First Data Corp. hopes to challenge terminal makers with an encryption service that it contends goes further than rival offerings.
The Atlanta processor announced Monday that it is extending a test of its TransArmor data security service, which encrypts payment data at the point of sale; the account data remains encrypted throughout transaction processing in the payments chain. First Data said this makes it unnecessary for merchants to store cardholder data on site and reduces the risk of fraud.
The TransArmor test will continue for four months, First Data said. It involves 400 merchants of varying sizes, including those supporting card-not-present sales.
The Kohlberg Kravis Roberts & Co. unit offered an earlier version of the technology under the name First Data Secure Transaction Management.
It announced the test at the RSA Conference 2010 information security show in San Francisco.
Unlike encryption offerings from point of sale terminal makers, TransArmor works with all types of payment terminals, and encryption occurs entirely "behind First Data's firewalls," Bruce Dragt, First Data division manager of merchant product and development, said in an interview.
Data encryption "offerings vary by provider, and while some provide one part of the encryption process that stays behind the merchant wall, ours begins at the merchant level and continues all the way through processing," he said.
Merchants must pay an additional fee for the service, which is sold through third-party acquirer channels.
First Data developed the technology with EMC Corp.
Data encryption recently has become a marketing tool for payment terminal manufacturers and processors. VeriFone Holdings Inc. in 2008 introduced the first widely marketed encryption product, expanding it last year across all point of sale lines. Hypercom Corp. in October formed a data protection unit to promote its EFTSec Server payment data security encryption technology globally, and in January Ingenico announced its encryption product, On-Guard Card Acceptance.
One payment security expert said encryption is "a good step" toward protecting cardholder data but does not solve all of merchants' potential card-fraud problems.
"Everybody is looking for the magic bullet," said Rocco Grillo, a managing director in the information security, data privacy practice at Protiviti Inc., "and while data encryption helps remove a lot of the responsibility for fraud from merchants, no one has fully tested or proven its ability to protect against all fraudsters."
Also, encryption does not protect against fraud at all levels. "Encrypting data once the transaction is in progress is an improvement, but the need for physical security around the terminal itself remains," Grillo said.