End-to-end encryption technology is intended to start the moment a card is swiped at an E3 terminal. Heartland’s E3 terminal is being constructed with a new tamper-resistant security module (TRSM). The TRSM unit itself is being designed with built-in safeguards that render it inoperable if tampered with. The objective is the cardholder data is fully encrypted – not visible in clear text – as the electronic digits leave the card’s magnetic stripe, never allowing the terminal to record the data.
Typically, cardholder and payment account data are not encrypted as it leaves a merchant’s terminal and remains un- encrypted until it is either tokenized in a gateway or at rest in the processing platform’s data warehouse. This means data in transit is at risk of being compromised should it get into the hands of cyber criminals or hackers using network or memory sniffer malware.
The goal behind the E3 terminal is that the confidential information criminals seek will never be available outside of the tamper resistant security module. Each E3 terminal is designed to manage its own unique keys. These keys feed the encryption algorithms that encode cardholder information into a random string of numbers. Unlike standard terminals on the market today, new keys will be automatically generated every time a batch of transactions is completed. There is no standardized formula for deciphering the keys, making it virtually impossible to discover the secret encryption keys.
Heartland is partnering with Voltage Security, a global leader in information encryption, to develop the E3 software component. Under this application, the card numbers will be encrypted before they travel anywhere. The first six and last four digits of the card number will be available to aid the merchant in identifying the account for further transactions such as returns and refunds — but not enough for a fraudster to use the card if the data is stolen.
Heartland's E3 solution is intended to encrypt the entire track data utilizing AES encryption before the data leaves the E3 terminal. AES (Advanced Encryption Standard) is considered to be the most secure encryption algorithm available and is slated to replace current standards for encryption — DES (Data Encryption Standard) and Triple DES — as the desired standard for sensitive data. In fact, by 2010, the United States government will be using AES technology exclusively.
After the data is encrypted, the objective is that it remains encrypted throughout the transaction lifecycle … to and through Heartland’s processing network … and to the card brands and debit gateways. Even when the card brands send back authorizations to the merchant, the data will be secured. E3 is designed to utilize post-processing tokenization technology to secure card information, making chargebacks and returns painless and secure. As planned, the data will never be in clear text at any point throughout the transaction lifecycle.
Download this white paper for an in-depth look at the complete security solution. This paper addresses how information is handled in each zone, innovative key management, and includes important questions to ask of other security solutions.
Download now