GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Hard times expose vulnerable residuals


Industry Update

7-Eleven takes interchange issue to D.C.

Canadian debit shake-up

Two companies, two new security departments

Cyber thieves stealing from students


How to leverage available technologies to manage risk and prevent fraud in RDC

Ed McLaughlin

Research rundown

Selling Prepaid

Prepaid in brief

Vigilance is watchword in fraud prevention

Empowering the cash-compensated

Is PayPal a threat to prepaid?


Portfolio conversions done right

Biff Matthews
CardWare International

The MLS and the ISO:
Cause for concern?

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:

Jon Perry and Vanessa Lang

Reserve accounts and processor meltdowns

Adam Atlas
Attorney at Law

Digging into PCI - Part 3:
Protecting stored cardholder data

Tim Cranny
Panoptic Security Inc.

A practiced approach

Jeff Fortney
Clearent LLC

Revving up business with profit-controlled marketing

Daniel Wadleigh
Marketing Consultant

Company Profile


New Products

Gateway as a service


First Data's new dynamic duo

First Data Secure Transaction Management
First Data Corp.


Little actions add up



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

October 12, 2009  •  Issue 09:10:01

previous next

New Products

First Data's new dynamic duo

Product: First Data Secure Transaction Management

As ISOs examine their expense accounts and plan for the coming year, they may want to consider a First Data Corp. value-add that comes on the market in the first quarter of 2010. Called First Data Secure Transaction Management, the solution combines end-to-end encryption with tokenization to secure cardholder data at the POS and then remove it from the merchant environment, but still give merchants safe access to it when necessary.

As described by Craig Tieken, Vice President of Product at First Data, payment card data is encrypted at the point of capture. The 16-digit card number is then tokenized - given a different 16-digit number with the last four digits the same as the original - that is stored at the merchant site. "The token is stored in lieu of the card number so that there's nothing to steal," Tieken said.

Merchants can store the token however they want, without fear that a data breach will expose actual numbers to fraudster, according to First Data. "It's nothing that can be used to initiate a financial transaction at a point of sale," Tieken said. "They can just send it in the clear. They can store it in the clear. They're not worried about if someone hacks in and thinks they've got a bunch of valuable numbers."

Compliance buster

In a white paper entitled Data Encryption and Tokenization: An Innovative One-Two Punch to Increase Data Security and Reduce the Challenges of PCI DSS Compliance, Tieken wrote that data encryption alone may be sufficient for merchants who do not store cardholder data on site or in off-site servers. But for merchants who do, Tieken advises them that stolen data, even if encrypted, can be decrypted if fraudsters have the key. The extra layer of security afforded by tokenization is therefore the way to go, he said.

Just as the new service further secures data, it also promises to significantly reduce merchants' Payment Card Industry (PCI) Data Security Standard (DSS) compliance costs. Tieken's white paper cites a Mercator Advisory Group report that said an outsourced tokenization solution saved one large merchant $2 million annually in compliance costs. Of the 12 requirements of the PCI DSS, Tieken said First Data's encryption-tokenization technology, which is powered by the RSA SafeProxy architecture, touches at least seven.

First Data Corp.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios