VeriFone Holdings, Inc. (NYSE: PAY) today
introduced VeriShield Protect, a system designed to thwart continuing
criminal efforts to gather unencrypted account holder data via breaches
of merchant networks, applications and servers that come in contact with
consumer credit and debit card information.
VeriShield Protect was developed to prevent compromise of cardholder
data even in the event of a breach. VeriShield Protect shields credit
and debit account information from the moment a card is swiped until the
data is received at a secure decryption appliance located in a
merchant’s secure data center, at an off-site service provider, or at an
acquirer or processor organization.
Criminals have captured cardholder information despite merchant attempts
to comply with industry mandates, such as PCI-DSS (Payment Card
Industry-Data Security Standard), which require periodic security
audits. The retailer environment is often too complex to be completely
locked down against all intruders and it is unrealistic to expect
merchants to maintain constant vigilance over every access point and
every location where data is stored or transported.
“Data compromises continue to demonstrate that a focus on end-to-end
protection of customer data—not simply on compliance with the PCI-DSS
standard—is critical for merchants and other card-industry
stakeholders,” said Avivah Litan, vice president and distinguished
analyst with Gartner, Inc.
The VeriShield Protect system employs a breakthrough technology called
H-TDES(tm) (Hidden-Triple Data Encryption Standard) to encrypt the
personal account number (PAN) and magnetic-stripe track data in a manner
that other applications interpret as valid card data. The data is
encrypted within the tamper resistant security modules of VeriFone’s PCI
PED-approved payment systems so that it can safely be transmitted over
retailer networks to a centralized secure decryption appliance from
Semtek Innovative Solutions Corp., the developer of H-TDES.
“Today’s PCI PED payment systems use highly evolved hardware encryption
to secure PINS before they enter the merchant’s POS system. VeriShield
similarly affords encryption protection to cardholder account
information to proactively protect consumers and remove the risk of
exposure within the retailer’s enterprise,” said Paul Rasori, VeriFone
vice president of Global Product Marketing. “Because VeriShield Protect
should require no changes to their applications, merchants can adopt
this solution right away and keep their POS applications, networks or
enterprise databases free of consumer data that criminals target.”
The VeriShield Protect solution also incorporates access to a Cipher
Device Metrics Server (CDMS) that provides a real-time status and alert
system to monitor compliance of each and every transaction as it occurs.
VeriShield Protect is available immediately on the MX800 Series
platform, and will be available on Vx Solutions products beginning later
this year. VeriShield Protect is also available as a secure hosted
service.