Sensitive Data Protection in the Retail Card Payments Ecosystem

Securing sensitive data in a cost effective manner is often one of the biggest challenges in processing payment transactions. Get it wrong and the consequences can be catastrophic in terms of financial loss and business reputation. Year after year the threat landscape is widening as fraudsters conceive of more sophisticated methods to compromise payment credentials for monetary gain. The payment industry invests heavily in onward development of an infrastructure which is often referred to as the ‘payment rails’ and operated by the various global and regional payment brands including American Express, Mastercard and Visa. Hardware-based security (underpinned by rigorous solution certification schemes) is prevalent at multiple nodes in the infrastructure to protect the numerous cryptographic keys that enable participants to transact securely. Compliance with the formal security standards (developed and managed by organizations including EMVCo and PCI SSC) is a pre-requisite.