IMGCAP(1)]
More companies have begun to offer encryption options, or have announced plans to do so, with a focus on so-called "end-to-end" encryption. Typically, this means payment card data are encrypted when the information is read by a merchant's terminal and remains encrypted until it has been handed off to the processor. Heartland Payment Systems Inc. began to advocate use of encryption technology after it disclosed a data breach in January. The Princeton, N.J.-based processor in July completed the first test of a complete encryption system designed to protect the cardholder data it handles from hackers (CardLine, 7/1). Atlanta-based First Data Corp. announced in late September it is developing a system that uses tokenization, a technique that would make encrypted data more secure (CardLine, 10/2). Additionally, payment-terminal maker VeriFone Holdings Inc. announced in April it is providing encryption capabilities with its VeriShield Protect product across its point-of-sale terminal lines (CardLine, 4/20). VeriShield Protect meets Visa Inc.'s best practices for data-field encryption, according to San Jose, Calif.-based VeriFone. Visa accepts encrypted data, but only from merchants connected directly to its network. If a merchant is not a direct-connect client but its processor is, the processor would have to decrypt the data as it comes in and encrypt it again before sending it to Visa.
