Advertisement
10/29/2014

Tech for Payment Fraud Prevention: EMV, Encryption and Tokenization

Businesses processing credit and debit payments can help protect themselves against new and evolving fraud threats by implementing EMV chip technology, tokenization and encryption security technologies in conjunction, the Smart Card Alliance Payments Council states in a white paper.
 
“Today, payments industry stakeholders are looking at many security technologies to protect their businesses and customers. This white paper explains how layering three of these technologies – chip, tokenization and encryption – in conjunction can help to secure the payments infrastructure and prevent card fraud,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “The degree of layering will differ among payments stakeholders depending on their requirements, environment and budget. Reading this white paper is a good start for any stakeholder starting to consider their best approach for implementing the three technologies.”
 
The three technologies recommended in the white paper to be used in conjunction are:

1. Chip technology, which improves the security of a payment transaction by providing cryptographic card authentication that helps protect against the acceptance of counterfeit cards. The EMV specification also offers cardholder verification and several means of transaction authentication that help safely authorize transactions

2. Encryption, including end-to-end encryption (E2EE) or point-to-point encryption (P2PE), which can immediately encrypt card data at time of entry—at card swipe, key entry, tap or insertion—so that no one else can read it and use the card data for unauthorized transactions 

3. Tokenization, which replaces card data with surrogate values (i.e. “tokens”) that are unusable by outsiders and have no value outside of a specific merchant or acceptance channel
 
The white paper explains the three technologies in detail and how they can be implemented together. The white paper also presents the authorization process for chip payments, drivers leading the U.S. to implement chip and the value of chip to issuers and merchants. It discusses E2EE and P2PE, defining both while presenting different implementations of transaction encryption used by the payments industry. The paper also details tokenization – the standardization initiatives, its complementary role with respect to chip and encryption, assurance process for token issuance, and activities relative to tokenization that are taking place in the payments industry today. It concludes with a discussion of how payments industry implementation of the three technologies together secures the payments infrastructure and prevents payment fraud.
 
The white paper, “Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization,” can be downloaded for free here.