The new First Data Secure Transaction Management service, offered exclusively by First Data and powered by the RSA SafeProxy architecture, is designed to dramatically reduce the cost and complexity of complying with the Payment Card Industry Data Security Standard (PCI DSS).

By using the First Data Secure Transaction Management service, payment card data is encrypted at the time it is captured by the merchant's existing point-of-sale application and remains encrypted until it is securely delivered to the First Data authorization switch where decryption occurs. Once authorized through the switch, the card number is replaced by a "token" value that cannot be linked back to the original card data, but otherwise behaves like a card number. This enables the merchant to eliminate card numbers from various business applications without the need for costly application or point-of-sale hardware modifications. When needed, merchants can access the original card number through a secure vault that First Data maintains for controlled authorized look-ups. This outsourced service helps merchants to reduce the risks associated with the loss of cardholder data, avoid fines, and help prevent the loss of brand equity and trust.

"The increasing need for data protection and the growing complexity of PCI DSS compliance are driving merchants to evolve their business strategies for securing customers' sensitive information," said Robert Vamosi, security/risk & fraud analyst for Javelin Strategy & Research. "Organizations that can employ a layered approach to data security, one that capitalizes on the inherent advantages of encryption, tokenization and other technologies, will be well positioned to protect card data and reduce the scope of PCI compliance."

The First Data Secure Transaction Management service is powered by the RSA SafeProxy architecture, which employs a unique combination of tokenization, advanced encryption and public-key technologies that are engineered to provide merchants with the capability to eliminate credit card data from their environments without loss of business functionality or massive rewrites of applications.

"Payment card data protection and PCI compliance are some of the most significant challenges that our merchant customers face today. Addressing these challenges is both complex and costly," said Michael Capellas, chairman and chief executive officer of First Data. "The simplicity of integrating encryption with tokenization through the First Data Secure Transaction Management service dramatically redefines how merchants of all kinds manage and protect their customer payment data."

"To comply with the PCI DSS and reduce risk, organizations need security controls built into their infrastructure, and not bolted on," said Art Coviello, executive vice president, EMC Corporation and president, RSA, The Security Division of EMC. "Rather than addressing security risks by deploying disparate point controls throughout their infrastructure, First Data Secure Transaction Management provides organizations with a simplified and scalable solution that helps radically reduce management complexity and costs."