Heartland Tests End-to-End Encryption; Gets Good Reviews

In the first step of its move toward end-to-end encryption, Heartland Payment Systems (HPY) last week completed the first phase of its pilot project.

Heartland, the sixth biggest payments processor, earlier this year announced that it was hit with a data breach, wherein credit card numbers and debit card information were taken by hackers who broke into the payment processor's internal network. Since the breach was announced, the company has been working toward introducing advanced encryption standard (AES)-encrypted card transactions from merchants to Heartland's processing platform.

The merchant that took part in the pilot last Monday was a small carwash operation in Plano, TX, near Heartland's operation center. AES is the highest level of encryption and is currently on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data. The pilot transactions included multiple credit cards, prepaid and signature debit card transactions that tested each of the major card brands, says Robert Carr, Heartland's chairman and chief executive officer.

Heartland's Solution

Heartland's new tamper-resistant security module terminal is meant to stop hackers from sniffing data beginning at the point of sale until it reaches the end point at the payment processor. Typically, cardholder data is unencrypted as leaves a merchant's terminal and isn't encrypted until it is either tokenized in a gateway or at rest in the processing platform's data warehouse.

The pilot tested four of five payment zones, the fifth being contingent upon the card brands or card issuer, when the data is sent from the processor to the authorization and settlement centers of the card brand or issuer.

Rest of article

Recent Entries

Visa Announces New Data Encryption Practices
Visa has announced new global best practices for data field encryption, also known as end-to-end encryption - a much-discussed solution…
Heartland Tests End-to-End Encryption; Gets Good Reviews
In the first step of its move toward end-to-end encryption, Heartland Payment Systems (HPY) last week completed the first phase of its…
Mobile Barcodes Explained - Aztecs in the Matrix
Mobile barcodes are on the verge of becoming a global phenomenon, but what exactly are they, what do they do,…
How PA DSS Will Change the Application Business Forever
By David Taylor -- Most merchants and application vendors seriously underestimate both the scope and the force of the Payment Applications…
Tokenization and your store
New approach shapes how retailers secure private information and consumer confidence against data breachesWith stores located in various states and,…
Americans prefer online banking - ABA survey
For the first time, more US bank customers express a preference for managing their finances online compared to any other…
IKEA Execs Discuss Launch Of US Loyalty, Use Of Mobile Medium
Written by Amanda Ferrante   Tuesday, 15 September 2009 00:00Well known for its innovative approach customer relationship management, home furnishings retailer IKEA has…
First Data And RSA "Legitimize" Tokenization-Then What?
The conventional wisdom is that when large vendors enter a niche market, those vendors "legitimize" that market. But the announcement…
New driver license legislation proposed
Some believe that new proposed driver license legislation would help states better secure IDs while also protecting citizen privacy. Others…
Patients are keen on self-service healthcare
American are taking a shine to self-service healthcare.They may not be snatching the scalpel out of their doctor's hands and…
Touchscreen Technology Website
News from 3M on multi-touch and also launch of new "education" site touchtopics.com which is to explain all various touchscreen…
PCI Best Practice Supplement for Merchants
August 2009 release of best practice doc, PCI_skimming_prevention_form.pdf, directed at skimming attacks. Illustrates how exposed terminals in POS are targeted by…
Cloud Computing - Does Amazon fail PCI Compliance?
There's an ongoing debate about the ability of cloud computing services to meet enterprise regulatory compliance requirements, including the Payment…
End-to-End Tokenized Encryption
EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to…
Guidelines - PCI DSS Wireless Guideline Supplement
Dcument purpose  - This document provides guidance and installation suggestions for testing and/or deploying 802.11 Wireless Local Area Networks (WLAN)…
Healthcare - Building Kiosks From Scratch
In an era of consumerism, physician group practices are looking for ways to improve customer service and gain loyalty. So…
Trends - Number of retail medical clinics shrinking
Projections that showed there would be 2,500 retail clinics operating by 2010 are coming up short as the industry has…
Wireless transactions and PCI DSS 1.2 Compliance
Article covering wireless transaction and protocols in context of PCI compliance. Amazing that 11% use WPA2. Gist of article is…
EMV Level 2 - Just what does it mean?
The purpose and goal of the EMV standard is to specify interoperability between EMV compliant IC cards and EMV compliant…
CUPPS: The Platform of the Future (Airline Kiosk)
CUPPS has been architected as the platform of the future, able to accommodate many things even beyond the agent-facing applications…



  |