GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Up with DCC in down economy


Industry Update

One platform, one processor

Processing giants go separate ways

No advance for AdvanceMe appeal

Phoenix rising from MPI ashes

2008 Calendar of events

Association roll call - Part II


Brazilian banks look to Linux for ATMs

Ulric Rindebro

Perfecting the art of portfolio sales

Tourist tracker


The facts on FACTA

Ross Federgreen


Street SmartsSM:
Make low price low priority

Jason Felts
Advanced Merchant Services

Great branding on zero budget

Curt Hensley
CSH Consulting

Shop before you sign

Adam Atlas
Attorney at Law

Thriving in a secure payments world

Scott Henry

Bets are on in evolving payments space

Ken Musante
Humboldt Merchant Services

Allies in accountability

Jeff Fortney
Clearent LLC

Company Profile

International Bancard Corp.

New Products

PCI compliance and beyond

Merchant Warehouse

Fight shrinkage with small footprint

NCR RealScan 74 OFX
NCR Corp. and ADT Security Services Inc.


Prioritize with purpose



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

June 09, 2008  •  Issue 08:06:01

previous next

New Products

PCI compliance and beyond

Product: MerchantWARE

At the 2008 National Restaurant Association tradeshow held in Chicago, May 17 through 20, Boston-based Merchant Warehouse conducted an eye-opening experiment on the tradeshow floor.

Representatives from the decade old ISO, which has 45,000 merchants in its portfolio, took credit cards from show participants and demonstrated how to hack card numbers with a keylogger attached to a Payment Card Industry (PCI) Data Security Standard (DSS) compliant card reader and then clone the cards in a matter of seconds.

The demonstration set out to prove three things:

  1. It is easy to steal cardholder data.
  2. PCI compliant systems are not airtight secure.
  3. A new service from Merchant Warehouse can stop data from being stolen.

The service is called MerchantWARE. It combines:

According to Merchant Warehouse, by encrypting data directly at the card reader, five of the 12 PCI DSS requirements are instantly met, thereby relieving small and mid-sized merchants of a major portion of their compliance headaches.

Henry Helgeson, President and co-Chief Executive Officer at Merchant Warehouse, believes that securing merchants' internal networks borders on the impossible.

"What they're trying to do with things like virus projection and firewalls and strong passwords is lock down the private network," he said. "It's really tough to do that. ... Certainly, you're going to have more success and deter it, but if somebody really wants to get in there, they'll find a way in."

That is why, Helgeson claims, Triple DES (Data Encryption Standard) at the POS is the easiest and most effective solution for merchants. Merchant Warehouse uses MagTek Inc. subsidiary Magensa's MagneSafe Secure Card Readers to do that.

"The MagTek reader on its own is a great product, but the problem is you need a back-end to manage it," Helgeson said. Merchant Warehouse supplies that back-end through MerchantWARE.

Through merchants' POS terminals or online, merchants can access the MerchantWARE gateway to call up individual transactions and "pull down the reports into their system in real time, anytime they want, so there's nothing stored on their database," Helgeson said.

Even PCI compliant businesses are getting hacked, Helgeson noted. "We believe that if [MerchantWARE] had been in place at the Hannaford Bros. stores and Okemo Mountain [Okemo Mountain Resorts in Ludlow, Vt.] and even Dave & Buster's, this would have prevented those breaches," he said.

But Merchant Warehouse is also looking to the future. It has already set up its system to support what it thinks will be the vanguard of card data security - the Magtek's MagnaPrint technology that "scans" the payment card's mag-stripe for its unique signature.

The characteristics of each mag-stripe are as unique as a fingerprint - no two mag-stripes are identical.

"Of course, there is no way to validate the [MagnaPrint] data yet," Helgeson said. "But when it does become available, merchants don't have to go back and redo anything in their software." Merchant Warehouse will just turn on the MagnaPrint feature on its end, giving merchants greater peace of mind when it comes to data security.

Merchant Warehouse

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios