Heartland Payment Systems Inc. has completed the first test of a complete encryption system designed to protect the cardholder data it handles from hackers. The processor, which disclosed a major breach in January, said Tuesday it had run transactions from the major card brands on its encryption system. However, Visa Inc., MasterCard Inc., American Express Co. and Discover Financial Services do not accept encrypted data from Heartland, so it had to decrypt the data to complete the transactions. More than one of the card brands should be set up to handle encrypted data in the first quarter of next year, though Heartland plans to begin selling the system even if the card brands are not ready by that time, according to the Princeton, N.J.-based processor. If merchants embrace the new system, it should ease some of their lingering worries about the Payment Card Industry Data Security Standard, says Steven M. Elefant, Heartland executive director of complete encryption. "PCI is a good start, but PCI in and of itself does not keep people secure, so it has to be extended," Elefant says. "Part of what we offer with [the encryption system] is that the merchant will never have the ability to decrypt a card," so they would not be capable of exposing data. Heartland tested the system at a car wash in Plano, Texas. Over the course of the year, Heartland will repeat the test with hundreds of merchants, Elefant says. Heartland should find a market for its encryption system among merchants, though there is no guarantee using encryption will make things easier for merchants under PCI, says Avivah Litan, a vice president at the market-research firm Gartner Inc.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry