VeriFone Holdings (NYSE: PAY), today announced that its VeriShield Protect card payment data protection solution is in compliance with Visa's best practices for data field encryption, also known as end-to-end encryption, that were published on October 5th.
Visa's announcement reflects growing momentum for implementation of end-to-end encryption as a key payments security layer that can render any intercepted data useless.
"VeriShield Protect is the only commercially deployed solution that meets all elements of Visa best practices for data field encryption and exceeds them in some key areas," said VeriFone CEO Douglas G. Bergeron.
"These data encryption best practices provide merchants and acquirers with a scorecard for evaluating proposed end-to-end solutions," Bergeron continued. "Three critical questions they should ask security vendors are:
1. Does your key management technique protect against public key substitution?
2. Do you protect keys utilizing industry-approved hardware security modules?
3. Do you mutually authenticate the payment device to prevent man-in-the middle attacks?
"In addition, they need to determine what solution will support their existing systems and can be implemented with little or no rewriting of their applications."
VeriShield Protect utilizes a unique format preserving encryption that achieves the goals of Visa's best practices and requires no changes to most POS software and retail systems, or store procedures.
The VeriShield Protect solution is installed into the security module of VeriFone card-acceptance devices to encrypt cardholder data as soon as the card is presented; encrypted data is transmitted to a Decryption Appliance installed at a secure data center to ensure no unencrypted data can be intercepted.