IMGCAP(1)]
Merchants that understand the vulnerability of cardholder data would be willing to upgrade their point-of-sale terminals, despite the additional cost, to models that encrypt cardholder data at the time consumers swipe their payment cards, Bob Carr, chairman and CEO of Heartland Payment Systems Inc., tells CardLine sister publication ISO&Agent Weekly. Terminals that encrypt card data help ensure merchants do not store or transmit unencrypted information over their networks or systems. Merchants that "understand the vulnerabilities of sending" unencrypted data from payment terminals "will make a relatively small capital investment in technology" to reduce their ongoing breach liability and the annual costs and effort associated with Payment Card Industry data-security standards certification, says Carr. A recent report from Maynard, Mass.-based Mercator Advisory Group suggests a key challenge proponents of complete encryption face is convincing merchants to purchase updated terminals that support full encryption (CardLine, 7/2). Some small merchants have resisted upgrading their systems to achieve PCI compliance because they do not understand the need for it and because they are unwilling to pay to replace noncompliant software and hardware with compliant versions (CardLine, 11/7/08). Princeton, N.J.-based Heartland last week completed the first test of a complete-encryption system designed to prevent hackers from accessing cardholder data (CardLine, 7/1).
