Independent Security Evaluation by Coalfire Systems

E3 Terminal

Coalfire Systems, a Payment Card Industry (PCI) Qualified Security Assessor (QSA), performed an independent security assessment of Heartland’s E3 end-to-end encryption terminal and found:

  • A properly deployed E3 solution can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today.
  • The E3 terminal can reduce the scope of PCI compliance by up to 79 percent.
  • E3 can minimize the resulting costs of PCI compliance assessment and validation.
  • E3 provides a true “end-to-end” solution for merchants with no need to decrypt data before handoff to the processor.

Other findings include:

  • E3 meets all Visa Data Field Encryption guidelines as well as other industry standards.
  • E3’s use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength, and meets industry standards and VISA best practice guidance.
  • The use of Identity-Based Encryption (IBE) key management processes removes most of the challenges of key management for the merchant that have been found in many other encryption solutions.

E3 MSR Wedge

Coalfire also performed an independent security assessment of Heartland’s E3 end-to-end encryption magnetic stripe reader (MSR) wedge and found:

  • E3 facilitates the elimination of PA-DSS scope for POS developers’ payment applications.
  • A properly deployed E3 solution can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today.
  • The E3 wedge can reduce the scope of PCI compliance by up to 69 percent.
  • E3 can minimize the resulting costs of PCI compliance assessment and validation.
  • E3 provides a true “end-to-end” solution for merchants with no need to decrypt data before handoff to the processor.

Other findings include:

  • The E3 wedge’s use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength and meets industry standards and VISA best practice guidance.
  • The use of Identity-Based Encryption (IBE) key management processes removes most of the challenges of key management for the merchant that have been found in many other end point encryption solutions.

Download Reports

* required
First Name *
Last Name *
Title *
Company *
Company Type *
Email *
Phone

I would like to download the report for:

 1E3 Terminal

 2E3 MSR Wedge

 

 yesI would like to have a Heartland representative contact me about E3.

I would like to receive news alerts and other communications from Heartland Payment Systems.

Data Security Simplified: Reducing Risk, Costs and PCI Scope with E3™ End-to-End Encryption

Business owners know safeguarding payment card data and complying with PCI standards are crucial for their businesses. Yet, the complexities can be financially and operationally taxing for merchants of all sizes.

Join security experts from Coalfire Systems and Heartland Payment Systems for a webinar as they explore how E3 end-to-end encryption can actually simplify data security. They will discuss key findings from an independent security assessment of the E3 terminal, including how E3 can:

  • Reduce the scope of PCI compliance by up to 79 percent
  • Minimize the costs of PCI compliance assessment and validation
  • Mitigate the risk of data compromise

Register

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue