Magazine article American Banker

Search for Meaning: What Is End-to-End Encryption?

Magazine article American Banker

Search for Meaning: What Is End-to-End Encryption?

Article excerpt

Byline: Will Hernandez

Processors and payments hardware vendors are promoting the concept of end-to-end encryption, but there is no clear definition for the security format.

The pointofsale terminal vendor VeriFone Holdings Inc. is offering the technology and Heartland Payment Systems Inc. is testing it now. The basic idea is to protect payment card data starting from the moment a card is swiped, but one key issue that remains unclear is where the information is decrypted.

The Payment Card Industry Security Standards Council, which administers the PCI Data Security Standard, is trying to settle the matter by coming up with a definition for end-to-end encryption, according to Troy Leach, the council's technical director.

The council has hired PricewaterhouseCoopers LLP to study the subject. PricewaterhouseCoopers is about halfway through the research and is expected to complete the project in early September.

So far, the one recurring theme in the research is that there are "slightly different interpretations of both the definition of what end-to-end encryption really should be as well as what it can accomplish," Leach said.

"We're drawing a line in the sand and saying this is how we are going to define end-to-end encryption, at least for this project."

The card networks say that end-to-end means card data is encrypted from the time a card is swiped until it is delivered to the networks or card issuers.

Heartland, of Princeton, N.J., has said it is following this definition.

However, the four major card networks - Visa Inc., MasterCard Inc., American Express Co. and Discover Financial Services - do not yet accept encrypted data, so the information must be decrypted before they can process a transaction.

VeriFone's VeriShield Protect system encrypts data at the point of sale and delivers it to the transaction processor or merchant acquirer. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.