EMV is only one of several actions merchants can take to reduce exposure to payment fraud and security breaches. MicroBiz, along with its payment partners, will offer the following components as part of the EMV update to eliminate existing vulnerabilities within the payments chain. When using integrated payments with your MicroBiz POS system, these components can protect credit card data while at rest and in transit.
EMV. This involves use of EMV-compatible payment terminals to authenticate a card using a computer chip embedded in the card. This fraud-reduction technology protects card issuers, merchants and consumers from losses due to the use of counterfeit and stolen payment cards at the point-of-sale.
Point-to-Point (P2P Encryption. This technology encrypts card data at the point the card is swiped or read at the terminal. Encrypted data is then transmitted over the network to the card processor, where it is de-encrypted behind the processor’s firewall using a matching algorithm. As a result, merchants are unable to view card numbers after the swipe or hand-key – so have no exposure to security breaches and are kept outside of the scope of PCI. P2P encryption is designed to render cardholder data virtually unreadable while being transmitted.
Token Vault. In the event that you want to retain cardholder data in order to facilitate recurring payments, rather than retaining actual card data in your systems, this data is replaced by digital “tokens.” To process a transaction, a merchant submit a token to its payment processor, which then matches the token to the cardholder’s card data securely maintained behind the processor’s firewall. The processor uses the card data to process the transaction, and sends the merchant a confirmation which does not contain any sensitive card data. As a result, sensitive data is stored in the more secure data center of the processor instead of in the merchant’s environment.
PCI 3.0. Current versions of MicroBiz POS and its payment partner’s services are considered out-of-scope of PCI requirements, eliminating cumbersome PCI validation requirements. |