The E3 Blog

Reducing Risk, Costs and PCI Scope

by Steven M. Elefant | Monday, November 22nd, 2010

Business owners know safeguarding payment card data and complying with PCI standards are crucial for their businesses. Yet, the complexities can be financially and operationally taxing for merchants of all sizes.

Coalfire's E3 Terminal Technical Assessment Whitepaper

Coalfire's E3 Terminal Technical Assessment Whitepaper

Coalfire Systems, a Payment Card Industry (PCI) Qualified Security Assessor (QSA), conducted an independent security assessment of Heartland’s E3™ terminal, and found that E3 can actually simplify data security. The findings of Coalfire’s E3 terminal technical assessment — which included technical testing, architectural assessment, industry analysis, compliance validation and peer review — are detailed in its whitepaper that was released today. Coalfire found E3 can:

  • Significantly mitigate the risk of data compromise and is one of the most effective data security controls available to merchants today
  • Reduce PCI scope by up to 79 percent
  • Minimize the costs of PCI compliance assessment and validation

Coalfire also determined:

  • E3 meets all Visa Data Field Encryption guidelines as well as other industry standards.
  • E3’s use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength, and meets industry standards and VISA best practice guidance.
  • The use of Identity-Based Encryption (IBE) key management processes removes most of the challenges of key management for the merchant that have been found in many other encryption solutions. 

We will review the results of the assessment in a webinar with Rick Dakin, president and co-founder of Coalfire, on Tuesday, November 30 at 1PM EST. To register and download the whitepaper, visit E3secure.com/Coalfire.  I hope you’ll join us!

2 Comments

  1. Tom Jones says:

    If a reseller decided to implement your E3 wedge for credit card processing, would the reseller automatically become PCI compliant? If the data is automatically encrypted by your device, and is sent to your server via an XML SOAP request over HTTPS, and there’s no way to decrypt the data, then what is left for the reselling merchant to prove PCI compliancy for?

    Thanks.

    February 17, 2011 at 10:15 am
  2. Larry says:

    Tom,

    By using the E3 wedge, the POS is no longer in the scope of PA-DSS validation, and although the merchant’s PCI-DSS scope is greatly reduced, some PCI-DSS requirements still need to be addressed. According to Coalfire, “PCI compliance will always apply to a merchant if they capture, process or store credit card data anywhere in their physical environment.” Please reference page 10 of Coalfire’s whitepaper on the wedge for the PCI requirement breakdown with E3.

    Also, although some PCI requirements remain with E3, all E3-users are protected by Heartland’s E3 warranty that states in the unlikely event of a data breach while using E3, Heartland will reimburse a merchant’s breach-related fines.

    Please let us know if you have further questions,

    Larry

    February 18, 2011 at 11:30 am

Leave a Reply

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue