As we’ve all learned from the recent Target security breach, when data is compromised it can create a very expensive and damaging situation for a business. A large corporation like Target can lose millions of dollars in legal fees, reparations to customers, and lost business due to a damaged reputation. On a smaller scale, a small business may not lose millions, but the amount they do lose could completely ruin the company.
Obviously, the best course of action is to prevent a security breach from occurring in the first place. When customers trust you with their sensitive information such as credit card numbers, it’s essential to put in place the safest system possible to protect that data. A two-step system of layered end-to-end encryption and tokenization renders this data useless to data thieves.
During the transaction process, there are two points at which data is most vulnerable to attack: pre- and post-authorization. When card data is captured by the system, but still awaiting authorization, it is simply sitting in your system where it can be stolen. Encryption turns the card data into ciphertext using a certain algorithm, rendering it unreadable without the correct key to unscramble it.
Once a transaction has been authorized, credit card data is again at risk. A token value is used in place of the real information, and only the merchant which put the system into place is able to decipher the real numbers. The card data becomes a useless string of numbers to would-be thieves, and the real data is untouchable.
Even though it’s a common assumption that criminals only target large corporations, small businesses are increasingly at risk of attack by data thieves. Hackers have figured out that smaller businesses often don’t employ the same level of protection as larger companies, making them particularly vulnerable to attacks. A two-pronged approach using end-to-end encryption and tokenization is supported by the PCI DSS, and is considered a reliable approach for any business which handles customers’ credit card information.