What Retailers Should Look for in Their PSPs

By Ralf Gladis

Quantum computers are perceived by the public as sophisticated computers designed to solve complex problems more rapidly than conventional computers. It’s thought that these types of computers can only be found in a handful of IT companies outside of universities. However, variations have been developed in the last year to two years. There are now devices available for use, for example in vehicles, that are considerably cheaper than the research computers we typically think of.

Even if the computing power of these variants is nowhere near as high as the initial quantum computers, the technology will become more widespread — and not just for useful purposes. With this also comes the increased risk of data decryption — e.g., in payment transactions, in turn exposing customer data to fraudsters. And it’s not only about decrypting and stealing customer data. This data could also be manipulated (e.g., directed to another payee, altered to a different amount, etc.) and then encrypted again to send over to the original recipient without any traces of the changes made.

So, what should retailers be looking for in their payment service providers (PSPs) when it comes to addressing the growing risks that the rise of quantum computing presents?

There are current security measures that protect payments from faster computers like quantum computers. This applies particularly to token technology.

Tokenization replaces security-relevant data, such as a customer's card number, with noncritical data that's difficult for hackers to breach or duplicate. For shopping online, retailers can store the substitute values for the sensitive card data so that when a customer logs into their account, the card is instantly usable for payment. This eliminates the need for the customer to reenter the card number and allows for better recognition by using the original image of the physical card. Strong encryption capabilities and a transaction-specific cryptogram, in addition to the visible components, greatly enhance security with the latest tokenization technology rolled out by Visa and Mastercard.

Also, wallets and two-factor authentication bolster security. Smartphone wallets use device recognition and exchange tokens so credit card data doesn’t need to be entered by customers, who are further protected by two-factor authentication which controls who triggers the transaction.

Additionally, terminals at the point of sale that support the P2PE security standard of Visa and Mastercard ensure that the payment data is strongly encrypted with a unique key for each payment.

It’s clear that quantum computing is advancing. However, there are security measures already in place that can help address this in the near term when it comes to retail payments. There may be challenges to come, but retailers should be seeking out PSPs that can tackle the risks today by offering tokenization, support for wallets, and two-factor authentication. In addition, retailers should prioritize terminals that support P2PE as well as work on solutions to adjust the length of their algorithms and prepare for crypto agility in the processing chain ahead of tomorrow.

Ralf Gladis is the CEO of Computop, an omnichannel payment platform.