Digital Transactions Authoritative, insightful and timely information for payments professionals
With 5,100 small and mid-sized businesses already using its E3 end-to-end encryption terminals, Heartland Payment Systems Inc. early next month will roll out its E3 magnetic-stripe reader for PC-based payment applications.
The E3 wedge is a small, mag-stripe-reading wedge that plugs into the USB port of a personal computer or laptop. The wedge, which features the same tamper-resistant security module and AES encryption methods as the E3 terminal, is designed for merchants using PC-based point-of-sale cash register systems—so-called virtual terminals—instead of conventional POS card terminals. Heartland also is working on development of a multifunction device that call centers and multilane retailers can use.
“We’ve had a number of them that have been out there in beta for quite some time, and we’re now getting inventory in,” says Steve Elefant, chief information officer for the Princeton, N.J.-based merchant acquirer. “We have a number of software developers that are integrating with it as well as our own virtual terminal. The interest level seems to be high.”
Heartland provides payment services to more than 250,000 businesses nationwide, including, as of the end of 2009, 173,400 small and mid-sized retailers, restaurants and other businesses, and about 75 large national merchants representing about 54,000 locations, mostly gas stations and convenience stores.
Terminals have been installed at businesses representing 150 different merchant categories, including restaurants, hospitality providers and retail, Elefant says.
The E3 terminals—which Heartland commercially launched May 24—employ tamper-resistant hardware and Advanced Encryption Standard encryption, the most secure encryption algorithm available. E3 encrypts all Track 1 and 2 data from a card’s magnetic stripe from the time the card is swiped or manually entered until the time the transaction reaches the processor. The data are then decrypted and re-encrypted for transfer to the appropriate card network.
Heartland accelerated work on enhancing security after announcing a major breach of its processing system for small and mid-sized merchants in January 2009. A federal prosecutor later said the breach compromised 130 million debit and credit cards, the biggest ever in the card industry (Digital Transactions News, Aug. 18, 2009).
Although it’s good that small merchants are adopting the E3 terminal, “the barrier to adoption is minimal,” says Avivah Litan, a research analyst at Gartner Inc. “These are very easy implementations because they’re already getting the equipment from the processor in a lot of cases,” Litan says.
Heartland, which is marketing the terminals through its sales force, offered trade-in deals on merchants’ existing equipment if they take E3 hardware. Merchants can trade up, rent to own, or purchase the terminals, Elefant says. Terminals start at $300 each but prices can vary depending on how many the merchant buys. “We try to make it very inexpensive and easy to get into it,” he says. Merchants using E3 are protected by a warranty, which will reimburse their breach-related fines in the event of a compromise.
Heartland continues to work with several major card brands to carry encryption all the way through to the card network, Elefant says, without naming the brands. “We have two of the card brands that we have connected securely with but they’re not ready to make any announcement,” he says. “We’re working with others as well.”
Heartland and VeriFone Systems Inc., the largest U.S.-based terminal maker, are embroiled in lawsuits over Heartland’s terminal business. VeriFone first alleged infringement by Heartland on one of its end-to-end encryption patents. Heartland countersued alleging, among other things, trademark infringement and false advertising on the part of VeriFone (Digital Transactions News, Nov. 11, 2009).
