Emerging Technologies

Order Form

    This individual Report Merchant Security, Tokenization and the Fairy Tale of Outsourcing PCI is available for purchase. This Report is available to members of Mercator Advisory Group’s Emerging Technologies Advisory Service. Please be advised that this Report is normally part of a research and advisory service that provides ongoing support throughout the year. As such, this Report contains significant depth of content that is selected for its strategic importance to our members. (For a description of these services, see our Advisory Services section).

    While the Report represents significant analyst time invested, there is no means of our ascertaining if it will fully meet your specific intended purposes. Typically, these Reports form the basis for future discussions with our clients where we are able to fine-tune additional information that we have gathered in the construction of the series of Reports (or locate new information rapidly due to our exclusive focus on gathering information in the payments industry) for specific member needs.

    Unfortunately, in fairness to our paying members, we are not able to offer this level of support for a single Report purchase. We will, however, credit any Research Document purchase against the future purchase price of the service should you become a member within 30 days of purchasing the document.

    The price for individual Report purchases is $2450 per document. 

     

    Use the form below to request this individual Report purchase or

    Click here for a fax-back order form

     

     

     

Merchant Security, Tokenization and the Fairy Tale of Outsourcing PCI


NEW RESEARCH BY MERCATOR ADVISORY GROUP IDENTIFES CHALLENGES OF NEW PCI COMPLIANCE MITIGATION STRATEGY

Merchant Security, Tokenization and the
Fairy Tale of Outsourcing PCI

Given the high cost of compliance and the operational risk of non-compliance, merchants are between the proverbial rock and hard place. Merchants are looking at how to mitigate both the cost of compliance and their risk profile. With Data breaches, fraud and the scope of PCI Compliance expanding, tokenization of card numbers has emerged as a trade-off rich approach for merchants.

A new report from Mercator Advisory Group's Emerging Technologies Practice, Merchant Security, Tokenization and the Fairy Tale of Outsourcing PCI looks at merchant strategies to meet and lower their PCI compliance burden and examines tokenization in great detail.

Based on the findings of this research report, it's Mercator Advisory Group's position that merchants can improve their risk profile and lower PCI compliance costs through third party storage of card data. That said, choosing the tokenization vendor to provide that service requires careful selection and evaluation of the trade-offs involved.

"Going down the tokenization path requires an eyes-wide-open process to balance PCI compliance cost avoidance against business continuity risk," comments George Peabody, Director of Mercator Advisory Group's Emerging Technologies Advisory Service and author of the report. "Not only are there risks with reliance on third party operations, the decision should be made considering the enterprise's information security strategy and with the expectation that end-to-end encryption of card data may well become a PCI requirement in the future."

For merchants anxious to change their PCI compliance profile, Peabody states that the growing number of tokenization vendors and the range of delivery models that include card processing give merchants plenty of choices. Tokenization does require, however, varying levels of integration by the merchant running from the simple to months of recoding line of business applications.

Report Highlights Include:

  • As hackers continue to breach the payment network, the average cost per data breach now exceeds $6.65 million.
  • As new attack vectors are identified, the cost of PCI compliance rises in parallel, into the millions per year for large merchants.
  • Tokenization and the outsourcing of card number storage is a leading technique to limit the scope of a merchant's PCI audit and to outsource liability in the event of a data breach, an appealing combination to cost conscious merchants.
  • Tokenization is available through multiple delivery models and a growing variety of vendors, from licensed software to outsourced providers including card processors.
  • End-to-end encryption may well be the end game recommendation of PCI and, if data breaches continue to plague the payments industry and occupy headlines, that recommendation may become a mandate within two years.


One of the 6 Exhibits included in this report:

Third Party Care and Control of Data Contributes Disproportionately to Record Losses


Companies Mentioned in This Report:
Shift4, Braintree Payment Solutions, Merchant Link, Electronic Payment Exchange (EPX), Paymetric, nuBridges, Elavon, Southern Data Comm, Heartland Payment Systems, RBS Worldpay, VeriFone, Semtek, Magtek, Magensa, Hypercom, Ingenico, Hannaford, TJX, Verizon, Oracle and Microsoft

This report contains 28 pages, 6 exhibits and 4 tables.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at
http://www.mercatoradvisorygroup.com/.

For more information and media inquiries, please call Mercator Advisory Group's main line: 781-419-1700 or send email to info@mercatoradvisorygroup.com.


Mercator Advisory Group is the leading, independent research and advisory services firm exclusively focused on the payments industry. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, and associations to leading technology providers.