Widespread theft of online data is driving businesses to seek out alternatives to passwords and usernames for sensitive information, a demand that led point-of-sale device provider MagTek Inc. to develop technology that helps lock up data while taking the company into a new and broader market, which includes medical data, human-resources and legal documents, and financial information.
The Seal Beach, Calif.-based company on Monday said its Qwantum Private Messaging, which allows businesses and professional firms to encrypt messages and for recipients to receive and decrypt them, acquired its first clients. Senders swipe a metal card through a MagTek reader modified for the service to create the message, while recipients follow the same method to decrypt it. Recipients can also use an access token to read the message. The service, launched commercially in March, stores no data, while encryption keys are unique to each transaction. Client names were not announced.
MagTek was led to launch the service as it searched for new markets beyond payment devices. Protection of sensitive data that must be shared between firms “is a very large market,” says Mimi Hart, MagTek’s chairman. “Privacy hit us between the eyes.” At the same time, breaches in MagTek’s core market played a role, Hart says. “Look at all the breaches in payments,” she says. “It’s likely we’ll see breaches in documents. We have the technology to fix this.”
The pandemic and its impact on work habits was yet another motivating factor, the company says. “We began developing the … service during Covid because we saw the need to protect almost any type of private information, not just payment card information,” says Andy Deignan, vice president for global marketing and strategy at MagTek, in a message sent through the service. “With so many people working remotely and business/personal data being shared so freely, we set out to integrate our services and expertise to address privacy needs in the post-Covid world.”
The card-swipe devices are an existing MagTek design modified with firmware for the new service, while the specially created cards lie at the center of the enterprise, Hart says, as they generate a unique token with each transaction. “That’s the secret sauce—the card, not the reader,” she says. Fake cards or ones that have been altered in some way will not work, MagTek adds.
Some observers say MagTek may have an uphill climb with private messaging, given the experience of prior efforts by other players. “We have had hardware-based email encryption services back to the 1990s (and I worked on many of them), and these were limited by hardware distribution, integration with device-operating systems, and complaints from users about simple usability,” says Joseph Krull, senior analyst for cybersecurity at Aite Group, a Boston-based consultancy. “The path to hardware-based secure messaging is paved with hundreds of tokens, cards, readers, and broken dreams.”
Hart will not say how many cards and readers for Qwantum Private Messaging have been shipped so far. The service charges a $1,000 annual fee plus a one-time initiation fee of $300. A welcome kit including a card and a reader arrives when businesses sign up.
The unique spelling of “Qwantum” in the name of the service, Hart adds, extends a naming convention MagTek has followed for years, with products like Qwik Cards and Qwik Order.