CyberSource Announces Enterprise Payment Security 2.0
New perspective on the best way for merchants to protect payment data
READING, UK – September 29, 2009 – CyberSource Ltd., the UK-based subsidiary of CyberSource Corporation (NASDAQ: CYBS), today outlined its approach to the effective protection of payment data – Enterprise Payment Security 2.0. Where payment security has traditionally focused on “locking down” data via encryption, CyberSource supports the elimination of raw payment data from a merchant’s environment.
The most common way to address the risk of payment data loss today is encryption. According to CyberSource, this is a partial, complex, and costly approach that still leaves merchants with vulnerable data on their systems. Recently publicised data breaches have demonstrated that the lock-down model is inadequate, unmanageable or both. Clearly, payment security still presents challenges for the eCommerce industry.
With the launch of a new whitepaper, “Enterprise Payment Security 2.0: A New Look at Payment Security Management”, CyberSource is offering a different management strategy – the eradication of storage, capture and back-office exposure of payment data. The whitepaper shows how merchants can rid their systems of sensitive payment information, including:
• Eliminate payment data storage. Using payment tokenisation with remote secure storage, merchants can store payment data at a payment security–certified service provider. A secure “payment token” and a masked account number are returned for use by the merchant’s system to reference the transaction in subsequent actions.
• Eliminate payment data capture. Through Hosted Payment Acceptance, merchants’ customer payment information is captured directly by the payment network—it never enters merchants’ systems.
• Eliminate back-office exposure to payment data. This can be accomplished by a number of tactics, including the outsourcing of tasks such as manual order review and chargeback management.
Dr Akif Khan, Head of Client and Technical Services at CyberSource Ltd., says: “Enterprises shouldn’t have to handle payment data, ever. If there’s nothing to steal, the risk of a breach is effectively eliminated. By taking away contact with payment data, merchants will have a security solution that is safer, easier to manage, simpler and less costly to certify. Perhaps most importantly, Enterprise Payment Security 2.0 can help mitigate the threat to merchants’ brands and reputation.”
“Enterprise Payment Security 2.0: A New Look at Payment Security Management” is available for download at: http://www.cybersource.co.uk/resources/enterprise_payment_security2.php.
For more information on CyberSource’s Payment Security Services, please see: http://www.cybersource.co.uk/products_services/payment_security_services/index.html