VeriFone Holdings (NYSE: PAY), today announced it has extended its VeriShield Protect solution to provide end-to-end encryption capabilities across multiple product lines, including Vx Solutions, PAYware Transact, and as a managed service.
VeriFone also announced a new secure magstripe reader that connects to electronic cash registers (ECRs) and PCs.
Initially introduced for retail chains utilizing the MX800 Series line of multilane customer-facing systems, VeriShield Protect can now be deployed to virtually any environment, from small merchant countertops to mobile use. Also, to enable quick and effective deployment, backend decryption and device security monitoring is now available as a managed service from VeriFone.
VeriShield Protect is an advanced end-to-end encryption solution that eliminates usable cardholder data from POS applications, networks and servers, using AES-level encryption that preserves existing card track data formats so it works transparently with retailers' and acquirers' existing payment infrastructure.
"VeriFone was first to introduce true hardware-fortified end-to-end encryption of cardholder information and is now first to provide it across multiple product lines, serving virtually all merchant segments," said Paul Rasori, VeriFone senior vice president, marketing. "Our exclusive format-preserving encryption makes it possible for retailers and acquirers of all sizes to deploy the highest possible security in a seamless manner."
VeriShield Protect now enables acquirers and ISOs to readily monitor and verify compliance within their base of Level 4 retailers, which have been the target of 80 percent of identified card data compromises in recent years. In addition to encrypting card data, VeriShield Protect monitors all systems in real time at the device level via VeriShield Secure Device Management Service (VSDMS), so if a breach occurred the retailer or acquirer would be immediately alerted. In addition, data encryption keys can be managed remotely as part of the device management service.
With end-to-end encryption, retailers are more easily able to ensure their systems do not store usable cardholder data, therefore protecting the inntegrity of card data even in the event of a breach. Because the format of the card data is preserved following encryption there is no need to decrypt the data as it flows through a retailer's systems, or to redesign the POS applications to deal with a new data format. Should someone breach the retailer's system, any stolen data would be unusable.
VeriShield Protect can now be made available across a multitude of vertical markets and retailer environments that utilize the Vx Solutions line. In addition, with VeriFone's managed service, resellers and retailers can bring VeriShield Protect to market quickly via an easy-to-use payment gateway that is certified by the major processing networks. Supporting dial, IP and wireless transactions, the payment gateway provides resellers and merchants with added benefits of transaction consolidation, reporting and monitoring.
The new secure magstripe reader provides yet another option for retailers, integrating VeriShield Protect in a slim form factor that can be connected to PC or ECR POS environments via USB port. Using the new reader, retailers can ensure immediate card encryption as the card is swiped, eliminating the potential for PCs and ECRs to store any usable data.
VeriShield Protect will also be available by midsummer on PAYware Transact, VeriFone's customizable and highly scalable and customer-hosted payment solution that supports high-volume, enterprise level transaction processing for merchants and card not present businesses of any size.
"Recently publicized incidents have demonstrated that PCI DSS compliance is very difficult to maintain on an ongoing basis," said Rasori. "True end-to-end data encryption is the only sure way to protect the integrity of the card processing system. With VeriShield Protect, retailers can be assured that the data is protected from the instant it enters their system, until it exits at a secure point of decryption."