Heartland claims strong uptake for end-to-end encryption

Source: Heartland Payment Systems

Since its launch on May 24th at the National Restaurant Association Hotel-Motel Show in Chicago, 5,100 small and mid-sized business owners across the country have purchased and deployed Heartland Payment Systems' (NYSE: HPY) E3 terminal to protect their businesses and their consumers.

This milestone marks the largest number of merchants in the United States actively using truly effective end-to-end encryption technology to secure their transactions. Truly effective end-to-end encryption occurs when the analog data on the magnetic stripe never enters the acquiring payments system in clear-text digital form. Designed to protect cardholder credit and debit card data and render it useless to cyber criminals, E3 safeguards card account information from the moment of card swipe and through the processing network - not just at certain points during the transaction flow.

"The widespread adoption of E3 by business owners in just the first few months demonstrates a great deal of interest from the merchant community in protecting cardholder data and lowering the risk of PCI DSS (Payment Card Industry Data Security Standard) fines and fees," said Bob Carr, Heartland's chairman and chief executive officer. "E3 offers the highest degree of security available - without charging extra monthly or transaction 'junk fees' - making the highest level of security in the marketplace available to all businesses large and small. We are thrilled to prove many pundits wrong in their assertion that large numbers of small and mid-sized merchants would not spend money to enhance their security."

In October, Heartland will launch its new E3 magnetic stripe reader (MSR) wedge for PC-based payment applications. The E3 wedge is designed to protect cardholder data at the point of swipe before the data reaches potentially vulnerable PC-based applications. It is the first MSR in the industry that encrypts sensitive cardholder data in a tamper-resistant security module (TRSM) - similar to that of a debit PIN encrypting device. The wedge employs state-of-the-art Advanced Encryption Standard (AES), Identity-Based Encryption and physical protections compliant with the PCI PIN Transaction Security (PTS) 3.0 standards. Like the E3 terminal, the wedge manages its own unique keys. It plugs into a USB port to communicate with point-of-sale (POS) systems and can be attached to the side of a monitor or a merchant's countertop. The E3 MSR components can also be embedded into an integrated PC-based POS system.

Heartland developed the wedge to offer a variety of security options to merchants, as well as address the rising number of data breaches in the hospitality industry, specifically at restaurants and hotels. According to the 2010 Verizon Business Data Breach Investigations Report, the hospitality industry accounts for 23 percent of investigated breaches and just over a third of all breaches - a 17 percent increase from Verizon's 2009 report. The use of PC-based POS and property management systems for the processing of payments - including shared systems among chains and wireless networks - plus the high volume of card transactions and retention of card data for reservations makes the hospitality industry especially vulnerable to security breaches.

"While hospitality is a prime target for cybercriminals, no business can rest easy thinking it won't be the victim of a data breach," noted Steve Elefant, chief information officer at Heartland. "All business owners and operators need to improve their efforts to protect cardholder data and reduce the risk their organizations and customers face. The E3 terminal and wedge empower them to do just that."

E3 is easy and cost-effective to implement. There are no changes to a merchant's daily routine or the speed of transactions - and no large equipment investment. Merchants purchase an E3 terminal or wedge at - or below - the prices of standard, less-secure processing equipment on the market today. Additionally, merchants are protected by Heartland's "E3 End-to-End Encryption Warranty" which - in the unlikely event of a data breach using E3 - will reimburse a merchant's breach-related fines.

Comments: (0)