Voltage Comments on Apple Pay
With the new Apple Pay announcement, Apple validates the data-centric security model and shines a spotlight on the need for the payment world to move on from vulnerable static credit card numbers and magnetic stripes to protected versions of data such as tokenized or EMV style authenticated payments.
With this data-centric security strategy, as applied to mobile-originated payment transactions, Apple Pay may help reduce risk of data breaches and credit card theft.- However, payment ecosystems will have mixed traditional card payments and new restricted use payment tokens and a variety of wallets, such as Host Card Emulation varieties (HCE). To avoid any risk from advanced threats, merchants should continue to protect all transaction data unilaterally, given the likely mix of older at risk data, and less risky, but still potentially valuable payment tokens in transaction flows. This is already easily achievable with current data-centric security solutions, such as Voltage SecureData.
The retail world today is still in an early adoption phase with regard to new payment methods and mobile wallets. US based retailers in particular still have to contend with EMV upgrades, legacy mag-stripe data, card-not-present e-commerce capture and a variety of advanced threats. Merchants will also need to update their retail infrastructure to accept Apple Pay, and likely many other wallet schemes. Thus for many years, legacy static credit and debit cards, EMV cards and newer schemes like Apple’s will need to co-exist, and advanced threats across all of them need to be mitigated to avoid continued breaches and customer data exposure.
Fortunately, even with exciting innovation like Apple Pay, mixed payment environments and credit card data can be secured end-to-end, from the point of card/wallet read to the secure payment host, with Voltage’s contemporary encryption solutions and advanced tokenization technology. This enables retailers to accept new and old payment approaches, all protected under a unified data-centric protection framework, to thwart advanced threats and protect customer data while ensuring a seamless, yet secured, customer experience.
Contact us here for more information or to talk to one of our data-centric security experts.