Visa intends to pave the way for merchant acceptance of EMV credit cards with help from a new data encryption service that launches early next year. According to company spokeswoman Ellen Richey, the payment platform provider intends to offer a point-to-point security solution that scrambles customer data at the terminal, reducing the likelihood of credit card fraud and identity theft.
Today's magnetic stripe credit cards date back to the late 1960s and early 1970s, a time when the prohibitive cost of processing tools was enough to deter criminals from stealing account data. Therefore, magnetic stripe data passes, "in the clear," from a merchant's card reader into their database, and over phone lines or Internet connections.
Visa's proposed solution eliminates those potential vulnerabilities by encrypting card information from the swipe to the database at the acquiring bank. Merchants get a payment "token" instead of actual cardholder account information, reducing the risk of internal theft. Likewise, a tapped analog phone line or a siphoned Internet connection will only give up useless, scrambled data under Visa's methodology.
P2PE secures future EMV credit cards
The point-to-point encryption network helps merchants comply with existing security regulations, while streamlining the process of accepting next-generation Visa credit and debit cards with embedded EMV chips. The "contactless" version of the EMV standard being adopted among most American merchants passes more information to Visa's network, including a security sequence that retailers can use in "offline mode." P2PE security safeguards this data, minimizing the risk that identity thieves can clone an EMV credit card.
Visa expects minimal impact to merchants during the P2PE rollout. In a statement to reporters, Visa officials confirmed that merchants could mix new terminals with existing payment systems by using a "format preserving" version of the platform during the transition period. Many Visa merchants already face a deadline within the next few years to upgrade their customer-facing payment tools to comply with the industry's EMV acceptance roadmap. Officials promised more details about Payment Card Industry compliance and technical specifications before the service's initial launch in early 2013.