Friday , November 8, 2024

Heartland Preps for Its Big End-to-End Encryption Rollout

Merchant acquirer Heartland Payment Systems Inc.'s sales force will begin selling the company's new end-to-end encryption system in the second quarter following testing that began last June, the company says. Heartland also says several terminal manufacturers are integrating the technological protocols of its system, which was developed by Voltage Security Inc., into their own hardware. Heartland already was working on enhancing security but greatly accelerated the effort after announcing a major breach of its processing system for small and medium-sized merchants in early 2009, a breach a federal prosecutor later said compromised 130 million debit and credit cards. The computer hacker who led the attack, Albert Gonzalez of Miami, was sentenced to 20 years in prison March 25 for his role in the TJX Cos. and some other data breaches, and was scheduled to be sentenced March 26 for the Heartland breach. With its new system, dubbed E3, Princeton, N.J.-based Heartland hopes to render any payment card account numbers hackers may steal in the future unreadable and thus useless for perpetrating card fraud. Chief information officer Steve Elefant tells Digital Transactions News that “dozens of merchants” have been processing transactions on the system since testing began nine months ago. There have been no glitches, according to Elefant. “It's been running extremely smoothly,” he says, adding that the only thing preventing Heartland from commencing a full rollout earlier has been a worldwide shortage of computer chips. E3 consists of point-of-sale hardware, including terminals and a small, USB card reader, or “wedge,” in addition to the encryption software developed by Palo Alto, Calif.-based Voltage Security. Elefant would not release details, ahead of the unspecified rollout date, of how Heartland will market the system other than to say Heartland's 1,800 sales representatives will be offering it. “We'll have a lot more to say as it gets closer,” he says. Pricing, however, will be a big part of Heartland's pitch. “We're being very aggressive on the pricing of these [terminals],” Elefant says. “These are well below existing terminals that are on the market today.” Heartland will have a “six months same as cash” promotion in which merchants won't have to make payments for their equipment. The company also will be offering trade-in deals on merchants' existing equipment if they take E3 hardware. Heartland says it won't be charging the recurring fees or other expenses other companies have or are planning for upgraded security. “We don't' feel merchants should have to pay more to feel secure,” says Elefant. According to Elefant, the E3 terminals have slots that would enable them to read so-called EMV chip cards should the U.S. adopt the EMV microprocessor-based payment system now in use in many countries and coming to Canada. “Merchants don't want to pay to upgrade very often, we're trying to help them future-proof,” he says. In a news release Thursday, Heartland identified three terminal makers that are integrating E3 protocols into their own equipment: Taiwan-based Uniform Industrial Corp. (UIC) and U.S.-based Hypercom Corp. and ExaDigm Inc. Essentially, those manufacturers are embedding licensed Voltage Security encryption libraries in their hardware, according to Elefant. Heartland's release said it has provided the E3 protocols to those companies “and others,” but didn't identify them. Two major POS terminal companies that aren't using the system are Ingenico SA, which is using different technology, and VeriFone Holdings Inc., which markets the VeriShield Protect system based on encryption technology from Semtek Corp. VeriFone last September sued Heartland for allegedly infringing on an end-to-end encryption patent it holds and later said it would stop supporting Heartland merchants' VeriFone terminals unless they registered with VeriFone. The dispute now involves four lawsuits, with Heartland maintaining that VeriFone is angry that it's not using VeriFone to develop the E3 line. Heartland's manufacturer is UIC and its Chinese subcontractor, IKON. Although there have been reports that the two sides are talking (Digital Transactions News, Nov. 11, 2009), a Heartland spokesperson says she can't comment about the issue.

Check Also

COMMENTARY: It’s Time to Stiffen Defenses Against Payment Fraud

Recent headlines prove that payment fraud continues to pose an ever-growing threat to businesses of all sizes. …

Digital Transactions