PCI’s Not Enough: Breach Prevention Needs Chips and Tokens

Many of the worst data breaches in history had nothing to do with a failure to be PCI compliant; they resulted from weaknesses in the payment security infrastructure. While PCI compliance is necessary and useful, it’s not always sufficient to be fully secure. To counter this, independent software vendors (ISVs) must adopt a layered security approach that uses EMV, encryption technology, and tokenization in addition to keeping up with PCI compliance requirements.

On their own, each of these security technologies partially protects data along its payment processing journey. Together, they protect sensitive card data through the entire multistep payment process. By using these technologies together, ISVs can protect themselves and their merchants from expensive and devastating data breaches.

These additional layers of protection for clients mean extra work for ISVs that must ensure they are up to speed with all options and regulations. This is not something any software vendor particularly welcomes. It’s costly in time, effort, and resources. As a result, many take shortcuts. Most of the industry is simply not ready to go that far, especially when it comes to writing integrations, which is a potential source of great danger for consumers, merchants, and ISVs alike. This is where the advantages of partnering with a payments processor become clear, especially one that’s already gone the extra mile to validate its P2PE solution.

Read the full article in Payments Source here.