The Green Sheet Online Edition
May 12, 2008 • Issue 08:05:01
Security stamped on hardware, software
First came the data breach at TJX Companies Inc. Then came the one at Hannaford Bros. Co. Which ISO's and merchant level salesperson's (MLS's) retailer will be next?
To help ensure that your merchant doesn't become that next big headline (and your merchant acquirer the next organization to be slapped with a big fine by the card brands), end-to-end wireless solutions provider Apriva now offers the Apriva Certified Secure Program.
The service demonstrates to merchants and acquirers/processors that the POS applications being used have undergone rigorous, nuts-and-bolts reviews. It also ensures merchants' entire wireless payment systems have robust, state-of-the-art security.
All hardware and software configurations are scrutinized to meet the specifications of both MasterCard Worldwide's POS Terminal Security (PTS) and the payment card industry's Payment Application (PA) Data Security Standard (DSS).
Additionally, Apriva enhances system security by adding access controls for merchant boarding and customer support.
"Apriva is the connectivity between the merchant's terminal and the processor," a company spokesperson said. "[Apriva secures] that connection by adding additional layers of security, for boarding, for support, the secure network connectivity, to making sure it's running on a private network with Apriva's patented technology."
To reduce the possibility of data theft, Apriva uses "a managed, private, wireless network that shields terminals from access by hackers by eliminating the Internet from the communication path," the spokesperson said.
The online terminal component of Apriva's program is designed for face-to-face merchants and MO/TO (card not present) merchants who use computer and Internet-based processing.
Apriva's program benefits all the links in the value chain: merchant acquirers, terminal manufacturers and merchants.
- Acquirers can tell their customers that their products exceed PTS and PA DSS requirements and can offer merchants secure gateway solutions.
- Manufacturers can tell their customers their products are secure and bear Apriva's stamp of approval.
- Merchants know that they have made the right choice in Apriva-certified products and services.
Apriva authenticates all devices and users by employing two-way authentication between the POS terminal and the host server. That authentication is provided using the RSA algorithm and 1,024-bit keys.
The Scottsdale, Ariz.-based company promises that every end-to-end security solution it certifies will exceed the highest payments industry standards.
When a POS terminal manufacturer such as VeriFone, Hypercom Corp. or Ingenico Inc. rolls out a new terminal, it is Apriva that certifies it and develops secure applications to run on it.
In the end, it is often the Apriva silver stickers that confirm the security and compliancy of retailers' POS devices.
But Apriva does not only certify products that meet the mandatory "data-at-rest" requirements. MasterCard recently released new standards that specifically target wireless and IP (Internet Protocol)-enabled POS equipment. Apriva already meets or exceeds these "data-in-motion" requirements.
Since 1999, Apriva has partnered with ISOs who sell Apriva-certified devices and services to merchants.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.