End-to-End Encryption

Encryption encodes cardholder data so it cannot be read. End-to-end encryption is designed to safeguard the information from the moment a card is swiped at a point-of-sale system … to and through the payment processor’s network … and to the card brands – rendering it useless in the event of a compromise.

Not all encryption is end-to-end. Some solutions only encrypt the data between each zone when the data is in transit, leaving the information at this point in the clear. This is more accurately described as point-to-point encryption. With point-to-point, plain-text data is vulnerable and accessible at certain times in the transaction’s life. This creates the type of vulnerabilities that sophisticated criminals actively seek out.

Full end-to-end encryption would protect data at every point throughout a transaction. Cardholder account numbers and related data would never be in the clear. They are designed to be unreadable and therefore, unusable if stolen. Heartland’s E3 model is intended to impose high walls of data protection. In the eventuality that someday those walls might be scaled, E3 is designed so thieves will find little or nothing of value, making their efforts profitless.

End-to-End Diagram

Why End-to-End Encryption?
While Chip & PIN and tokenization do provide more security than the standard card processing system, Heartland Payment System believes that the best way to make card holder data inaccessible at any and all points in the process is through end-to-end encryption.

  • End-to-end encryption is intended to protect cardholders, merchants, and processors throughout the payment processing lifecycle.
    Chip & PIN, in addition to other technologies that authenticate the card, do not protect the data after the card is authenticated. This leaves payment account data vulnerable to thieves that can use the data for fraudulent activity that does not require a card to be present.
  • Only encryption technologies employing both hardware and software protections secure data in flight and data stored on subsystems.
    Tokenization, for example, is meant to prevent the theft of data in storage, but sensitive transaction data remains vulnerable at the POS and during transmission for authorization processing. On the back-end, tokenization requires management of a concentrated amount of sensitive data indexed to the token and possibly includes a transaction ID. These types of data stores can be secured, but they make tantalizing targets for motivated criminals. End-to-end encryption is designed to avoid the vulnerable data storage problem by not developing large back-end databases.
  • Point-to-point encryption shifts the vulnerabilities to the weakest link. Many encryption solutions termed “end-to-end” only protect the data between each zone, leaving the information at that point in the clear.
    It is believed that only end-to-end encryption provides a robust approach to security, approaching the system as a chain of potential vulnerabilities that must be addressed as a whole. End-to-end is designed to provide a single solution for systemically protecting cardholder data as well as assisting merchants and POS application providers with PCI DSS compliance.
In this Section

You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue