VeriFone Holdings, Inc. (NYSE: PAY) today introduced VeriShield Protect, a system designed to thwart continuing criminal efforts to gather unencrypted account holder data via breaches of merchant networks, applications and servers that come in contact with consumer credit and debit card information.
VeriShield Protect was developed to prevent compromise of cardholder data even in the event of a breach. VeriShield Protect shields credit and debit account information from the moment a card is swiped until the data is received at a secure decryption appliance located in a merchant's secure data center, at an off-site service provider, or at an acquirer or processor organization.
Criminals have captured cardholder information despite merchant attempts to comply with industry mandates, such as PCI-DSS (Payment Card Industry-Data Security Standard), which require periodic security audits. The retailer environment is often too complex to be completely locked down against all intruders and it is unrealistic to expect merchants to maintain constant vigilance over every access point and every location where data is stored or transported.
"Data compromises continue to demonstrate that a focus on end-to-end protection of customer data — not simply on compliance with the PCI-DSS standard — is critical for merchants and other card-industry stakeholders," said Avivah Litan, vice president and distinguished analyst with Gartner, Inc.
The VeriShield Protect system employs a breakthrough technology called H-TDES™ (Hidden-Triple Data Encryption Standard) to encrypt the personal account number (PAN) and magnetic-stripe track data in a manner that other applications interpret as valid card data. The data is encrypted within the tamper resistant security modules of VeriFone's PCI PED-approved payment systems so that it can safely be transmitted over retailer networks to a centralized secure decryption appliance from Semtek Innovative Solutions Corp., the developer of H-TDES.
"Today's PCI PED payment systems use highly evolved hardware encryption to secure PINS before they enter the merchant's POS system. VeriShield similarly affords encryption protection to cardholder account information to proactively protect consumers and remove the risk of exposure within the retailer's enterprise," said Paul Rasori, VeriFone vice president of Global Product Marketing. "Because VeriShield Protect should require no changes to their applications, merchants can adopt this solution right away and keep their POS applications, networks or enterprise databases free of consumer data that criminals target."
The VeriShield Protect solution also incorporates access to a Cipher Device Metrics Server (CDMS) that provides a real-time status and alert system to monitor compliance of each and every transaction as it occurs.
VeriShield Protect is available immediately on the MX800 Series platform, and will be available on Vx Solutions products beginning later this year. VeriShield Protect is also available as a secure hosted service.