Vaughan Alexander, Innervation Value Added Services Executive for payments, says that end-point encryption is a new standard issued internationally by the PCI council.
"This will change with end-point security, with the entire process being encrypted from when the card is used, right through to the transaction being delivered to the payment switching provider or bank," he says.
The increased security of the transaction will also result in PCI compliance requirements being reduced to some degree, making it less onerous for retailers to be compliant.
The standard is currently being rolled out locally by banks and switching providers, with point of sale hardware manufacturers expected to issue new software shortly, which will comply with the standard.
Furthermore, regulations issued by the Payments Association of South Africa (PASA) for the tokenisation of the credit card numbers have also increased security around cardholder information.
"Instead of credit card information being printed on a slip, the transaction is tracked by a token, keeping the card holder's information safe at all times."
According to Alexander, these changes are expected to reduce the cost of PCI compliance to retailers in South Africa. The focus for protecting the information will now move to the switching provider and or bank where the information is decrypted.
"Previously PCI compliance was simply a cost of doing business, but provided no inherent business value. However, end-point encryption will not only reduce the cost of PCI compliance but will provide increased value through the encryption of the cardholder data, thereby reducing risk and compliance costs to the retailer," he concludes.
