• (800) 846-4472



Protecting card data is your responsibility

Let your POS do the heavy lifting

If you accept credit cards, you also accept responsibility to keep sensitive cardholder data secure from theft and misuse. If your system is hacked and card numbers are stolen, you could be held liable for the damages, the cost of replacing all the compromised cards, legal fees, and the hefty fines levied by the card associations.

Complying with 12 PCI data security standards, in addition to monitoring employees and customers for fraudulent behavior leaves many merchants feeling overwhelmed with the task. Vantiv Integrated Payments offers compliance assistance services and breach protection to help mitigate the effects of a breach, but even with support, compliance can be a heavy burden.

Put your POS to work One of the biggest tools at your disposal for helping you secure card data is an integrated point of sale (POS) system. With built-in security features that mask credit card data via encryption and/or tokenization, you can significantly reduce your compliance efforts and protect your business’ bottom line and reputation from the effects of a data breach. Plus, many new payment acceptance technologies offer greater security than traditional credit card transactions. With the right POS system, you can accept new payment types like Apple Pay® and PayPal Mobile Payments.

Here are some of the ways an integrated POS system can help secure data.

E2E

E2E stands for end-to-end encryption. It is also sometimes referred to as point-to-point encryption (P2PE) or E2EE. P2PE can be defined as a solution that encrypts card data from the entry point of a merchant’s point of sale to a point of secure decryption outside of the merchant’s environment, such as a payment processor. In a P2PE environment, cardholder data is not in the clear (visible in clear text), and the confidentiality and integrity of the data-in-motion is maintained securely point-to-point. P2PE is intended to directly address the risk of unauthorized interception associated with cardholder data-in-motion such as during transmission of a transaction from the POS terminal to the payment processor. It does not address data-at-rest (stored cardholder data) in legacy or other systems used for ongoing operations. In a nutshell, it means the card number is encrypted from the moment a card is swiped and for the duration of the transaction. Without E2E, when a card is swiped the card number is recorded in clear text for a split second before the POS encrypts or s it, making it vulnerable to data thieves.

Tokenization

Tokenization also makes card data useless by replacing it with a “token” that has no value. The token is generated by a third-party service provider and is only useable by those entities with the payment card data required to process the transaction. Tokenization is intended to address the risk of unauthorized access associated with stored cardholder data. Tokens are particularly useful in situations where the card number is stored for future use like recurring billing or tip adjustment. The combination of P2PE and tokenization creates a comprehensive and powerful solution for merchant and consumer data protection.

Mobile Payment Technologies

New and emerging payment types are getting a lot of attention in the industry and promise to grow in popularity and demand. But mobile payment technologies aren’t just gaining traction because of their cool factor and convenience, they can also add additional security to transactions.

NFC

Near field communication (NFC) allows two devices, like a smartphone and a POS terminal, to exchange data when they are in close proximity to each other. NFC is the technology behind many mobile wallets like Apple Pay, and Google Wallet®. Mobile wallets using NFC technology increase security because in addition to standard credit card authorization protocols, they include additional security measures. When a user initiates a transaction, a unique code is generated and sent for authorization in lieu of the actual credit card number. In the case of Apple Pay, the user then scans their fingerprint or enters a passcode to complete the transaction. From there, the transaction is processed the same way as a credit card.

Pay at Table

There are a number of tablet based POS systems and handheld wireless terminals on the market that enable restaurant diners to retain possession of their payment cards when paying the check. In a traditional restaurant transaction, the customer hands their card to wait staff, who then takes the card to a payment terminal to perform the transaction, often out of sight of the customer. This provides an opportunity for an unscrupulous employee to swipe the card through a device called a skimmer that collects the sensitive data which can then be sold or used fraudulently. With pay at table capability, customers can pay without losing possession of their card, reducing the risk of having card data stolen or misused. Add in encryption and/or tokenization, and now you’re getting serious about security.

Your data is only as secure as your POS

Your POS may be a heavy hitter when it comes to protecting data, but it can’t do its job properly if you leave it exposed and unprotected. Here are some things you can do to make sure your POS stays in good working order and isn’t compromised by data thieves.

• Set up a firewall—Your POS should have its own firewall and router and should be kept separate from other systems that access the internet. Don’t use the POS to surf the internet.

• Use complex passwords and change them regularly—Make sure that every employee accessing the system uses their own unique password and changes it every three months.

• Limit remote access—Only those with a specific and clearly identified need should be permitted to have remote access to your system. Be sure to assign separate log-in credentials for every remote user and keep passwords updated.

• Keep anti-virus software programs installed and up to date.

• Check for skimming devices—Skimmers are small and can be installed on directly on the POS mag strip reader. Train your staff to look for unauthorized devices and other suspicious activity.

• Have and enforce a security policy with your employees Vantiv Integrated Payments works with thousands of the top POS system vendors who can help you get the POS system you want, with the security features you need to keep your doors open and the customers coming in.

 

*Apple Pay and Google Wallet are registered marks belonging to one or more unaffiliated third parties that do not endorse or sponsor Vantiv Integrated Payments, LLC.  

At Your Fingertips

5 Data Security Best Practices

Data security can be complicated. But, apply these simple 5 best practices to help avoid a data compromise and protect your business.

Myths and Merchant Responsibilities

As a business owner, you've likely heard a lot about data security. This short guide separates fact from fiction.

Speak With a Security Expert

There's 3,000+ POS Resellers in the Vantiv Integrated Payments Network that can help secure your business from card data theft. Get matched for free!


 
 
Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.