13 December 2017
visit http://response.ncr.com

Visa preps encryption service

21 August 2012  |  8692 views  |  5 safelock

Visa is preparing to launch an encryption service designed to help merchants, acquirers and processors protect cardholder data.

The card giant says it will launch its Visa Merchant Data Secure with Point-to-Point Encryption service early next year. The technology encrypts sensitive cardholder information within the merchants' and acquirers' systems. The data can only be accessed, or unscrambled, with decryption keys held securely by the acquirer, gateway or Visa.

Visa says it is already working with acquirers, processors and technology vendors to provide specifications for integrating its offering into payment terminals as well as into all critical systems across the processing industry.

The firm argues that its new service is "complementary" to EMV chip technology, providing an added layer of protection against the threat of data breaches, especially as the industry works to reach critical mass in the adoption of chip cards and terminals.

Darren Parslow, global head, processing, Visa, says: "With Visa's global processing reach and capabilities, we are able to provide an encryption solution that meets the needs of merchants and acquirers who want ease of implementation, flexibility, and effective protection. Working in concert, multiple layers of security including point-to-point encryption can help take merchants out of harm's way while mitigating fraud throughout the payment system."

Comments: (5)

A Finextra member
A Finextra member | 21 August, 2012, 14:01

So ...

if this is "complementary" to EMV, it follows that it must be providing more security than EMV does by itself, and in doing so it is protecting against potential EMV data breach risks.  

What exactly are the EMV data breach risks that end-to-end encryption will mitigate?  Are we being led up the PCI-DSS garden path by the nose once again?  Or am I just being stupid?

1 thumb up! 1 thumb up! (Log in to thumb up)
Nick Collin
Nick Collin - Collin Consulting Ltd - London | 21 August, 2012, 17:45

No, you're not being stupid David, but maybe Visa is :-).

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 21 August, 2012, 18:02

Sounds like Visa is not trusting that their merchants are being PCI-DSS compliant, as one of the requirements is encryption.  So, they are helping out by launching the service.  Encryption is needed and useful. Some retailers at the POS do not encrypt the transaction and they move the data from POS to register to a main computer with wireless technology, then they encrypt it, or not. Many smaller merchants are not usually sophisticated or knowledgeable or have the staff to do this themselves. So, this is a good thing for Visa to offer.  Of course, there is more to compliance that encryption, and while nothing will save us from stupidity or mistakes, this is a step in the right direction.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 28 August, 2012, 16:17

The extra security being provided is to protect the PAN while it is in transit and defend against threats like skimming. It is a common misconception that EMV will protect the PAN - it does not. The PAN continues to be transmitted in the clear. For a couple of years Visa has been pushing EMV as if it were a silver bullet, but while it will greatly help with lost or stolen and counterfeit card fraud, the risk of stored data breaches will remain. This is a significant admission from Visa that other threats must be considered and defended against with a layered security approach. The next logical step is to mandate both encryption and tokenization, because encryption provides excellent protection of the cardholder data in transit but tokenization is a superior solution for protecting cardholder data at rest or data in use. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 29 August, 2012, 11:01

Looks like the guys at First Data smell a sales opportunity - sell the buggers some encryption and whilst we're at it, bundle in some tokenisation.  Just tell 'em the PAN is at risk, talk about skimming in the sales blurb and there you go, no one will know any better and we'll be quids in!

They certainly don't seem to have grasped EMV.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Walmart opposes $7.25bn interchange settlement

Walmart opposes $7.25bn interchange settlement

24 July 2012  |  7909 views  |  0 comments
Visa Europe preps V.me digital wallet for autumn launch

Visa Europe preps V.me digital wallet for autumn launch

30 April 2012  |  11179 views  |  0 comments
Global Payments hit by 'massive' breach

Global Payments hit by 'massive' breach

30 March 2012  |  12256 views  |  0 comments
Discover joins US EMV bandwagon

Discover joins US EMV bandwagon

15 March 2012  |  8656 views  |  0 comments
Visa: US EMV move doesn't mean chip and PIN

Visa: US EMV move doesn't mean chip and PIN

17 January 2012  |  16893 views  |  7 comments | 1 tweets
PCI security standards in the dock

PCI security standards in the dock

12 January 2012  |  11774 views  |  7 comments

Related company news


Related blogs

Create a blog about this story (membership required)
visit www.response.ncr.comvisit www.aciworldwide.comvisit www.solutions.lexisnexis.com

Top topics

Most viewed Most shared
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
12128 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
9311 views comments | 16 tweets | 22 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
7905 views comments | 17 tweets | 35 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
7329 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
7163 views comments | 20 tweets | 11 linkedin

Featured job

Competitive base + commission + benefits
New York City, NY - USA

Find your next job