The Highest Standards | The Most Trusted Transactions

• Your Industry
  • Restaurant Solutions
  • Lodging Solutions
  • Campus Solutions
  • Food Service Solutions
  • Healthcare Solutions
  • Laundry Solutions
  • Neighborhood Markets Solutions
  • Nonprofit Organization Solutions
  • Parking Solutions
  • Petroleum & Convenience Store Solutions
  • Pharmacy Solutions
  • Professional Services Solutions
  • Property Management Solutions
  • Retail Solutions
  • Utility Solutions
  • Vending Solutions
  • Veterinary Solutions
  • School Solutions
  • Don't see your industry?
  • View All
• Products and Services
  • E3
  • Card Processing
  • Mobile Payments
  • Payroll Services
  • Check Management
  • Gift Marketing
  • Online Payments
  • Heartland’s Give Something Back Network OneCard
  • MicroPayments
  • Lending Services
  • Equipment
  • View All
• Our Company
  • Our Technology
  • Executive Team
  • The Merchant Bill of Rights
  • Locations
  • News & Media
• Business Partners
• Investor Relations
• Resources
• Careers

You Are Here:

• Home
• › Resources
• › Learning Center
• › Article

You know safeguarding your customers’ cardholder data is critically important. Data breaches are happening at an alarming rate as hackers become increasingly sophisticated in their attacks, constantly finding new and different ways to penetrate electronic systems.

With so much buzz about breaches, payment card security and competing solutions, it can be difficult to make heads or tails of the information overload. But when it all boils down, there are three fundamental principles you need to know about securing cardholder data. Read on for simple explanations to a complex subject matter.

1. PCI Compliance Alone Is Not Enough To Prevent Intrusions

If you accept credit and debit cards at your business, you are subject to the standards of the Payment Card Industry (PCI) Council. These Data Security Standards (DSS) regulate how sensitive data is stored, processed and transmitted. Adhering to the Payment Card Industry-Data Security Standard (PCI DSS) is important in that it ensures you have certain security safeguards in place. But, as recent data breaches suggest, being PCI DSS-compliant does not necessarily protect you from criminal intrusion. The good news: there are new technologies on the market that can help secure your business.

2. True End-to-End Encryption Offers The Highest Degree of Protection

The most comprehensive technology available today is end-to-end encryption. True end-to-end encryption safeguards cardholder data from the moment a card is swiped or hand-keyed, to and through a processor’s network. This includes four zones of the card processing ecosystem:

1. From data entry/card read at your business to the payments processor’s authorized network;
2. From entry to that network and throughout the entire processor/sub-contractor network where data is in motion;
3. While the data resides in a central processing unit (CPU) or a host security module (HSM). An HSM is a specialized server that locks down information;
4. In storage where data is at rest.

By scrambling cardholder data as it enters the payment cycle, it cannot be deciphered and is useless in the event of a compromise. Any encryption solution that does not start at the moment of card swipe or key entry and include all of these four zones is not end-to-end; it is “point-to-point.” Point-to-point encryption only encrypts data in transit between zones, leaving plain-text data stored in each zone — and your business — vulnerable.

3. Enhanced Security Doesn’t Have To Mean Higher Costs

Some payments processors and data security providers are eager to capitalize on your need for payment card security to boost their own bottom lines — at your expense. Many of them charge unnecessary fees to use their security solutions. Beware of added transaction fees, monthly encryption fees, key management fees, activation fees and insurance fees that don’t bring you any added value. Know what you’re paying — and to whom — to ensure you’re not absorbing any security “junk” fees — or any other “junk” fees for that matter.

A great resource for more information on payment card security and end-to-end encryption is E3secure.com. By learning about the different technologies available today and evaluating each for the best value and protection, you can determine the best security solution for your business.

About Heartland Payment Systems
Heartland Payment Systems (NYSE: HPY), the fifth largest payments processor in the United States, delivers credit/debit/prepaid card processing, gift marketing and loyalty programs, payroll, check management and related business solutions to more than 250,000 business locations nationwide.  A FORTUNE 1000 company. Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices.  The company is also a leader in the development of end-to-end encryption technology designed to protect cardholder data, rendering it useless to cybercriminals.  For more information, please visit HeartlandPaymentSystems.com, MerchantBillOfRights.org, CostOfABurger.com and E3secure.com.

This article represents the opinion of its author and is provided for informational purposes only. It is not intended to and does not constitute legal advice and should not be viewed or acted on as such. Please retain your own legal counsel and seek your own legal advice on any legal questions, issues or concerns. The information contained herein does not represent the legal opinion of Heartland Payment Systems, Inc. (“Heartland”), its officers, directors, employees or shareholders. Heartland does not represent or warrant that the information contained herein is accurate, all-inclusive or complete.

Shortcuts to Your Account

Click for a drop-down menu and select the account you'd like to access.

Customer Service

888.963.3600