Heartland Payment System's CEO Bob Carr has become the payment industry's most vocal security evangelist, on the speakers' circuit predicting that 2010 will be the year that the payments chain becomes significantly more secure. "I believe the world is going to be changed in the next year with deployed technology," Carr says. "We're going to see the security of the payments industry become markedly better in the next few years."
Carr may eventually deserve the credit as catalyst for this change, but lots of players have jumped on the bandwagon. To start, two of the major card brands have created technical specifications that will allow Heartland, and presumably other payments processors, to deliver encrypted transactions to the card brand's systems. The inability of the brands to accept encrypted data was the last mile in most end-to-end encryption schemes. And this is where the peer pressure theory comes in: when the first two brands (one widely believed to be Visa) go public with their ability to accept encrypted data, the others will be compelled to follow. Similarly, Heartland's vocal pitching of its E3 encryption product is undoubtedly putting pressure on its competitors. Rival First Data has already stepped up, announcing a partnership with RSA to combine encryption with tokenization; smaller players like Element, EPX, and a variety of POS and encryption vendors have offerings.