GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

New payment player flexes muscle


Industry Update

Interchange dodges a bullet

Two more terminal types under PCI SSC umbrella

Small-business confidence rising

Contactless faring well

Terrorism funded with stolen data

Flying for wishes, Isaacman sets record

Visa Inc. interchange rates as of April 2009


Data security dominates ETA Expo

Selling Prepaid

Prepaid in brief

The Fair Gift Card Act of 2009:
Good intentions, disastrous results

Brad Fauss
Springbok Services Inc.

The ISO challenge: Selling prepaid

Drilling down on the prepaid-unbanked relationship


Protect merchants with the basics

Biff Matthews
CardWare International

The drive toward integrated solutions

Robbie Lopez

Extending security beyond assessments

Michael Petitti


Street SmartsSM:
What does your billboard say?

Jon Perry and Vanessa Lang

What it takes to thrive in business

Curt Hensley
CSH Consulting

PCI: Taking the proper path

Tim Cranny
Panoptic Security Inc.

Facing the elephants

Jeff Fortney
Clearent LLC

Company Profile

Merchant Cash and Capital

New Products

Private pathway for POS data

Company: Apriva

Boundless processing


Revenue streams through referrals

AdvanceMe Inc.


Capitalizing on distractions


2009 Calendar of events



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

May 11, 2009  •  Issue 09:05:01

previous next

New Products

Private pathway for POS data

Product: AprivaNet

For POS traffic traveling across the Internet, a new security tool called AprivaNet from information technology (IT) security company Apriva provides what is akin to the cyber version of an underground tunnel: a special router, separate and hidden from public Internet channels, through which POS information can pass invisibly.

"What's unique about this particular product is it supports a separate payment network, a secure or dedicated payment network," said Bill Clark, General Manager for Apriva Secure Payments Division.

"So we actually separate point-of-sale traffic from all other traffic and by doing so have some unique capabilities to keep transactions from going where they shouldn't go."

For merchants with either wireless or Ethernet-connected POS terminals, customer transaction data usually flows through the same router as other outgoing data to an open-ended network. AprivaNet, on the other hand, captures that data and sends it separately, effectively concealing it from hackers trolling the Internet's main pathways and disguising its origin.

"What's interesting is you end up, in many cases, encrypting the data twice because you're putting it on a private network which encrypts it, but what you're also hiding are those endpoints," Clark said.

"On a private network, those endpoints are invisible to people who might be in the middle ... it kind of makes the users of those private networks disappear. So, yes, there's a stream of encrypted traffic, but you don't know where they're going, where it came from, or what might be in that data stream. And, in a way, it's like making sure your point-of-sale traffic is a needle in a haystack - it makes it harder to go after."

Encryption alone not enough

Clark added that although POS data is typically encrypted, it often remains vulnerable to hacking because of its presence on public networks. The encryption alone will protect it in many cases, but fending off more sophisticated hackers requires multifaceted solutions, he noted.

"What you have is all of these fringe elements trying to penetrate, trying to access, trying to put viruses in," he said. "Those are all security issues that really don't have anything to do with the fact that the transaction has been encrypted."

"Today, IT-connected, Internet-connected merchants are really the target for PCI, because they have a device that's connected on public networks," he said. "It makes them vulnerable to hacking, and it makes them vulnerable to viruses that can be implanted on their systems - and that can then send data out of the Internet ... TJ Maxx was a perfect example." (Retailer TJX Companies Inc. revealed a massive data breach in 2007.)

A complete package

While routing merchant data through a private network is AprivaNet's primary function, that service is part of a larger security package that helps to ensure compliance with the Payment Card Industry (PCI) Data Security Standard.

Clark said that package includes a 24-hour monitoring device that informs a merchant whenever "configuration problems" occur within the network, such as connection problems or device tampering; a self-assessment security questionnaire; PCI-required penetration scanning; and a guarantee that Apriva will "cover the expense of any remediation cost" up to $50,000 for PCI violations associated with using the device.

"This is a form of encryption that is not just the private POS network," Clark said. "We're also bundling in the TrustKeeper tools [Trustwave's on-demand compliance management technology] to help you document you're compliant; you have the self-assessment questionnaire, the scanning that's required, the guarantee ... all those are additional risks that we're addressing."

Clark said the service will hit the market by May 15, 2009.


Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios