More companies have begun to offer encryption options, or have announced plans to do so, with a focus on so-called "end-to-end" encryption. Typically, this means payment card data are encrypted when the information is read by a merchant's terminal and remains encrypted until it has been handed off to the processor. Heartland Payment Systems Inc. began to advocate use of encryption technology after it disclosed a data breach in January. The Princeton, N.J.-based processor in July completed the first test of a complete encryption system designed to protect the cardholder data it handles from hackers (CardLine, 7/1). Atlanta-based First Data Corp. announced in late September it is developing a system that uses tokenization, a technique that would make encrypted data more secure (CardLine, 10/2). Additionally, payment-terminal maker VeriFone Holdings Inc. announced in April it is providing encryption capabilities with its VeriShield Protect product across its point-of-sale terminal lines (CardLine, 4/20). VeriShield Protect meets Visa Inc.'s best practices for data-field encryption, according to San Jose, Calif.-based VeriFone. Visa accepts encrypted data, but only from merchants connected directly to its network. If a merchant is not a direct-connect client but its processor is, the processor would have to decrypt the data as it comes in and encrypt it again before sending it to Visa.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry