The Green Sheet Online Edition
November 24, 2008 • Issue 08:11:02
True end-to-end encryption
The stakes for cardholder data security have never been higher. Data breaches continue to occur at an alarming rate, and fraudsters have become increasingly sophisticated in locating and exploiting weaknesses - even in Payment Card Industry Data Security Standard compliant systems. And when breaches happen, the consequences to businesses can be catastrophic.
To keep one step ahead of fraudsters, POS terminal maker Hypercom Corp. has launched HyperSafe Secure in partnership with security software provider MagTek Inc. HyperSafe Secure incorporates MagTek's MagneSafe technology that encrypts cardholder data directly at the POS terminal, so that data is never in the clear for cyber thieves to steal.
According to Gregory Boardman, Vice President of Global Product Marketing at Hypercom, the main advantages to HyperSafe Secure are threefold.
1. Standards-based encryption
HyperSafe Secure uses an open software standard for its encryption algorithm, as opposed to a closed, proprietary standard. So Hypercom's customers do not have to retool their terminals or security networks to incorporate the solution.
2. Swipe and manual entry protected
With HyperSafe Secure, encryption is embedded in both the swiping mechanism and the key entry pad. If merchants must process damaged cards, those transactions are secure when the numbers are entered manually.
Merchants can choose from two versions of HyperSafe Secure: encryption at the POS or point of swipe.
POS encryption is more economical because cardholder data is encoded within the terminal, but not at the maghead. On the other hand, maghead encryption at the point of swipe happens right when the card is run through the reader. It is a more expensive solution because merchants must incorporate new readers into their systems.
First in class
Hypercom recognizes that all merchant networks are not configured the same. Therefore, HyperSafe Secure gives merchants three options for data decryption.
Once cardholder data is encrypted, it must be decrypted at some point in order for transactions to be processed. HyperSafe Secure allows data to be decrypted within retailers' internal networks, at back-end processors, or at MagTek before it is sent on to the processors.
"So we have the option of the customer owning the decryption completely, the processor owning the decryption completely or having a hosted decryption service using MagTek," Boardman said.
Boardman acknowledges that fraud itself is evolving. As the payments industry tightens security measures in one area, fraudsters migrate to other areas more vulnerable to attack. Since POS terminals are increasingly tamper-proof, thieves focus on weaknesses within wireless networks instead.
Therefore, HyperSafe Secure is designed for Level 1, big-box retailers because "fraud has moved into trying to get that crop of data ... off of their systems or while it is in transit," Boardman said.
Boardman advises ISOs and merchants to upgrade now to meet the security requirements in the near future. "End-to-end encryption is not spelled out in the DSS standard today," he said. "But you can bet it will be in the next evolution."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.