News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Cyber theft still a reality at POS interaction

In most instances, current electronic payment systems are inherently vulnerable to ongoing cybercrime. This means that South African merchants may find themselves exposed to cyber theft if security measures are not improved.
Cyber theft still a reality at POS interaction
© nobeastsofierce - Fotolia.com

"Last year, the widely publicised point-of-sale security breach caused by malware Dexter in South Africa cost the industry millions of Rands. Following this, the Payments Association of South Africa (PASA) mandated that all level one merchants and switching providers be Payment Card Industry (PCI) DSS security compliant by the end of February 2014," says Vaughan Alexander, executive for payments at Innervation.

"The result of the Dexter compromise was that merchants had to spend much time, effort and money to protect the sensitive information they process, store and transmit to avoid future security breaches. However, one of the biggest travesties around PCI compliance is that the local industry has never been in a position to protect its customers' information at the most vulnerable stage, which is at the point-of-sale interaction."

Ahead of the curve

Having achieved full level one PCI compliance, the company is now equipped to lower the risk of breach and data compromise, offering retail customers the highest level of security standards as required by PASA and international regulatory payment bodies such as MasterCard, Visa, American Express, Discover and JCB.

In addition to being PCI compliant, it is bringing to market a point-to-point encryption solution that enables even greater security in client payment processing. This new standard, recently published by the PCI Security Standard Council, transmits transactional information securely between the in-store payment hardware and a secure data centre, making the data useless to cyber criminals. This is currently being piloted by select retailers and banks and will soon be introduced by the company to the broader South African market.

"By using point-to-point encryption devices, one automatically reduces the scope of PCI compliance requirements since it protects not only the card PIN but also all other sensitive card data. PCI will always be relevant when dealing with card payments as there are still processes that need to be in place to secure the storage, transmission and retrieval of card information."

Although the penalties for non-compliance are still unclear at this stage, the larger retailers are driving programmes to ensure they adhere to PCI compliance standards. "As a benchmark, PCI is fairly broad in terms of IT security, which means few retailers are adequately prepared. However, there has definitely been a shift by large retailers when it comes to moving to PCI compliance and laying the required foundations."

South Africa still ahead of the world

Alexander is confident that South Africa is still ahead of the rest of the world when it comes to card security, especially EMV-based chip and PIN transactions, which is good news for consumers, especially when one considers that around 70% of South Africans still perform expensive cash-based transactions. As the cost difference between using cash and card payments declines, electronic transactions become significantly cheaper over time.

"More consumers will start to trust electronic transactions as payment mechanisms become cheaper, more secure and convenient. We predict the industry will evolve to a point where retailers will no longer have to worry too much about PCI compliance because the bulk of the compliance burden will instead be placed on payment service providers and the banks. This will mean that retailers can focus on what they do best, rather than concerning themselves with IT security and transactional compliance standards," he concludes.

Let's do Biz