Thales Blog

Taking On The Card Data Fraudsters

January 20, 2010

The payment card industry has seemed to be increasingly under attack from fraudsters over the past year with a number of high profile data breaches hitting the headlines. The industry takes its security very seriously, and has been actively working on new standards and deploying solutions to counter the threat. One approach that has attracted a lot of attention to protect cardholder data is end-to-end encryption.

The ASC X9 working group is currently developing a standard for protection of sensitive data, but meanwhile many vendors and networks have already announced their own approach.

Heartland Payment Systems is one such example. They are leading the charge with their ASC X9 working group involvement on developing a sensitive data protection standard and in actively deploying their own end-to-end encryption solution. The Heartland E3 solution is based on technology that can be rapidly and easily deployed off the shelf. It significantly limits the scope of security audits and reduces the burden of demonstrating regulatory and internal compliance.

In its recent study carried out for the PCI Security Standards Council, PricewaterhouseCoopers determined that end-to-end encryption, which encrypts data from point-of-sale at the merchant across the processor's network, ranked highly in its potential to reduce PCI compliance scope for merchants.

While no single technology can claim to provide complete security or compliance, end-to-end encryption should prove a significant obstacle and an important step in taking on the card fraudsters.