Secure Back-Office: Taking Secure Payments in a Back-Office Setting

In today’s business environment, it is as important as ever that businesses take every precaution to protect their customers’ payment data. As fewer transactions are conducted in person and more are being completed over the phone, via mail, or online, businesses must be equipped to take secure payments in a back-office setting, such as a call center, or for Mail Order Telephone Order (MOTO) transactions to ensure a secure and satisfying customer experience.

During these card-not-present transactions, there are special challenges that are not easily met by traditional credit card readers and PIN pads. PCI- compliant handling of such transactions requires the use of a dedicated device that can securely encrypt keyed-in data in real time. Most credit card readers (even those that have a keypad) are not capable of doing this in a PCI-compliant fashion.

For this reason, ID TECH has developed encrypting keypad technology that aligns with one of our key missions: achieving payment security. Read on to learn about how card encryption works and to discover best practices for securing back-office payments.

How Does Encryption Work?

Credit card encryption is a security measure used to greatly reduce the possibility of cardholder information from being compromised. Encryption is accomplished by using an algorithm that converts plain-text card data into a non-readable format called ciphertext. Once the data has been encrypted, it will remain in a nonreadable ciphertext state until the corresponding decryption key is used to decrypt the data back to the readable clear text mode.  Encrypting sensitive data removes the transmission of clear text cardholder data and greatly reduces the possibility of a security breach.

Another important aspect of card encryption is P2PE. PCI uses Point-to-Point Encryption, or P2PE, to ensure that payment card data is secure from the point of card swipe or insertion until the time it reaches the payment processor. P2PE regulations specifically state that payment solutions are required to encrypt card data immediately upon use of the merchant’s payment hardware and cannot be decrypted until the information is received by the payment processor. PCI P2PE solutions are an important aspect to the merchant’s overall effort to ensure that card and transactional data is protected for a safe and positive purchase experience.

How the SREDKey 2 Helps Ensure Secure Back-Office Payments

Now that we have outlined how encryption works and why it’s important, let’s look at ways to ensure secure back-office payments. One of the most important steps in this process is using a payment device that can successfully encrypt card-not-present transactions, while also having capacity to complete in-person transactions if needed.

That’s why ID TECH’s SREDKey 2 is an ideal solution to this challenge. The SREDKey 2 is a PCI-PTS 5.x certified Secure Reading and Exchange of Data (SRED) device that actively encrypts sensitive cardholder data as it is being typed into the keypad. This allows businesses to participate in phone and mail order transactions, and other Card Not Present scenarios. The device has an optional physical MagStripe reader, which can accommodate pickup-in-store, hotel check-in, and other scenarios in which the final purchase involves a physical card. As the latest version in our encrypted keypad product family, the SREDKey 2 supports international languages, remote key injection, and comes in both an MSR and non-MSR option.

To learn more about the SREDKey 2 or to request a demo, visit our product page here.


ID TECH is a leading global payment peripheral provider with expertise in magnetic stripe, EMV contact, EMV contactless, and OEM customization solutions. We have a strong foundation and continued success rooted in card readers and are always expanding our product offering to provide innovative solutions for the ever-evolving payments industries. Payment Security is an integral part of our product offering, and ID TECH as a company prides itself at being at the forefront of payment security in our design, development, manufacturing, and sales processes.

To learn more about ID TECH and our dedication to achieving payment security, please visit our about page.

Related Articles