Heartland claims support for end-to-end encryption offering

Source: Heartland Payment Systems

Several of the world's leading electronic payments system manufacturers are working with Heartland Payment Systems (NYSE: HPY), one of the nation's largest payments processors, to ensure their point-of-sale (POS) devices and other payments platforms offer the highest level of data security to businesses that accept credit and debit card payments.

These manufacturers are integrating Heartland's E3TM protocol, an industry-leading end-to-end encryption solution that leverages Voltage SecureDataTM encryption and key management technology. End-to-end encryption is considered the most effective security method available for protecting cardholder data.

E3 uses the strongest encryption methods available to safeguard cardholder data at rest and in motion throughout the lifecycle of payments transactions ... from the moment of card swipe ... to and through the payment processor's network ... to participating card brands. E3 is designed to offer full lifecycle protection, not merely point-to-point like most competing solutions, and render payment data useless in the event of a compromise.

In early 2009, Heartland began working with Voltage Security to develop a comprehensive end-to-end encryption solution that did not exist in the marketplace at that time. E3 is the only security solution that offers comprehensive, layered coverage - including software and hardware. E3 features a tamper-resistant POS terminal, magnetic stripe reader/wedge and other devices and software tools that protect cardholder data and never store it on a business' system, relieving the business of PCI card data liability.

Over the past several months, Heartland has provided leading manufacturers - including strategic partner Uniform Industrial Corporation (UIC), Hypercom, ExaDigm, and others - with the E3 protocol specification.

"Heartland set out to create a new standard and make the highest degree of security available to each and every merchant regardless of size or resources - and without charging them extra fees and taxes for enhanced security. We have taken the lead in the movement for greater security standards in the payments industry, urging industry leaders to work together to fight cyber criminals," said Steve Elefant, Heartland's chief information officer. "As several of the world's leading payments equipment manufacturers move to embrace our E3 protocol, it is a testament to the security, innovation and interoperability of our solution, as well as their commitment to help secure payment data and protect all stakeholders in the payments ecosystem with the most comprehensive security solution available today."

"Hypercom applauds the industry leading position Heartland has adopted and continues to champion for the protection of transaction card data and the provision of true end-to-end security," said T.K. Cheung, vice president, global quality and security, Hypercom Corporation. "Hypercom is committed to supporting Heartland's E3 protocols and platforms."

E3 entered beta testing in June 2009 - which marked the first time encrypted transactions have been sent from a merchant's card reader to and through a major processor's payments network. The E3 solution is currently available in limited release and will be widely available in the second quarter of this year. For more information on E3 - or to download a just-released white paper, "Card Payment Security for the Small Merchant," written by George Peabody of Mercator Advisory Group - visit E3secure.com.

Comments: (1)

Nick Green
Nick Green - ISD Consultants - Northampton 25 March, 2010, 17:41Be the first to give this comment the thumbs up 0 likes

Sounds to me like a very stong steel door on a grass hut. It doesn't matter how secure the medium over which the data is transmitted if the device supplying the data is insecure (the magnetic stripe). I understand one of the reasons raised for the US not implemeting EMV is the cost of replacing the terminal estate. I would guess a lot of the terminals already have chip readers in and those older terminals that don't probably won't be able to support the crypto or security requirements for this solution.