The E3 Blog

Introducing the E3 MSR Wedge … Coming in Q4

by Larry Godfrey | Monday, August 23rd, 2010

Heartland’s E3™ magnetic stripe reader (MSR) wedge is the first encrypting MSR to also be protected by a tamper-resistant security module (TRSM) with state-of-the-art security utilizing 128 bit AES encryption. (AES is slated to replace current standards for encryption DES and Triple DES. In fact, AES became a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is the first publicly accessible and open cipher approved by the National Security Agency for top-secret information.)

Using the wedge — or terminal — E3 protects the payment account number (PAN) and ALL track data for ALL tracks with format-preserving encryption (FPE) before the operating system (OS) or application running on the POS can access it. FPE does not alter the data format once it is encrypted. For example, a 16-digit card number still looks like a 16-digit number. FPE allows access to the first six and last four digits of the card number while encrypting the intermediary six digits — enabling BIN routing, receipt printing and the ability to manage returns and chargebacks.

The following graphic demonstrates just how vulnerable card data is today.  Swiping a card through a non-encrypting MSR exposes full PAN and all of the track data in the clear — an inviting target for malware or any rogue application. Contrast that with the output from Heartland’s E3 wedge; only the first six digits and last four digits of the PAN, the expiration date and cardholder name are available in the clear. This is enough data for the application to print a receipt and not impact business functions, but not enough to facilitate fraudulent purchases or the manufacturing of counterfeit cards.

Heartland E3 AES Encrypting MSR Wedge Output

(click graphic to view full size)

The E3 wedge also leverages identity-based encryption (IBE) technology so the device never has to be “touched” to update the encryption keys. In fact, unlike standard wedges on the market today, new keys are automatically generated after every 50 card swipes, every 24 hours and at power up. This significantly reduces the cost and IT administration of key management while greatly increasing security for merchants using E3.

For maximum compatibility, the E3 wedge is designed to read high or low coercive magnetic cards and simultaneously decode/verify up to three tracks of data. The E3 wedge communicates with a host computer using a tamper-resistant USB interface.  The reader can read magnetic data from any available track encoded per ISO 7810/11.

Leave a Reply

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue