Encryption scrambles cardholder data so it cannot be read. End-to-end encryption protects credit and debit card data from the moment of card swipe or key entry — and through the processor’s network — not just at certain points of the transaction flow — rendering it useless in the event of a compromise.

Not all encryption is end-to-end. Some solutions only encrypt the data between each zone when the data is in transit, leaving the information at this point in the clear. This is more accurately described as point-to-point encryption. With point-to-point, plain-text data is vulnerable and accessible at certain times. This creates the type of vulnerabilities that sophisticated criminals actively seek out.

It is important to make card data indiscernible as it enters the payment cycle so if the firewalls are too weak, the enemy gains nothing of commercial value.

Why End-to-End Encryption?

While Chip & PIN and tokenization provide more security than the standard card processing system, Heartland Payment Systems believes that the best way to make cardholder data inaccessible is through end-to-end encryption.

• End-to-end encryption is intended to protect cardholders, merchants and processors from the moment of card swipe or key entry — and through the Heartland network — not just at certain points of the transaction flow.Chip & PIN, in addition to other technologies that authenticate the card, do not protect the data after the card is authenticated. This leaves payment account data vulnerable to thieves who can use the data for fraudulent activity that does not require a card to be present.
• Only encryption technologies employing both hardware and software protections secure data in flight and data stored on subsystems. Tokenization, for example, is meant to prevent the theft of data in storage, but sensitive transaction data remains vulnerable at the point of sale and during transmission for authorization processing.
• Point-to-point encryption shifts the vulnerabilities to the weakest link. Many encryption solutions termed “end-to-end” only protect the data between each zone, leaving the information at that point in the clear. True end-to-end encryption provides a robust approach to security, approaching the system as a chain of potential vulnerabilities that must be addressed as a whole. End-to-end is designed to provide a single solution for systemically protecting cardholder data as well as assisting merchants and POS application providers with PCI DSS compliance.

Close

With E3, encryption begins the moment of card swipe or key entry — and through the Heartland network. This includes four zones of the card processing ecosystem:

1. From data entry/card read at a business location to the payments processor’s authorized network;
2. From entry to that network and throughout the entire processor/sub-contractor network where data is in motion;
3. While the data resides in a central processing unit (CPU) or a host security module (HSM). An HSM is a specialized server that locks down information;
4. In storage where data is at rest.

Any encryption solution that does not start at the card swipe or key entry and include all of these four zones is not end-to-end; it is “point-to-point.” Point-to-point solutions protect data at certain points in the lifecycle of a transaction flow — and expose them at others.

Close