End-to-end encryption (E2EE) vendors should be
wary of over-promoting their products as
solutions for retailers to overcome data security
compliance, according to a report.
In the report, End-to-End Encryption
in Card Payments: An Introduction, Aite Group states that
E2EE appeals to merchants by helping remove them from the scope of
PCI DSS (Payments Card Industry Data Security Standards).
Go deeper with GlobalData
“While a focus on PCI scope reduction may be a
fine way for E2EE vendors to gain merchant attention, it loses
sight of the fundamental aspect of solutions – protecting consumer
cardholder data,” said Nick Holland, senior analyst with Aite
Group. “Vendors should be careful not to over-focus on this
aspect of E2EE promotion; ultimately, the definition of what takes
PCI out of scope is in the hands of the PCI Standards Council, and
not in the hands of vendors.”
The providers of E2EE are generally
point-of-sale hardware vendors, payments processors, or security
vendors that partner with E2EE experts to offer solutions.
The report also claims that E2EE is the most
appropriate technological route to address current card fraud
threats in the US. Aite Group believes that while E2EE does not
prevent the use of counterfeit or lost and stolen cards, it
prevents criminals from accessing the raw materials for card crime
such as the card data itself.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData
