1 / 19

The Path to Secure Payments

Explore the rising number of data breaches and their financial impact on businesses. Discover the risks, damages, and ways to protect your organization with layered security solutions like EMV, tokenization, and encryption.

kelliw
Download Presentation

The Path to Secure Payments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Path to Secure Payments

  2. Confirmed Data Breaches • Total number of breaches continues to increase year over year in the U.S. • 1,632 breaches in 2017 set a new record high • 1,244 confirmed data breaches in 2018 • 907 confirmed data breaches as of August 2019 907 1,244 109% increase! 0 200 400 600 800 1000 1200 1400 1600

  3. Records Stolen • More than 1 trillion records stolen between 2015-2018 • So far in 2019, over 145,113,911 records have been exposed 126% increase! 0 50M 100M 150M 200M

  4. Financial Impact • 76% of adults surveyed would no longer frequent a business with a high record of data security breaches. • Companies that identified a data breach in less than 100 days lost $2.8 million. Costs increased to $3.83 million after 100 days. • It takes 46 days on average to resolve a cyber attack at $21,155 /day. Source: Secureworks, Ten Reasons Average Data Breaches Costs $7 Million, November 2016

  5. What are the risks to businesses? Damaged Reputation Average cost of a data breach in the U.S. is 2018 Cost of a Data Breach Study  $7.91 million The number of personal records exposed in 2018 more than doubled Identity Theft Resource Center 446,515,334 records of personally identifiable information was exposed in 2018 Identity Theft Resource Center Distrust Incident response $1.76 million 21% Repairs Post response costs averaged in the U.S. 2018 Cost of a Data Breach Study Litigation Lost Revenue of Americans say they will never return to a merchant following a breach PCI Pal

  6. Protecting Card-PresentPayments

  7. PCI DSS Compliance is Tough • Access International Markets • Improve Customer Experience • Grow Global Sales Revenue Online questionnaire provided as part of Safe-T Solo program

  8. Layered Security • EMV • Point-of-Sale card authentication • ENCRYPTION • In-transit protection • TOKENIZATION • Protects during use and at rest

  9. EMV • EMV (Europay, Master-card and VISA) helps to verify that a card is not counterfeit.

  10. EMV EXAMPLE: Prior to implementing EMV, an Elavon customer was experiencing between $100k - $150k per month in chargebacks that EMV would have prevented. EMV technology reduced counterfeit payment fraud from 2015 to 2018 by 80% Source: Visa, December 2018 In Card-Present transactions, EMV is used to help prevent fraud at the Point-of-Sale (POS) - and it works! 30% of merchants still have not implemented EMV Source: https://usa.visa.com/visa-everywhere/security/visa-chip-card-stats.html

  11. Tokenization • Tokenization replaces payment card data with a unique token ID. • Eliminates the possibility of stolen payment data since it no longer exists in your environment.

  12. Encryption • An additional layer of encryption ensures that all activity is protected in transit.

  13. Point-to-Point Encryption (P2PE) Payment Devices PCI Validated P2PE means it has been assessed by a Qualified Security Assessor (QSA) and validated by the PCI Council. Software Applications P2PE is a combination of secure devices, applications and processes that encrypt data from the point of interaction (POI) until the data reaches the solution provider’s secure decryption environment. Physical Security Process Logistics

  14. PCI P2PE validated solution can reduce the PCI SAQ by More than 80% # Questions 326 SAQ D Catchall SAQ C 139 Payment application (IP communication). No e-commerce. 139 SAQ AEP e-commerce (partially outsourced) SAQ B-IP 80 Standalone terminal (IP communication) SAQ C-VT 73 Virtual terminal (no e-commerce) 41 SAQ B Imprint or standalone terminal (dial communication) SAQ A 18 *DCC is supported in Mexico as well. Card Not Present (fully outsourced payments) SAQ P2PE 15 Online questionnaire often available – SIMPLE!

  15. Securing eCommerce Transactions

  16. EMV 3DS 2.1 • Benefits: • Reduces checkout time by 85% • Reduces cart abandonment by 70% • Decreases transaction costs • Increases authorization rates • Shifts liability from the merchant • Lessens false-positives • Source: Payments Journal • Security protocol launched by Visa to protect online card-not-present transactions • Helps distinguish good transactions from bad and mitigates fraud • Cardholders are enrolled automatically • 95% of transactions should be completed seamlessly without having to authenticate • Expanded to include mobile commerce (including wearables), in-app purchases and digital wallet transactions

  17. PSD2 (Payment Services Directive)Effective September 14, 2019 • Set of laws and regulations set by the European Union that aims to secure online payments and expand the financial ecosystem • New regulation mandates Strong Customer Authentication (SCA) • Applies to any payment where the cardholder’s issuer and the acquirer for the transaction are both in the European Economic area • Specifies rights and responsibilities for payment service providers: • Third-Party Payment Providers (TPPs) • Payment Initiated Service Providers (PISPs) • Aggregators and Account Information Service Providers (AISPs) • Opens bank data to third-parties such as retailers and financial technology companies • Consumer permission must be obtained • Allows payment to be initiated without the intervention of a traditional card brand network

  18. Strong Customer Authentication (SCA) Requires businesses to use at least two independent authentication elements to verify payment Three categories: Knowledge: Something you know – such as a username and password Possession: Something you have – such as a mobile device Inherence: Something you are – think biometrics Must be dynamically linked to a specific amount and payee

  19. Questions? Susan Rue Solution Consultant Elavon Susan.Rue@Elavon.com Thank You

More Related