More NewsNew Report: End-to-End Encryption in Card Payments

New Report: End-to-End Encryption in Card Payments

A new report from Aite Group provides insight into where end-to-end encryption (E2EE) is going based on the perspectives of key decision-makers at core vendors of such solutions. Among other things, the report considers the revenue models being adopted by E2EE vendors and speculates on the long-term prospects for E2EE adoption, standardisation of tokenisation, and the likelihood of a shift to EMV chip card infrastructure in the US.

Aite Group concludes that the most appropriate technological route to address current card fraud threats in the US is E2EE, particularly given the entrenched nature of magnetic card infrastructure in the US. While E2EE does not prevent the use of counterfeit or lost and stolen cards, it prevents criminals from accessing the raw materials for card crime: the card data itself. It also appeals to merchants, helping remove them from the scope of Payments Card Industry Data Security Standards (PCI DSS). In fact, vendors perceive merchants to be as likely to purchase E2EE solutions to offload PCI DSS requirements as they are to secure card data.

“Merchant choices will be highly subjective based on transaction fees, hardware requirements, and, not insignificantly, the degree to which an offering removes the merchant from PCI scope,” said Nick Holland, senior analyst with Aite Group and author of the report. “While a focus on PCI scope reduction may be a fine way for E2EE vendors to gain merchant attention, it loses sight of the fundamental aspect of solutions – protecting consumer cardholder data. Vendors should be careful not to over-focus on this aspect of E2EE promotion; ultimately, the definition of what takes PCI out of scope is in the hands of the PCI Standards Council, and not in the hands of vendors.”

The providers of E2EE are generally point-of-sale (POS) hardware vendors, payments processors, or security vendors that partner with E2EE experts to offer solutions. Among the providers mentioned in the report are Element, First Data Corporation, Heartland, Hypercom, Ingenico, MagTek, RSA, Semtek, VeriFone, and Voltage Security.

Related Articles

Preparing for GDPR? Here’s four things to consider

More News Preparing for GDPR? Here’s four things to consider

2m Elliott Wiseman
Cash flow in focus for investors

Cash Management Cash flow in focus for investors

3m Conor Deegan
Treasury TV: Karen Pugsley, Domino's Pizza Group

More News Treasury TV: Karen Pugsley, Domino's Pizza Group

3m Victoria Beckett
Treasury TV: Yeng Butler compares US and European MMF reforms

Compliance Treasury TV: Yeng Butler compares US and European MMF reforms

3m Victoria Beckett
Treasury TV: Tim de Knegt, The Port of Rotterdam

10 Minutes With The Treasury Treasury TV: Tim de Knegt, The Port of Rotterdam

4m Victoria Beckett
Banks are selling clients short with short dated cash deposit U-turns

Banking Banks are selling clients short with short dated cash deposit U-turns

4m Victoria Beckett
What does sterling’s Brexit boost mean for UK manufacturers?

More News What does sterling’s Brexit boost mean for UK manufacturers?

4m Tasja Botha
FX for corporates: 5 best practices for treasurers

Economy FX for corporates: 5 best practices for treasurers

4m Mateo Graziosi