EMV and tokenization go hand in hand
November 24, 2014

There is a lot of talk over how to increase security in the payment processing business so that customers aren't exposed to data breaches. Many payment processors are looking to the EMV chip standard, which is slowly being added on new credit and debit cards, to address many of the concerns that they have. Others are looking at tokenization, a security standard, to address their consumer data concerns. Both systems individually can help provide some data security over the long term. However, they may not be enough alone. Together as part of a layered security approach, the two technologies can work to provide an increased level of protection.

Playing off one another
Tokenization's security comes from the fact that if a network is compromised, cybercriminals won't be able to take off with any sensitive account information. EMV's strength is that the chip on the card remains very difficult to replicate and hard to use. On the other hand, both have weaknesses. Fraudulent or unauthorized purchases can still be made on a system with tokenization, while EMV chips don't protect transaction data as a whole. Consequently, both alone present flaws that criminals can easily overcome.

That is partly why MasterCard and Visa, under the EMVCo name, announced a tokenization standard that works for EMV chip cards, according to TokenEx. This system allows integrated payments systems that utilize mobile point of sale terminals and other features to be able to create tokens for use in offline systems.

The key takeaway is that tokenization offers a standard formula that can be applied to retailers that accept credit card payments involving the EMV chip. This allows both technologies to be used at once, creating a dual-layer security system that will be tough to crack. It also allows tokenization to follow a uniform code for easier implementation.

Locking it up
Of course, many cards are still utilizing magnetic stripes to make transactions, and their data isn't particularly secure. Addressing this gap in securing especially at the transaction stage is very important. After all, the cause of some of the more recent data breaches can be linked to the POS terminals. That is why the Smart Card Alliance Payments Council, which includes key players from the payment cards industry, has been recommending that transaction data get encrypted at the point of sale stage and not afterward. In this way, the most comprehensive security measures can be put in place to ensure that customer data is safe.

Nexus: G-WEBCD6