Source: Coalfire
According to an independent security assessment released today by Coalfire Systems, a Payment Card Industry (PCI) Qualified Security Assessor (QSA), Heartland Payment Systems' E3 end-to-end encryption terminal can reduce the scope of PCI compliance by 79 percent for merchants using a dial-up connection and by up to 69 percent when using an IP connection. Coalfire also found E3 can minimize the resulting costs of PCI compliance assessment and validation.
"The complexities -- and costs -- of PCI compliance are some of the most taxing aspects of payment card security for merchants of all sizes. Relieving them from a significant amount of that burden -- as well as from the risk of payment card data compromise for transactions submitted through E3 devices -- without additional 'junk' fees or encryption taxes is a major victory for business owners, Heartland and the payments industry at large," said Steve Elefant, Heartland's chief information officer.
E3 is designed to provide the highest degree of payment card data security available. E3 technology meets the recently released PCI Security Standards Council (SSC) guidance for point-to-point encryption (P2PE). It safeguards cardholder data from the moment of card swipe or key entry -- and through the Heartland network -- until handoff to the card brands "with no decryption of the data feasible at any point between the source and the destination."
Kennet Westby, president and COO of Coalfire, added, "As a payments processor, Heartland has a unique advantage over many other security providers in that it can protect data through its own network -- providing a true 'end-to-end' solution for merchants with no need to decrypt data before handoff to the processor. This is a primary factor in the increase in scope reduction when compared with other technologies."
Coalfire also determined that E3 meets all Visa Data Field Encryption guidelines as well as other industry standards.
Other key findings include:
-- E3's use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength, and meets industry standards and VISA best practice guidance.
-- The use of Identity-Based Encryption (IBE) key management processes removes most of the challenges of key management for the merchant that have been found in many other encryption solutions.
Coalfire's assessment, which included technical testiesesting, architectural assessment, industry analysis, compliance validation and peer review, concluded, "A properly deployed E3 solution can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today."