Hypercom Corporation (NYSE: HYC) today announced key initiatives to step up the payment card industry's ability to attack payment card data fraud.
Effective immediately, the Company is bringing its Asia-Pacific-based EFTSec Server payment data encryption technology to North America, Latin America and Europe, teaming with Voltage Security, Inc. to deliver highly innovative and scalable cryptographic technology, and forming a global data protection business unit to address customer-specific security threats with five key approaches to data security.
"We are bringing to market innovative and highly adaptable security solutions that can meet each of our customer's individual implementation requirements and technology choices to protect cardholder data and preserve cardholder trust in the integrity of the electronic payments system," said Philippe Tartavull, Chief Executive Officer and President, Hypercom Corporation. "Banks, processors, retailers and consumers will not tolerate endless attacks and incessant expenditures on card data security. Just as the threats are multi-faceted, so too must be the security approaches to counter these threats."
Delivers Five Key Components Required to Protect Payment Card Data
End-to-End Payment Data Protection: Hypercom believes end-to-end payment data protection encompasses protecting data throughout its lifecycle-not only encrypting it when in transit but also when at rest in a merchant or payment processing enterprise environment. Hypercom also believes that the scope of payment data protection includes the use of strong security technology throughout the design, deployment, operation and maintenance of payment terminals and their applications including the loading and storage of debit keys that reside on those devices.
• Line Encryption for Data in Transit: Line encryption encrypts cardholder data during transaction processing, starting at the payment terminal and ending at a trusted point where the data is decrypted. That trusted point can be within a large merchant or payment service provider environment. Hypercom was the firHypercom was the first electronic payment solutions provider to initiate card data encryption with its EFTSec technology introduced in 2006. Developed to combat attacks then prevalent in several Asian countries, EFTSec is now the defacto industry standard for payment terminal initiated link encryption in Asia. EFTSec is already in use by seven major banks with combined assets of more than US$178 billion, and licensed to and implemented by several major terminal manufacturers. Unlike recently introduced competing solutions that require customers to purchase custom equipment or utilize third party decryption services, EFTSec leverages existing network infrastructure.
• Protection for Data End-to-End: Hypercom has teamed with Voltage Security, Inc. to implement cryptographic technology that delivers an array of end-to-end encryption across its product line. Management of card data at rest and in use is critically important and must be protected at all times. That said, portions of the data must be available for legitimate business purposes. Voltage's technology provides businesses with strong protection without compromising flexibility or requiring major changes to existing business processes. The key benefit for banks, processors and large retailers: provides the technology to protect cardholder data throughout the enterprise.
• Protection for Data During Operation and Maintenance: Protecting the operational procedures and maintenance of payment terminals is just as important as protecting cardholder data. Hypercom's HyperSafe® suite of security products defends terminals from rogue applications and malware, protects the terminal management system from communicating with fraudulent terminals and provides the industry's only remote key management system. The key benefit for banks, processors and large retailers: protects their investment in the point of sale estate, reduces the potential for fraudulent use of terminals and ensures the secure transport of cryptographic keys.
• Virtual Terminals: Segmenting a merchant's point of sale system data from payment data is one method of reducing the scope of PCI DSS compliance for merchants. Virtual terminals are web-based secure platforms which easily integrate payment processing and business critical processes with ubiquitous client side applications and devices. By utilizing advanced server capabilities such as Hypercom's SmartPaymentsTM and Wynid® product suites, data segmentation can be easily achieved, enabling "large store functionality" for mid-size business environments. The key benefit for small and mid-size retailers: provides top-level security for sensitive cardholder data, reduces PCI DSS compliance costs.
• Card Authentication: In addition to complete enterprise-wide end-to-end payment data protection, Hypercom supports the strengthening of card authentication as an important tool to prevent card skimming. Hypercom supports a number of technologies that, if broadly adopted, would significantly reduce fraud through card skimming. Technologies include contact and contactless chip cards, and Magnetic Stripe Image Authentication. Magnetic Stripe Image Authentication is an innovative dynamic digital authentication solution that detects counterfeit magnetic stripe credit, debit, gift and ATM cards. Whenever a card is used at a payment terminal, magnetic stripe security imaging authenticates the card's legitimacy in real time by matching each magnetic stripe's unique 'noise fingerprint' against the 'fingerprint' originally obtained from the legitimate card. The key benefit to retailers: protects the cardholder against credit card 'skimming' fraud wherein criminals copy the data encoded on a legitimate card and produce a fraudulent card.
"Hypercom is setting a new global card protection standard by bringing to market the payment industry's widest choice of protection options to protect businesses and simplify implementation," said Mark Bower, Vice President, Product Management, Voltage Security, Inc. "Hypercom has long been recognized as the leader in payment security and we are delighted to team with them to help businesses worldwide."
Forms Data Card Protection Business Unit
Hypercom's new Global Data Protection Business Unit will consult with customers to determine individual system configurations, security threats and the best security solutions to address their specific needs, and then direct the implementation. TK Cheung, Hypercom's Vice President, Global Quality and Security, heads the new business unit. He also serves as Vice Chairman and Chief Technical Officer of The Secure POS Vendor Alliance (SPVA).
"One solution does not fit all when it comes to payment card data protection. The payment industry is highly complex and requires a range of solutions each of which can protect the various elements that comprise an end-to-end solution. To that end, we are making available the smartest array of security approaches providing choices for businesses of all types to fortify their defenses and protect cardholder data against current and future threats. The addition of Voltage Security's end-to-end encryption to our arsenal of crime-fighting technologies together with EFTSec and HyperSafe suite of security products allows us to deliver the industry's most comprehensive selection of security solutions," said Mr. Cheung.
Mr. Cheung has more than 30 years of experience in the telecommunications and electronic payment industries. Prior to his current positions, Mr. Cheung was Managing Director for Hypercom's Asia-Pacific region, where he successfully launched the hardware and software based EFTSec security products to combat increasing levels of credit card fraud prevalent to this region and to satisfy stringent customer requirements.