybe you don’t accept credit cards and think you’re safe? Think again. Data breaches can affect much more than just payment data. Any type of sensitive data- including social security numbers, bank account numbers and medical records- can wreck havoc on your company if exposed. Use tokenization to protect all types of sensitive data to give your company, your employees and your customers peace of mind that their data is safe.

What’s Keeping the CSO up at Night?

In the 2014 Global Information Security Survey and the 2013 State of the CSO, revealed that the demand for skilled IT security professionals continues to strain organizations’ ability to fill security positions. Finding skilled information technology workers was identified as of the greatest challenges for 31 percent of large organizations.

Additionally, the increased use of enterprise data, the greater complexity of IT architectures and the demand within all enterprises to understand all of the security-related data generated is going to continue the drive the demand for security pros to work with data scientists to be able to better pinpoint and respond to threats.

So, the CSO/CISO is often in the hot seat to ensure that their IT infrastructure is secure, regardless of the complexity of legacy systems, CRMs, ERPs or web stores. Tokenization is a best in practice approach to ensuring the security of the data in these systems. In fact, Gartner estimates that 25% of its clients are moving toward tokenization technology to protect business and customer information.

How do you secure your enterprise systems?

 

 

 

 

 

cyber attack image

Is Your ERP system a Target for Cyber Criminals?

A Chinese manufacturer stands accused of conducting an attack on businesses’ ERP systems by enabling firmware in the devices to harvest financial and customer information as well as other proprietary data.

The takeaway? Understanding the true scope of your ERP systems within your organization – whether its ERP systems unique to a specific business unit or the interconnectivity of your systems.

Being able to establish any potential “danger” points can help you proactively address any security issues. While hacking incidents continue to rise, there is technology out there to help mitigate the risk of this type of attack.

Prepare your systems now and avoid the financial and reputational damage caused by a breach.

data breaches

Is the Fallout from Data Breaches Increasing EMV Commitment?

You’d be hard pressed not to notice the increasing number of data breaches in the business papers today. Whether it’s a giant retail store or a healthcare organization, companies are scrambling (unfortunately, after the fact) to ensure their processes and systems are secure.

In a recent article by Digital Transaction magazine, it stated that the recent data breaches have spurred debit card issuers into action, a group that once was reserved around EMV adoption.  The article goes on to state that 67% of debit issuers now plan to offer EMV cards in 2015.

And while these PIN and Chip cards offer more security than magnetic strip cards, is EMV the ultimate answer to ensure a breach doesn’t occur in your organization?

The short answer is no. While they are part of an overall data security strategy, protecting cardholder data is not an easy, one-stop fix. Technology exists beyond encryption to ensure cardholder data never touches your ERP system, legacy applications and web stores.

It’s called tokenization and not all tokenization is created equal. Make sure when looking at solution providers that offer this technology that it can easily integrate with your existing processors, saving you time and money.

EMV is here to stay, but it’s not the final word in data security.

Personally Identifiable Information

Personal Information Growing in Favor Among Criminals

In a recent edition of the Trustwave Global Security Report, personally identifiable information (PII), such as birth dates and social security numbers, is growing in favor among criminals.

Trustwave analyzed 691 data-breach investigations conducted in 2013 and the report showed that 45% of data thefts in 2013 involved non-payment card data. The report also showed a 33% increase in the theft of financial information, internal communications and other types of customer records as well as a 22% increase in the theft of financial account credentials.

Karl Sigler, a threat intelligence manager for Trustwave said, “While demand for payment data, such as the card number and expiration data, remains strong, criminals also find other types of data lucrative.”

So how can you protect your organizations personally identifiable information? With XiSecure® On-demand for Sensitive Data, Paymetric’s proprietary, award-winning tokenization solution, you can eliminate the storage and/or transmission of PII in enterprise systems and applications. Utilizing tokenization technology will help reduce the risk of a data breach and address regulatory mandates and compliance requirements.

EMV Cards

Are EMV Cards the Answer to Card Security?

According to a recent study by Cambridge University, the answer is “no.”  EMV, also known as “Chip and PIN,” is used throughout Europe and Asia and is starting to be used in North America as well to improve cardholder data security.

The report, “Chip and Skim: Cloning EMV Cards with a Pre-Play Attack,” states, “that some EMV implementers have merely used counters, timestamps, or homegrown algorithms.”

The problem? This exposes EMV cards to a “pre-play” attack, which is indistinguishable from card cloning from the standpoint of the logs available to the card-issuing bank, and can be carried out even if it is impossible to clone a card physically.

Card cloning was the type of fraud that EMV was supposed to prevent. So how do you ensure the safety of your cardholders’ data? Best-in-class tokenization practices can prevent cardholder information from ever entering your systems, replacing actual data with surrogate values, rendering them useless to hackers and others.

 

“"
Thank you for visiting our site, due to the size of your mobile device, you need to rotate it 90° to view this site.