Heartland Payment Systems Inc. has rolled out its E3 advanced encryption technology, after more than two years of development.
The processor's technology is incorporated into its payment terminals and encrypts transaction information from the time a payment card is swiped until the data reaches Heartland's processing network. The technology eliminates the possibility that merchants will retain sensitive cardholder data, because the information is encrypted at the point of sale, said Steve Elefant, Heartland's chief information officer.
Heartland, of Princeton, N.J., introduced the system last week at the National Restaurant Association's conference in Chicago. Restaurants account for nearly 35% of Heartland's customers.
Merchants will not pay additional monthly or per-transaction fees to use E3-capable terminals, Elefant said. Merchants will see no changes in processing times, which range from three to five seconds for terminals using a broadband connection, he said. With E3, Heartland hopes merchants will no longer need to protect stored card data.
Heartland says it had 173,400 active small and midsize merchants at the end of 2009. It said the ES system should make it easier for smaller merchants to comply with the Payment Card Industry data security standards, said George Peabody, the director of the emerging technologies advisory service at Mercator Advisory Group Inc. The absence of sensitive cardholder data often makes it easier for merchants to respond to PCI self-assessment questionnaires.
Merchants also face less risk, because the E3 system prevents them from storing card data on-site, Elefant said. Instead, Heartland stores the encrypted information.
After its own data breach, disclosed last year, Heartland sought better encryption of payments data, and others offered similar security services to merchants.
For example, VeriFone Systems Inc. uses encryption in its VeriShield Protect services. Heartland and VeriFone had been working on Heartland's E3 terminal, but the relationship soured and two companies eventually sued each other over per-transaction fees Heartland alleged that VeriFone wanted to assess. Heartland subsequently formed a partnership with Uniform Industrial Corp. of Taiwan, POS-device maker that manufactures the E3 terminal, Peabody said.
Peabody said he is not concerned about the absence of a single industry encryption standard. "Any movement toward a standard will take years. Standards development is about competing interests trying to find a common way, and that takes time."
All of these security choices coming to market are not impediments, especially for the smallest merchants, which do not have to contend with integrating thousands of locations as larger retailers do, Peabody said.
Heartland said the E3 system is available now for any merchant and that the company will reimburse a merchant's breach-related fines if the device fails to prevent an unauthorized decryption of cardholder data.