Hypercom Steps up Payment Card Industry's Attack on Fraud with New Initiatives to Protect Businesses Globally
Hypercom Corporation today announced key initiatives to step up the payment card industry's ability to attack payment card data fraud. Effective immediately, the Company is bringing its Asia-Pacific-based EFTSec Server payment data encryption technology to North America, Latin America and Europe, teaming with Voltage Security, Inc. to deliver highly innovative and scalable cryptographic technology, and forming a global data protection business unit to address customer-specific security threats with five key approaches to data security.
Key components required to protect payment card data
Hypercom believes end-to-end payment data protection encompasses protecting data throughout its lifecycle, not only encrypting it when in transit but also when at rest in a merchant or payment processing enterprise environment. Hypercom also believes that the scope of payment data protection includes the use of strong security technology throughout the design, deployment, operation and maintenance of payment terminals and their applications including the loading and storage of debit keys that reside on those devices.
- Line encryption for data in transit: Line encryption encrypts cardholder data during transaction processing, starting at the payment terminal and ending at a trusted point where the data is decrypted.That trusted point can be within a large merchant or payment service provider environment. Hypercom initiated card data encryption with its EFTSec technology introduced in 2006. Developed to combat attacks then prevalent in several Asian countries, EFTSec is now the defacto industry standard for payment terminal initiated link encryption in Asia. EFTSec is already in use by seven major banks with combined assets of more than US$178 billion, and licensed to and implemented by several major terminal manufacturers. Unlike recently introduced competing solutions that require customers to purchase custom equipment or utilize third party decryption services, EFTSec leverages existing network infrastructure.
- Protection for data end-to-end: Hypercom has teamed with Voltage Security, Inc. to implement cryptographic technology that delivers an array of end-to-end encryption across its product line. Management of card data at rest and in use is critically important and must be protected at all times. That said, portions of the data must be available for legitimate business purposes. Voltage's technology provides businesses with strong protection without compromising flexibility or requiring major changes to existing business processes. The key benefit for banks, processors and large operators: provides the technology to protect cardholder data throughout the enterprise.
- Protection for data during operation and maintenance: Protecting the operational procedures and maintenance of payment terminals is just as important as protecting cardholder data. Hypercom's HyperSafe suite of security products defends terminals from rogue applications and malware, protects the terminal management system from communicating with fraudulent terminals and provides the industry's only remote key management system. The key benefit for banks, processors and large retailers: protects their investment in the point of sale estate, reduces the potential for fraudulent use of terminals and ensures the secure transport of cryptographic keys.
- Virtual Terminals: Segmenting a merchant's point of sale system data from payment data is one method of reducing the scope of PCI DSS compliance for merchants. Virtual terminals are web-based secure platforms which easily integrate payment processing and business critical processes with ubiquitous client side applications and devices. By utilizing advanced server capabilities such as Hypercom's SmartPayments and Wynid product suites, data segmentation can be easily achieved, enabling "large store functionality" for mid-size business environments. The key benefit for small and mid-size retailers: provides top-level security for sensitive cardholder data, reduces PCI DSS compliance costs.
- Card Authentication: In addition to complete enterprise-wide end-to-end payment data protection, Hypercom supports the strengthening of card authentication as an important tool to prevent card skimming. Hypercom supports a number of technologies that, if broadly adopted, would significantly reduce fraud through card skimming. Technologies include contact and contactless chip cards, and Magnetic Stripe Image Authentication. Magnetic Stripe Image Authentication is an innovative dynamic digital authentication solution that detects counterfeit magnetic stripe credit, debit, gift and ATM cards. Whenever a card is used at a payment terminal, magnetic stripe security imaging authenticates the card's legitimacy in real time by matching each magnetic stripe's unique €˜noise fingerprint' against the 'fingerprint' originally obtained from the legitimate card. The key benefit to retailers: protects the cardholder against credit card 'skimming' fraud wherein criminals copy the data encoded on a legitimate card and produce a fraudulent card.
Forms data card protection business unit
Hypercom's new Global Data Protection Business Unit will consult with customers to determine individual system configurations, security threats and the best security solutions to address their specific needs, and then direct the implementation. TK Cheung, Hypercom's Vice President, Global Quality and Security, heads the new business unit. He also serves as Vice Chairman and Chief Technical Officer of The Secure POS Vendor Alliance (SPVA).