Tip sheet PCI-compliant payment processing: Tokenless two-factor authentication overcomes the compliance issues

Share Article

SecurEnvoy helps service companies with secure logins

Steve Watts, Sales and Marketing Director, SecurEnvoy plc

Steve Watts, Sales and Marketing Director, SecurEnvoy plc

There is a cheaper, secure alternative: tokenless two-factor authentication such as SecurAccess.

Service companies in particular hold a large amount of customer data that requires a high level of protection. When storing information for processing payments, companies also have to meet special PCI DSS (Payment Card Industry Data Security Standard) compliance requirements. Amongst other things, these requirements stipulate that the company's internal system login cannot be protected with just a password alone. In this situation, tokenless two-factor authentication from SecurEnvoy offers the perfect solution. Employees receive a numerical code via SMS on their mobile phone, which they can then enter in addition to their password.

When processing payments, companies are subject to a number of compliance regulations. For example, the PCI DSS regulations stipulate the need for highly secure access to networks that contain sensitive information about credit card payments. In particular for employees who remotely access such a network, special requirements apply: in accordance with PCI DSS, logging in using only a password is not allowed.

Additional security at login
Companies must respond accordingly and establish additional security for network login. Two-factor authentication is perfect for this scenario. Many companies are unhappy that they may have to purchase expensive smart cards or other tokens for staff authentication. But there is a cheaper, secure alternative: tokenless two-factor authentication such as SecurAccess. With this solution, mobile phones are used instead of the conventional hardware tokens. When a user wants to log into the network, a six-figure numerical code is sent by SMS or e-mail. Soft-token apps for each major mobile platform are also offered at no extra charge. The password is entered together with the user’s personal login information to ensure unambiguous identification. The passcode is valid only once and expires immediately after it has been entered. For the next network login, SecurAccess sends the user a new number combination.

"SecurAccess uses mobile phones as tokens for a number of good reasons," explains Steve Watts, Sales and Marketing Director at SecurEnvoy. "Firstly, nearly everyone has a mobile phone or a smartphone and, secondly, everyone always has their phone with them. Hardware tokens often get lost or employees accidentally leave them at home. Not only does this incur replacement costs, it also hinders work progress because for a certain amount of time, employees cannot be authenticated and therefore cannot access the network. Hence, for service companies, passcode transmission via SMS is the cheapest and most efficient way to ensure PCI DSS compliance."

There is a video on the SecurEnvoy YouTube channel demonstrating how Welsh transport company Arriva uses SecurAccess for PCI-compliant payment processing.

About SecurEnvoy plc:
SecurEnvoy is the creator of patented tokenless solutions for two-factor authentication. Millions of global users already benefit from the fastest mobile authentication process available that doesn’t require a token. The process uses commonly available devices like mobile and smartphones, tablets and laptops to provide the passcode required for authentication. Even without mobile phone reception or an internet connection, the user can retrieve the code via voice call or enable identification using one-swipe technology, which is based on a QR code scan. The product range of the company based in London (UK), Frankfurt (D), New York and San Diego (USA) includes the SecurAccess solution. The administration tools can easily be integrated into existing IT infrastructures and allow administrators to add up to 100,000 users per hour. SC Magazine awarded the solution ‘Best Buy’ and the company was classed as a leading visionary in Gartner’s Magic Quadrant. SecurEnvoy has a customer base in all vertical segments, including banking, finance, insurance, government, manufacturing, marketing, retail, telecoms, charity, law and construction. The authentication expert collaborates with partners such as AEP, Astaro, Cisco, Checkpoint, Citrix, Juniper, F5, Palo Alto, Sophos, etc. See http://www.SecurEnvoy.com for further information.

Further information:
SecurEnvoy Ltd.
Steve Watts
Sales Director
E-mail: swatts(at)securenvoy(dot)com
Internet: http://www.securenvoy.com

Global HQ:
SecurEnvoy Global HQ
Merlin House
Brunel Road

USA branch I:
373 Park Ave South
New York,
NY 10016

USA branch II:
Mission Valley Business Center
8880 Rio San Diego Drive
8th Floor San Diego CA 92108    

PR agency:
Sprengel & Partner GmbH
Nisterstrasse 3
56472 Nisterau, Germany

Contact partners:
Olaf Heckmann
Marius Schenkelberg
Tel.: +49 (0)26 61-91 26 0-0
Fax: +49 (0)26 61-91 26 0-29
E-mail: oh(at)sprengel-pr(dot)com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Steve Watts
Follow >
Visit website