FINANCE: Card Payments - Cutting Out the Middleman
Recent Gauteng Business News
Meeting the PCI-DSS requirements for the safeguarding of payment card data can add complexity and cost to managing payment systems. Graham Williams, Managing Director of Stanchion Payment Solutions, says that amongst other requirements, these standards specify that all sensitive data relating to bank cards must be encrypted at all times, whether being stored or transmitted.
For example, this means any single credit card payment may need to be encrypted and decrypted several times between pay point and the bank, Williams says. This process adds to the complexity and cost of processing the transaction securely by the payments system.
In addition to this complexity, there seems to be no common consensus as to the private status of certain network types, he adds. For example, we frequently encounter vociferous debates between PCI-DSS assessors, payment institutions and MNOs about whether or not GSM networks should be considered private. Since private networks dont require the same level of protection as public networks, theres definitely value in taking the debate off the table by implementing something that solves the problem once and for all.
Compliance should be a key consideration for all retailers and organisations that accept payment. Besides being mandated by the major card associations, PCI-DSS compliance ensures that a companys systems and data are secure, and that risk to the retailer is mitigated, therefore further ensuring customer peace of mind.
Also, with card-based payments growing rapidly, mobile money taking off fast and cyber- crime now rampant, the security of the information moving through data centres and across the internet has become of paramount importance, Williams says. Non-compliance and resulting data breaches could be disastrous, resulting in fines, lawsuits and reputational damage, amongst others.
The good news for retailers, and any company handling bank card and electronic payments, is that there is no longer a need to encrypt and decrypt data along each leg of its payment route. End-to-end encryption allows for card data to be transmitted securely from point of purchase to the bank in one seamless, encrypted process.
Futurex, a global firm specialising in encryption for secure transactions, is now represented in South Africa by certified distributor Stanchion Payment Solutions. Coming to market on a 30-year track record of delivering secure, robust and cost-effective data encryption solutions, Futurexs security modules allow retailers, ISPs and any organisation managing transactions to effectively reduce the cost of meeting PCI standards.
Williams says the Futurex Hardware Security Module (HSM) supports the latest card data encryption standards and uses the point-of-sales existing security key to protect the information. Because the module itself is tamper-proof and tamper-evident, the security keys are completely secure from physical breach.
Williams points out that the system substantially lowers the risks involved in using custom encryption codes developed on a small scale. Virtually anyone can write a programme today to encrypt data. The problem is that it is potentially easy to access the code to decrypt it. You just need to find the developer who wrote the code. He becomes the weak link, and for the right price, you can have the code.
With an automated encryption system, this risk is entirely eliminated.
The Futurex HSMs are universally compatible, compliant-ready solutions that are eminently configurable, robust and lower the cost of transactions.
Williams notes that with Futurex E2EE solutions, the PAN digits are encrypted using the terminals existing key. The resultant protected data uses the usual decimal digits 0-9 only which means that routing and card checking are unaffected by the encryption so the transaction can be sent throughout the payments infrastructure until required in the clear.
Futurex systems also support Private/Public Key encryption algorithms, and therefore allow for Certificate Authority management and SSL offloading and acceleration, which partners with secure, hand-held devices for compliant key loading.
Futurexs security solutions also offer key management and injection capabilities, allowing for the remote management of the devices.
This management capability decreases your cost of ownership, says Williams. The security officer doesnt have to be physically present to manage keys on the device, but can manage this entire process both remotely and securely.
Williams is enthusiastic about the potential market for Futurex in South Africa. This system is up and coming, challenging other encryption systems that may be slower, more expensive or offer no management capabilities. In terms of the pricing and functionality, the market is sitting up and paying attention, he says.
Business News Sector Tags: Finance|