Security should be first on everyone’s mind—whether a consumer or operator.
Sometimes, though operators or merchants have the best intentions in mind, they aren’t sure how to tackle the security topic. We’ve all heard the bad news from time to time—throughout the last decade there have been widespread headlines about major merchant data breaches and the harmful (and costly) results.
Previously, security was solely considered a technical problem. But in the last two years it has also become an executive issue that must be prioritized. It has never been more important to stay one step ahead of a data breach, specifically in the heart of the Internet and digital gaming era.
Security boils down to the concept of risk. When a merchant accepts a card value, there are a number of different risks involved. Payment providers must provide services that help address the risk associated with cardholder data.
The company does so by addressing four critical focus areas: fraud, compliance, data security and financial impact.
The first focus area that should be prioritized to help reduce risk is fraud. When someone wants to use his or her card, the first security concern is determining whether it’s a lost, stolen or counterfeit card. If a company allows someone to use a fraudulent card and they leave with goods/services, the company loses revenue and a good sense of service.
Secondly, to reduce risk, compliance must be a priority. The Payment Card Industry Security Standards Council (PCI SSC) requires every merchant that accepts cardholder value complies with the PCI Data Security Standard (DSS). It is critical to stay up-to-speed on these specific standards.
Thirdly, data security is critical in reducing risk. It’s been proven that PCI compliance is not enough to prevent all breach attempts. A payments partner looks at ways to protect the data directly, to the extent that if the criminal were to breach your systems, they only access non-sensitive data or completely encrypted data. Ultimately, criminals cannot use this encrypted data to create any fraudulent transactions or do any harm.
And fourth, it’s important to assess the prospective financial impact of a security breach. If all three of the aforementioned areas fail, what would the financial impact to you as an operator?
SECURITY SOLUTIONS IN A DIGITAL ERA
Now operators have access to security products such as point-to-point encryption and tokenization, to reduce or transfer the risk associated with data in merchants’ unique environments.
One solution available is the ability to tokenize a payment card, so that a non-sensitive surrogate value can be used across digital and brick-and-mortar channels instead of the original card number. An example is an omni-token product, which means that a unique token is generated for a specific merchant and specific card number.
There are many different avenues in which companies ultimately enter into gaming including the Internet, tablet/phone based and structured gaming such as lotteries. And there is a certain amount of legacy in the industry, where at one point credit card data was not mainstream. Thus, a lot of legacy systems were not built to protect cardholder data.
Tokens can then be used for any subsequent transaction that would normally require a card number. From a security perspective, the consumer using this product is helping reduce the number of places where that primary account number hits and lives on a system.
That’s the biggest challenge out there—security is not necessarily built into a legacy infrastructure or model. But now is the time to leave the past and focus on security for our present and future advances.