In the first step of its move toward end-to-end encryption, Heartland Payment Systems (HPY) last week completed the first phase of its pilot project.
Heartland, the sixth biggest payments processor, earlier this year announced that it was hit with a data breach, wherein credit card numbers and debit card information were taken by hackers who broke into the payment processor's internal network. Since the breach was announced, the company has been working toward introducing advanced encryption standard (AES)-encrypted card transactions from merchants to Heartland's processing platform.
The merchant that took part in the pilot last Monday was a small carwash operation in Plano, TX, near Heartland's operation center. AES is the highest level of encryption and is currently on track to replace Data Encryption Standard (DES) and Triple DES as the desired standard for sensitive data. The pilot transactions included multiple credit cards, prepaid and signature debit card transactions that tested each of the major card brands, says Robert Carr, Heartland's chairman and chief executive officer.
Heartland's Solution
Heartland's new tamper-resistant security module terminal is meant to stop hackers from sniffing data beginning at the point of sale until it reaches the end point at the payment processor. Typically, cardholder data is unencrypted as leaves a merchant's terminal and isn't encrypted until it is either tokenized in a gateway or at rest in the processing platform's data warehouse.
The pilot tested four of five payment zones, the fifth being contingent upon the card brands or card issuer, when the data is sent from the processor to the authorization and settlement centers of the card brand or issuer.
Rest of article