The superheroes of PCI compliance – Point-to-Point Encryption (P2PE) and Tokenization – serve to protect sensitive payments data in flight, or at rest in merchants’ databases. But tokenization has some additional superpowers, beyond protecting payments, which all omni-channel merchants should know about. Debbie Guerra, ACI’s head of merchant solutions, spoke about this topic in detail at Money20/20 U.S. last week, where the industry once again gathered in person to take the pulse of payments. Insider Intelligence caught up with Debbie to recap on her session – captured in the video below.
Here are some of the interview highlights:
What is the main takeaway you want people to take from your session?
It’s really that a “dynamic duo” – point-to-point encryption (P2PE) and tokenization – are needed to fully protect payments. P2PE is important because it allows card data to be encrypted, which is important in helping to prevent data breaches that occur when cards are presented. And that is critical because when a breach happens, it causes on average a loss of four million dollars and may take a merchant up to nine months to detect that they’ve been breached.
However, it’s not enough just to encrypt data. Merchants also have the opportunity through tokenization to ensure that when data is decrypted, in a safe harbor with a processor for example, that the account information and other personally identifiable information related to the consumer is replaced with a token. That token further helps to prevent fraud and the potential for data breaches, which is critical for consumers.
However, it’s not just bringing these two things together that’s important but it’s leveraging tokenization to really set up and deliver unique consumer journeys that leverage that token – and can be applied whether it’s through a card purchase in person, in store, at a fuel pump, via an eCommerce platform or even mobile- or kiosk-driven. The token actually provides value beyond security to enable different consumer journeys.
What are some of the potential payment innovations and use cases for deploying P2PE and tokenization?
The reason that it’s so important to deploy them together is that they can help solve for different issues. For example, one of ACI’s customers in the hospitality space was a hotel chain that had corporate stores but also franchisees. In the corporate stores, they had deployed P2PE, while many franchisees elected not to. There was subsequently a significant data breach that impacted those unprotected franchise stores, while all the corporate stores protected by P2PE didn’t suffer the breach.
The same hotel sought to descope PCI requirement by deploying a tokenization solution, and that became really important because they didn’t have to worry about the encrypted card data. The use of tokens can actually prevent having card information in the merchant environment and delivers a lot more security for the merchant as well as their customers.
Moving beyond just the security aspects of P2PE and tokenization, it’s worth looking at how the token can enable better consumer experiences. I always think about the connected car experience; I can arrive at my favorite gas station and convenience store, I can identify the pump I want to fill up at, I can initiate payment through my mobile phone, then while I’m waiting and fueling I may be able to order something online through the mobile device in the convenience store – and even have it delivered to my car. All this can happen safely, and I don’t have to worry about skimming or a potential breach at the pump. I know my data has been tokenized, so that I’m not worried about potential exposure from those different touch points. That’s an example of a journey that is very real and is already happening today, which tokenization can enable.
Want to learn more about tokenization?
Read our new eBook: An Executive’s Guide to Payment Tokens
View our tokenization tokenization resources