The primary strength of EMV is its ability to perform authentication of the cardholder, which happens to function as principal point of fraud vulnerability in a end-to-end encryption tokenization remedy. At the issuer, issuer authentication and cardholder verification start at the point of sale, through card personalization, even before the consumer presents the card into a retailer point of sale. This enlarges the scope of end to end security to comprise the card itself. The security abilities of an encryption tokenization alternative are applicable to merchants regardless of a potential future EMV adoption and are complementary to those. The requirement for added protection is echoed by the PCI Security Standards Council, which states: “native EMV transaction data demands protection beyond what exactly is naturally provided by tokenization EMV itself.”
Having an incorporated encryption tokenization solution, a software-based implementation of encryption can be installed on the majority of PCI compliant terminals or point-of-sale systems to shield card data in transit. For retailers concerned with making a capital investment that might be rendered obsolete if EMV becomes required in the US, applications based encryption offers the ability to protect one of the weakest points in their environment now without anxiety of the changes tomorrow might bring. If EMV does become normal in the US, retailers will be able to continue to use the encryption on the EMV compatible terminals that they set up, and tokenized data at rest will continue to secure data warehouses and storage devices.
The value of tokenizing payment info at rest in the issuer, acquirer, network and retailer surroundings cannot be overstated, and is relevant regardless of the existence of EMV based security controls. A card based tokenization solution offers the ability to purge their entire environment of payment card information while supporting existing business processes recurring billing, including returns, and customer analytics to retailers. The retailer loses nothing except the risk related to keeping the card information that had formerly powered those processes.