Several payment gateways and merchants already support client-side encryption from within the web browser.
Typically, the user types in their credit card number and it is encrypted in the browser before being passed to the payment gateway for decryption.
Chip Shield can extend the use of client-side encryption to encrypt the payment information inside of the card reader before it reaches the customer’s PC.
In many cases, Chip Shield extended client-side encryption is automatically enabled in merchant sites that already have support for the feature.
How It Works – Extended Client-Side Encryption
The image above gives an overview of the encryption and decryption process for client-side encryption. This requires that the merchant site has already implemented client-side encryption from the web browser and that the public key for the site is available on the page.
Step 1 – The Chip Shield Reader interacts with the card EMV chip to retrieve the customer payment information. This information is encrypted in the Chip Shield reader using the public key from the site and passed to the browser extension.
Step 2 – The encrypted results from the Chip Shield Reader are inserted into the merchant site and the browser based client-side encryption is disabled.
Step 3 – The payment gateway receives the encrypted data in the same format as expected and processes the transaction normally.
This process is transparent to the customer, online merchant and payment gateway and provides enhanced security for the end customer.