Still Storing Unencrypted Card Data? Stop Now!

Encryption is the scrambling of data into a secret code that can be read only by software set to decode it.  

Main Content

Still Storing Unencrypted Card Data? Stop Now!

May 31, 2017

Still Storing Unencrypted Card Data? Stop Now!

Encryption is the scrambling of data into a secret code that can be read only by software set to decode it. In credit card terms, encryption is the process of encoding sensitive account information for secure transmission through processing networks or across the Internet. It can help reduce the risk and consequences of data breach.

Here's how it works: At the point of sale, the payment card number is replaced by an encrypted card number — a different string of digits in the same format as the original card number. This Format Preserving Encryption looks and acts like a card number, but it's useless if a hacker gets their hands on it. It protects the data throughout the entire payment process.

One of the stated requirements of the Payment Card Industry Data Security Standard (PCI DSS) is to protect stored cardholder data. Requirement 3 of the PCI DSS outlines basic storage guidelines for merchants. But it also notes that merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves.

In light of these facts, it's surprising that a 2015 study revealed that 61 percent of businesses were still storing unencrypted card information, including the 16-digit Primary Account Number (PAN) that appears on the front of credit cards they handle. And 7 percent of businesses were storing full magnetic stripe data, including PIN, CVV, service code, expiration date and cardholder name in addition to the PAN.

Unfortunately, many merchants are unaware that they’re storing this sensitive data. That’s why working with an experienced processor like TSYS Merchant SolutionsSM is so important. Besides advising you on the processing solutions and products best suited to your needs, we also offer TSYS Guardian EncryptionSM, a powerful first line of defense against thieves who want to steal your valuable data. It safeguards the data from the moment you accept a card at the point of sale to help keep transactions safe.

If a data breach occurs, TSYS Guardian Encryption reduces its impact because encrypted data is of little value to hackers. Since it removes card data from the POS environment, it also may simplify PCI DSS validation for merchants who use it.

TSYS Guardian Encryption is part of the TSYS GuardianSM Security Suite that also includes TSYS Guardian TokenizationSM. Tokenization provides an additional layer of defense to safeguard sensitive card data and reduce the impact of a data breach. Sensitive card information is replaced with random data, or a token, that is unique to each transaction and unusable if intercepted by a hacker.

Building and growing your business took a lot of time and effort on your part. Don't you and your customers deserve the extra layer of protection from cyber attackers that TSYS Guardian Encryption provides? Accept payment cards securely using the highest methods of security available today—including data encryption—with TSYS Merchant Solutions.

Contact Us
About Our
Merchant Services

Get Started Now:

After you have submitted your information, a TSYS representative will contact you within the next 24 hours.
All fields are required to submit form. Your information is private and secure. We do not accept adult businesses