Secure Online Payment Processing: Encryption for Security
Did you ever wonder exactly how information is kept secure in the world of online card processing? Something is going on behind the scenes that we can’t see. It’s called encryption.
Customers that purchase goods or services over the Internet will typically check out through a shopping cart and secure payment gateway. If you’ve ever purchased anything online and checked out through a secure payment gateway, you may or may not have noticed the transfer from an unsecure to secure site.
Upon checkout, the communications protocol will go from ‘HTTP’ (hyper text transfer protocol) to ‘HTTPS’ (hyper text transfer protocol secure). HTTPS ensures a secure, bi-direction connection between the user and the site to prevent others from eavesdropping style attacks.
As a rule enforced by the credit card associations, merchants are required to safeguard all customer information. In the merchant account services industry, processing providers use what is known as E2EE or end-to-end encryption to secure the transaction from the point that information is collected from the customer to the authorization by the customer’s card issuing bank.
The next step in securing the transaction is what is known as tokenization. Tokenization technology was introduced in 2005 with the intention of preventing thieves from stealing credit card information that happens to be stored in a database. This technology makes it impossible to decrypt without a decryption key, as individual credit card numbers become random values.
Credit card processing providers are required by the PCI DSS (Payment Card Industry Security Standards) to encrypt any credit card information that is stored by them.
If a merchant account provider uses both encryption and tokenization, a merchant can rest assured that their data as well as customers’ information will remain secure.