Commidea, the leading card payment processing solution provider, announces the launch of Ocius Sentinel - the UK's first solution to offer both end-to-end dual encryption and tokenisation.
Ocius Sentinel tackles the dangers associated with the capture, transmission and storage of card data by effectively removing the the card's unique security information from a merchant's network. According to independent security consultants Foregenix, 89% of card present compromises involve prohibited data storage, a statistic which highlights the size of the problem facing retailers.
Ocius Sentinel, which has been fully certified for use by major UK acquiring banks, uses a combination of two of the strongest cryptography techniques available to encrypt the data at the point of card data capture. It quickly and securely transmits the encrypted cardholder data directly from the PIN pad, via the Electronic Point of Sale (EPOS) system, across the merchant's network and into Commidea's secure, PCI DSS certified processing infrastructure for onward transmission and authorisation by the Acquirer. As sensitive cardholder data is effectively removed from the merchant's system, it can reduce the cost and burden of achieving and maintaining Payment Card Industry Data Security Standard (PCI DSS) compliance by up to 80%*.
Ocius Sentinel offersadditional features to further guard and prevent the capture of card holder information in the event of a malicious attack, including:
- A sophisticated PIN Entry Device (PED) asset management system which challenges and authenticates the PED serial number rendering any unidentifiable device unusable with Commidea's software.
- A mutual authentication system ensuring that data passed to and from the merchant solution always connects to genuine authorisation servers.
- Tracking of PEDs to monitor any abnormal behaviour via Commidea's web-based Management Information System.
"Commidea's implementation of robust cryptographic technologies in the Ocius Sentinel solution provides a clear and much needed advancement in secure payment processing," said Andrew Bontoft,, Technical Director, Foregenix Ltd. "Offering strong encryption directly from the hand-held PED through to the processor's backend network removes the possibility of the account data being intercepted between these two points, significantly reducing the risk of data compromise."
"Many retailers are having to focus their sights on PCI DSS compliance while wishing that they could invest their time, energy and technology spend on more customer centric activities," said Simon Wilding, Managing Director, Commidea, "By implementing Ocius Sentinel retailers can do exactly that, knowing that they have truly safeguarded their customers' data and stretched far beyond 'tick the box' compliance."
Commidea's customers will continue to have access to a wide range of value added services, such as card holder preferred currency, tax free shopping, mobile top-ups and voucher schemes.