GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Redemption in recession


Industry Update

Companion bill targets interchange fees

And in this corner: Discover

MasterCard IPO soaring

FTC disconnects alleged phone card scam

Prepaid Expo coming to Caesars


Neal Tichelkamp

Select-A-Branch grows ATM network

Travis K. Kircher

Industry Leader

Jim Baumgartner –
Born to do business


Honoring early mavericks

Patti Murphy
The Takoma Group


Street SmartsSM:
Add value to enhance your value

Jason Felts
Advanced Merchant Services

POS as a second language

Dale S. Laszig
DSL Direct LLC

Portfolio sold: How much goes to Uncle Sam?

Michael Laird
Certified Public Accountant

Marketing mishaps to avoid

Nancy Drexler
SignaPay Ltd.

Little to fear in buyer's market

Lane Gordon

Company Profile


New Products

FACTA the future

ID Insight Inc.

Protect data with hidden shield

VeriShield Protect


Dump perfectionism, do reality check



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

June 23, 2008  •  Issue 08:06:02

previous next

New Products

Protect data with hidden shield

Product: VeriShield Protect

In the wake of recent, well-publicized data breaches at major retailers, a potential weakness was exposed in the Payment Card Industry (PCI) Data Security Standard (DSS).

The standard may not adequately address data in transit issues at merchants' in-house networks. Regardless, if data is sent out from the POS terminal unencrypted, it could be easy pickings for hackers.

But now that the vulnerability is widely known, businesses can take steps to secure data at merchant locations, so that even if data breaches occur, the data would be useless to fraudsters.

A relatively new solution to the security gap is encrypting data directly at the POS with what is known as Triple DES. DES stands for Data Encryption Standard. Triple DES means when a card is swiped or otherwise employed at the POS terminal, the data is run through the encryption key three times inside the terminal, exponentially increasing the complexity of the encryption and rendering it nearly impossible to crack.

San Jose, Calif.-based POS terminal maker VeriFone employs Semtek Innovative Technologies Corp.'s version of Triple DES - called Hidden Triple DES - in its VeriShield Protect system.

"Hidden" means that after the data is encrypted, VeriShield is able to format the data so that it looks exactly like an unencrypted mag-stripe data string - including the bank identification number and the last four digits of the card - which most systems are designed to read.

By "hiding" the encryption from merchants' systems, the systems - such as cash registers and back office servers - read the information as if it were in its standard, unencrypted form. According to Paul Rasori, Vice President, Global Product Marketing, VeriFone, this means systems need not be reconfigured to understand the Triple DES encrypted data when VeriShield is incorporated.

VeriShield doesn't require merchants and acquirers to make changes to existing software infrastructures. "The systems that touch that data along the way don't have to be changed," Rasori said.

But once the encrypted data leaves the merchant location, it must be decrypted for it to be processed. For that end, VeriFone has partnered with San Diego-based Semtek for Cipher Device Metrics Servers (CDMS).

When the data reaches the centralized CDMS servers, it is decrypted and sent over secure networks for back-end processing.

So, once data is encrypted at the POS, VeriShield has it decrypted for processing as well. "There is really no competition [for VeriFone] in the market that has those two elements in tandem," Rasori said.

VeriFone recognizes that no system will ever be entirely secure. And so Rasori said VeriFone built into VeriShield a real-time status and alert system that flags suspect transactions for the benefit of merchants, ISOs and acquirers.

Currently, VeriShield is only available for VeriFone's MX series of POS terminals. The MX terminals are designed for large retailers with multilane terminals. But Rasori said that, no later than the end of calendar year 2008, VeriShield will be available for its Vx line of POS devices designed for small and mid-sized merchants.


Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios