Industry News | May 17, 2008

From the Floor: Merchant Warehouse Ensures Safer Credit Card Encryption

Credit card theft: It’s happening all the time. In recent weeks, the victims of stolen credit card transaction data include restaurant chain Dave & Busters, supermarket company Hannaford Bros, and Okema Mountain Resort, a ski center in Vermont.

MerchantWARE Being compliant with Payment Card Industry Data Security Standards (PCI DSS)--which were set up by credit card providers VISA, Mastercard, and American Express to ensure secure point of sale (POS) transactions--don’t ensure complete safety, says Henry Helgeson, president and CO-CEO of Boston-based Merchant Warehouse, a provider of credit card processing systems.

“What PCI really mandates is that you lock down your network and any time you send the data over a public network that it’s encrypted. The problem is there’s no good way to totally lock down your network,” says Helgeson from the floor of the NRA Show in Chicago.

“There’s also a possibility you’re going to get hacked--especially when you have employees that have physical access to the [card] readers themselves,” he says.

His company is launching a new solution to nip credit card theft in the bud; encrypting the data at the point that it is swiped at the credit card reader’s read head, not after it’s been scanned and captured by the POS system.

Using the new solution, MerchantWARE, a restaurant’s POS system never stores or transmits any unencrypted credit card information. Instead, MerchantWARE uses a MagneSafe credit card reader made by MagTek to scramble the credit card numbers and related personal information. It gets unencrypted on the backend, providing no access for hackers.

If a restaurant needs to revisit a transaction--say there was a problem with an incorrect tip or mistake in an item on the bill--MerchantWARE provides backend support that allows for access to the data.

Helgeson says that without his company’s solution, anyone with access to the transaction--ranging from a dishonest cashier to a waiter--could use a simple device known as a key logger to pilfer the information. This tiny device (it looks like a PC flash drive) can be inserted discreetly into the POS system to grab the unencrypted data. He displayed examples of these and other simple data theft devices at the show, all of which were all procured on the Internet auction site Ebay for minimal expense.

MerchantWARE is now ready for use, Helgeson says, and the company plans to incorporate its system into the packages offered by POS providers. It is currently is discussions with several providers, he said, declining to provide names. All that is required is a few days of programming time and the new readers, which run around $55 each.

“Now there’s nothing to steal anymore,” Helgeson says.

By Deborah L. Cohen

Deb Cohen is QSR's monthly Finance columnist and is reporting straight from the floor of this year's NRA Show in Chicago.

Add new comment