GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Reload with prepaid


Industry Update

Cynergy acquired by ComVest

A certified alternative

Dueling Strategies: VeriFone-Chase, Heartland-Hypercom

Optimism prevails at WSAA


Special report on the ETA's 2009 Strategic Leadership Forum

Brandes Elitch
CrossCheck Inc.

Wal-Mart and the unbanked

Patti Murphy
The Takoma Group

Glossary of common payments industry terms

Research Rundown

Selling Prepaid

Prepaid in brief

Prepaid players expand to meet demand

From coins to customers

In-house, SaaS or PaaS that solution?


Sell, rent, lease or give it away - what to do?

Biff Matthews
CardWare International

Use security to retain merchants

Scott Henry


Street SmartsSM:
Why do we think we're different?

Jon Perry and Vanessa Lang

Start with ripples, not waves

Jeff Fortney
Clearent LLC

Legal aspects of high-risk processing

Adam Atlas
Attorney at Law

Digging into PCI - Part 4:
Encrypt transmission of cardholder data across open, public networks

Tim Cranny
Panoptic Security Inc.

Company Profile

Merchant e-Solutions Inc.

New Products

Consolidated purchasing for truckers

Smart Solutions
Comdata Corp.

A gateway into e-commerce

Brick and Click
First Data Corp., Yahoo! Inc.


Twenty tips for lifelong learning



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

November 09, 2009  •  Issue 09:11:01

previous next

Dueling Strategies: VeriFone-Chase, Heartland-Hypercom

The race to secure POS transaction data is heating up as terminal manufacturers, acquirers and Visa Inc. scramble to get the upper hand with new techniques like data encryption.

Heartland Payment Systems Inc. thrust the debate into the limelight earlier this year with its discovery of a massive data breach despite indications that it had been in compliance with the Payment Card Industry (PCI) Data Security Standard (DSS).

The PCI DSS sets a baseline for securing cardholder data.

The discovery set Heartland on a quest for a fail-safe security regimen featuring end-to-end encryption. Heartland's effort, known as the E3 Project, is intended to safeguard cardholder data both at rest and in motion, from the moment a card gets swiped at the merchant's checkout, and throughout the exchange, processing and settlement steps. "We're steadfastly committed to strengthening payments security through the development of end-to-end encryption and industrywide collaboration," Heartland's chairman and Chief Executive Officer, Robert O. Carr, said in September.

Differing opinions

Heartland's efforts hit a snag, when, by its account, the company was unable to find a domestic manufacture that could help it bring to market POS devices that employed E3 technologies. So it turned to a Taiwanese firm, Unelectra International Corp., which developed an E3 terminal that Heartland hopes to roll out in the United States as its new NP3000 POS device.

It was a move that sent both Veri Fone and Heartland to court, with VeriFone claiming the NP3000 infringes on one of its patents, and Heartland accusing VeriFone of restraint of trade by trying to put the kibosh on the NP3000. The dueling lawsuits, however, have done little to stymie either company's efforts to win the race to bring the next generation of data security to the POS.

VeriFone and Chase

On Oct. 27, 2009, VeriFone heralded a partnership with Chase Paymentech Solutions LLC, one of the largest merchant acquirers, to market end-to-end encryption technologies to Paymentech merchants under the product name VeriShield Protect. VeriShield Protect, which VeriFone notes is compliant with encryption best practices introduced by Visa, builds on the security expertise of Semtek Corp., a technology firm that VeriFone has made a major investment in. Semtek developed an encryption solution that VeriFone said will work with existing POS systems with "minimal" disruptions in or modifications to merchant operations.

"Joining forces with Chase Paymentech will ensure that a significant merchant population will have full access to the best proven security solution available today," noted Semtek CEO Patrick Hazel in an Oct. 27 statement. "This is very good news for retailers and for consumers."

Heartland and Hypercom

That news came just days following word from Heartland of a "strategic relationship" with terminal manufacturer Hypercom Corp. Heartland is licensing Hypercom's Smart Payments server software to use on its processing platform (branded as Heartland Connect Gateway) and thereby ensure that Hypercom terminals can support E3 technologies.

Visa's encryption best practices, announced on Oct. 5, 2009, are seen as a way to help boost card data security without abandoning the PCI DSS, which was originally developed by Visa.

"While no single technology will help solve fraud, data field encryption can be an effective security layer to render cardholder data useless to criminals in the event of a merchant data breach," said Eduardo Perez, Visa's Chief of Global Data Security. Perez added that while encryption is a good idea, it's not a replacement for the PCI DSS, "which remains the best protection against a data compromise."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios