International payment terminal manufacturers and security providers are actively developing new systems for protecting electronic payments due to the growing number of cyber threats.
In March, it became known about the PoSeidon malware, which has already managed to penetrate the POS terminals of restaurants and hotels in the United States. In April, experts discovered a unique Punkey virus that can not only penetrate the device and steal credit card data from the terminal, but also download updates to optimize criminal activity.
Security experts talk about new trends in POS security.
1. The widespread distribution of the P2PE standard (encryption of credit card data directly in the payment terminal).
P2PE (Point-to-point encryption) technology developed very slowly at first. For the first 1.5 years of its existence, almost no one used it. Terminal developers as well as merchants were reluctant to invest in device upgrades.
Today this technology is already supported by seven suppliers and by the end of the year their number should double. The Payment Card Industry Security Standards Council recommends all merchants to use terminals with this encryption.
2. Rejection of E2EE (End-to-end encryption) encryption
Merchants today still use this type of data encryption, which is quite reliable. However, non-compliance with strict PCI DSS standards is forcing retailers and terminal manufacturers to phase out this option.
Among the disadvantages of E2EE encryption is the limitation of the choice of acquiring.
A merchant who uses an E2EE secured payment terminal is forced to use the services of only one bank.
In contrast, P2PE allows merchants to enter into payment processing contracts with various financial institutions.
E2EE encryption was popular with large retailers, as it allowed large sums of money to be saved by processing large amounts of data in its own processing interface.
However, the willingness of P2PE developers to offer such a service in version 2.0 will increase their competitiveness in the electronic transaction security market.
3. Terminals for contactless payments will be protected by P2PE
Combining P2PE encryption standard and contactless payments in one payment terminal is a guarantee of transaction security.
So far, these technologies are combined in one device quite rarely due to the slow transition to contactless payments. However, according to forecasts, already in the II quarter. 2015 the situation will begin to change rapidly.
4. POS terminals with P2PE data encryption will be cheaper to operate
Instead of spending money on hiring third-party developers to secure networks, merchants will find it more profitable to install a P2PE-encrypted payment terminal that performs similar functions and transfers protected information directly to the bank.
5. Merchants are unhappy with the P2PE standard
In order to apply the new payment card security standard, merchants need to get rid of all old payment terminals and buy new ones. This is a rather complicated and expensive procedure, considering that some retailers have recently purchased contactless POS terminals.
Moreover, those merchants who want to sell goods using smartphones are required to purchase mini-terminals that support P2PE data encryption, because mobile devices cannot provide reliable storage of payment data.
Earlier it was reported on how to pass a PCI DSS audit.
In March, it became known about the PoSeidon malware, which has already managed to penetrate the POS terminals of restaurants and hotels in the United States. In April, experts discovered a unique Punkey virus that can not only penetrate the device and steal credit card data from the terminal, but also download updates to optimize criminal activity.
Security experts talk about new trends in POS security.
1. The widespread distribution of the P2PE standard (encryption of credit card data directly in the payment terminal).
P2PE (Point-to-point encryption) technology developed very slowly at first. For the first 1.5 years of its existence, almost no one used it. Terminal developers as well as merchants were reluctant to invest in device upgrades.
Today this technology is already supported by seven suppliers and by the end of the year their number should double. The Payment Card Industry Security Standards Council recommends all merchants to use terminals with this encryption.
2. Rejection of E2EE (End-to-end encryption) encryption
Merchants today still use this type of data encryption, which is quite reliable. However, non-compliance with strict PCI DSS standards is forcing retailers and terminal manufacturers to phase out this option.
Among the disadvantages of E2EE encryption is the limitation of the choice of acquiring.
A merchant who uses an E2EE secured payment terminal is forced to use the services of only one bank.
In contrast, P2PE allows merchants to enter into payment processing contracts with various financial institutions.
E2EE encryption was popular with large retailers, as it allowed large sums of money to be saved by processing large amounts of data in its own processing interface.
However, the willingness of P2PE developers to offer such a service in version 2.0 will increase their competitiveness in the electronic transaction security market.
3. Terminals for contactless payments will be protected by P2PE
Combining P2PE encryption standard and contactless payments in one payment terminal is a guarantee of transaction security.
So far, these technologies are combined in one device quite rarely due to the slow transition to contactless payments. However, according to forecasts, already in the II quarter. 2015 the situation will begin to change rapidly.
4. POS terminals with P2PE data encryption will be cheaper to operate
Instead of spending money on hiring third-party developers to secure networks, merchants will find it more profitable to install a P2PE-encrypted payment terminal that performs similar functions and transfers protected information directly to the bank.
5. Merchants are unhappy with the P2PE standard
In order to apply the new payment card security standard, merchants need to get rid of all old payment terminals and buy new ones. This is a rather complicated and expensive procedure, considering that some retailers have recently purchased contactless POS terminals.
Moreover, those merchants who want to sell goods using smartphones are required to purchase mini-terminals that support P2PE data encryption, because mobile devices cannot provide reliable storage of payment data.
Earlier it was reported on how to pass a PCI DSS audit.
