First Data

A recent post on RSA’s blog, Speaking of Security , discusses how merchants are the most at risk and the biggest target for data breaches and how tokenization can help merchants reduce their vulnerabilities and take the burden away from the merchant. I would like to expand on this and address some of the risks for merchants affected by fraud or a data breach.

1. Losses from fraud: Banks and payment processors may reclaim losses they sustain as a result of a merchant’s data breach.
2. Expenses for credit monitoring: Customers whose data is stolen may be entitled to credit monitoring for at least a year.
3. Fines by card brands: Card companies may issue fines for PCI DSS noncompliance and prohibited data storage practices.
4. Remediation costs: Capital expenditures may be necessary to replace or upgrade compromised hardware, software, applications and communications.
5. Brand damage: Public reporting of a breach often is required by law, making it impossible to escape widespread bad publicity and loss of confidence in merchant’s brand.
6. Expense of forensic exam and in-depth PCI audit: A forensic investigation could take months with very high costs.

These are all huge risks to a merchants’ business and the damage takes time to mend and is sometimes irreversible. Therefore, when you add encryption and tokenization into the merchant’s payments environment, you are placing in another layer of security for data as well as taking the cardholder data out of the merchant’s environment. Merchants can use tokenized data in existing applications without modifying them, and both encryption and tokenization can be added with minimal effort and costs.