QUICK LINKS: Micromarkets  |

VT Classifieds

|

Buy a Classified Ad

|

Editorial Calendars

|

Circulation Data

|

Downloads

|

Bookstore

|

Operators Date Book

Search:  Follow VendingTimes on Twitter 

Bookmark this site



 
Issue Date: Vol. 49, No.8, August 2009, Posted On: 8/23/2009


Heartland Completes First Phase Of ‘End-To-End’ Encryption Project


Tim Sanford
Editor@vendingtimes.net
Heartland Payment Systems, end-to-end encryption initiative, Bob Carr, Steven Elefant, AES, Advanced Encryption Standard, Triple DES, Data Encryption Standards, credit card security, debit card security, vending, vending news, vending machine, vending routes, automatic retailing
PRINCETON, NJ -- Heartland Payment Systems has reported the successful conclusion of the first phase of its massive "end-to-end" encryption initiative. Heartland, one of the nation’s largest payment processors, long has been critical of what it regards as lax data security standards for credit and debit cards.

The first step involved applying "live" AES (Advanced Encryption Standard) for the transmission of transactions from a merchant to Heartland’s processing platform. AES provides the highest level of encryption available today, and is on track to replace the existing DES and Triple DES (Data Encryption Standards) as the desired encrypting scheme for sensitive information.

Heartland chairman and chief executive Robert O. Carr said that, as far as he knows, this is the first time encrypted transactions have been sent from a merchant's card reader to and through a major processor’s payments network.

Carr explained that to date cardholder data typically have not been encrypted before leaving the merchant terminal; it has been encrypted either when it’s "tokenized" at the gateway, or after it has been received and stored in the processing platform’s data warehouse. "This means cardholder data in transit is at risk of being compromised, should it get into the hands of cybercriminals or hackers via such methods as network or ‘memory sniffer’ malware," he noted.

In order to protect data throughout the lifecycle of a credit, debit or prepaid card transaction, Carr continued, Heartland is developing end-to-end encryption (E3) technology designed to encrypt the transaction from the initial "card read" right through the network and transmission to the card brands.

For Heartland, this E3 protection involved five "payment zones." In the first, information is protected from the "card read" or other data entry at the merchant terminal to the processor’s authorization network. In the second, it is protected from its entry into the authorization network and through all the points at which it moves across the networks of the processor and its subcontractors. In the third, it is protected while it resides in a central processing unit or a host security module (HSM). In the fourth, protection is provided to data in any direct-access storage device or in archival storage. And, in the fifth, it is protected from the processor to the authorization and settlement centers of the processor and its subcontractors.

Heartland's executive director of end-to-end encryption, Steven M. Elefant, reported that the successful test involved the first four of these five zones. "We believe that protecting data in these zones alone will significantly impact the protection of cardholder data," he said. Elefant added that the company expects to enhance protection in Zone 3 in the fourth quarter.

"Protecting data in Zone 5 is contingent on the card brands," the Heartland encryption expert continued. "We are in active discussions with several of the brands, and our conversations have been very positive."

Carr reported that Heartland plans to continue expediting the development of the E3 system, and to launch it commercially late this year.


Topic: Vending Features

Articles:
  • Crane Merchandising Systems Introduces Fit Pick-Branded Merchant Media Machine
  • New York's Servomation Deploys VendScreen Devices, Improving Customer Experiences At Machines
  • Cantaloupe Systems and Isis Team Up for 'Buy-Three-Get-One-Free' On Cashless-Enabled Vending Machines
  • Crane Merchandising Systems Announces Availability of MEI Integrated Bill Validators on Media Machines
  • Crane Payment Innovations and Crane Merchandising Systems Announce Vision For Vending Management

Copyright © 2014 Vending Times Inc. All rights reserved. 
P: (516) 442-1850 | F: (516) 442-1849 | subscriptions@vendingtimes.net
55 Maple Ave. - Ste. 304, Rockville Centre, NY 11570