Record Number of Merchants Use End-To-End Encryption to Secure Customer Cardholder Data
As 5,100 merchants deploy Heartland Payment Systems’® terminal security solution, the company prepares to launch first-of-its-kind tamper-resistant, end-to-end encryption wedge
PRINCETON, NJ — September 28, 2010 — Since its launch on May 24th at the National Restaurant Association Hotel-Motel Show in Chicago, 5,100 small and mid-sized business owners across the country have purchased and deployed Heartland Payment Systems’ (NYSE: HPY) E3™ terminal to protect their businesses and their consumers.
This milestone marks the largest number of merchants in the United States actively using truly effective end-to-end encryption technology to secure their transactions. Truly effective end-to-end encryption occurs when the analog data on the magnetic stripe never enters the acquiring payments system in clear-text digital form. Designed to protect cardholder credit and debit card data and render it useless to cyber criminals, E3 safeguards card account information from the moment of card swipe and through the processing network — not just at certain points during the transaction flow.
“The widespread adoption of E3 by business owners in just the first few months demonstrates a great deal of interest from the merchant community in protecting cardholder data and lowering the risk of PCI DSS (Payment Card Industry Data Security Standard) fines and fees,” said Bob Carr, Heartland’s chairman and chief executive officer. “E3 offers the highest degree of security available — without charging extra monthly or transaction ’junk fees’ — making the highest level of security in the marketplace available to all businesses large and small. We are thrilled to prove many pundits wrong in their assertion that large numbers of small and mid-sized merchants would not spend money to enhance their security.”
In October, Heartland will launch its new E3 magnetic stripe reader (MSR) wedge for PC-based payment applications. The E3 wedge is designed to protect cardholder data at the point of swipe before the data reaches potentially vulnerable PC-based applications. It is the first MSR in the industry that encrypts sensitive cardholder data in a tamper-resistant security module (TRSM) — similar to that of a debit PIN encrypting device. The wedge employs state-of-the-art Advanced Encryption Standard (AES), Identity-Based Encryption and physical protections compliant with the PCI PIN Transaction Security (PTS) 3.0 standards. Like the E3 terminal, the wedge manages its own unique keys. It plugs into a USB port to communicate with point-of-sale (POS) systems and can be attached to the side of a monitor or a merchant’s countertop. The E3 MSR components can also be embedded into an integrated PC-based POS system.
Heartland developed the wedge to offer a variety of security options to merchants, as well as address the rising number of data breaches in the hospitality industry, specifically at restaurants and hotels. According to the 2010 Verizon Business Data Breach Investigations Report, the hospitality industry accounts for 23 percent of investigated breaches and just over a third of all breaches — a 17 percent increase from Verizon’s 2009 report. The use of PC-based POS and property management systems for the processing of payments — including shared systems among chains and wireless networks — plus the high volume of card transactions and retention of card data for reservations makes the hospitality industry especially vulnerable to security breaches.
”While hospitality is a prime target for cybercriminals, no business can rest easy thinking it won’t be the victim of a data breach,” noted Steve Elefant, chief information officer at Heartland. “All business owners and operators need to improve their efforts to protect cardholder data and reduce the risk their organizations and customers face. The E3 terminal and wedge empower them to do just that.”
E3 is easy and cost-effective to implement. There are no changes to a merchant’s daily routine or the speed of transactions — and no large equipment investment. Merchants purchase an E3 terminal or wedge at — or below — the prices of standard, less-secure processing equipment on the market today. Additionally, merchants are protected by Heartland’s “E3 End-to-End Encryption Warranty” which — in the unlikely event of a data breach using E3 — will reimburse a merchant’s breach-related fines.
For more information on the E3 solution and access to Heartland’s payments security blog — “The E3 Blog” — visit E3secure.com.
About Heartland Payment Systems
Heartland Payment Systems (NYSE: HPY), the fifth largest payments processor in the United States, delivers credit/debit/prepaid card processing, gift marketing and loyalty programs, payroll, check management and related business solutions to more than 250,000 business locations nationwide. A FORTUNE 1000 company. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. The company is also a leader in the development of end-to-end encryption technology designed to protect cardholder data, rendering it useless to cybercriminals. For more information, please visit HeartlandPaymentSystems.com, MerchantBillOfRights.org, CostOfABurger.com and E3secure.com.
Contacts
Forward-Looking Statements
This press release may contain statements of a forward-looking nature, which represent our management's beliefs and assumptions concerning future events. Forward-looking statements involve risks, uncertainties and assumptions and are based on information currently available to us. Actual results may differ materially from those expressed in the forward-looking statements due to many factors. Information concerning these factors is contained in the Company's Securities and Exchange Commission filings, including but not limited to, the Company's annual report on Form 10-K, or Form 10-Q as applicable. We undertake no obligation to update any forward-looking statements to reflect events or circumstances that may arise after the date of this release.