Voltage Security expands availability of end-to-end data encryption

Cupertino, Calif. -- Voltage Security announced a new product integration with device manufacturer Uniform Industrial Corp. (UIC) that provides end-to-end data encryption for the retail payments industry, a key technology in light of the recent data breaches. (Chain Store Age will host a Webinar on data security sponsored by Voltage Security, “Lessons Learned: What to Do NOW to Protect Stores Against Data Breaches,” on May 13. Register here.)



The new integration expands upon a previous partnership with Heartland Payment Systems in which UIC and Voltage provided end-to-end encryption for Heartland’s E3 security solutions, delivering reliable, secure terminal-based communications with billions of transactions on hundreds of thousands of merchant locations across global deployments, Voltage said. Now that type of solution is available for a broader range of payment processors.



“Malware in the retail IT systems, especially the traditional POS, has resulted in major costly breaches world-wide,” explained Mark Bower, VP product management, Voltage Security. “We take our role as a technology partner very seriously and we are dedicated to developing solutions that provide the highest level of protection against data loss or breach, as well as enabling PCI compliance cost scope reduction, all at significantly lower implementation and management costs.”



Voltage said that (UIC) now supports Voltage Format-Preserving Encryption (FPE), part of Voltage SecureData Payments with Voltage Identity-Based Encryption (IBE), providing merchants with P2PE (point-to-point encryption), otherwise known as end-to-end encryption, from a payment reading device to a trusted processing host.



UIC is now offering Voltage SecureData Payments with Voltage Format-Preserving Encryption to users of its devices of the MSR215E and MSR215T secure MSR readers, and PP790SE and PP795SE All-in-one PIN Pads, as well as the TS890 and TS900 payment terminals.



From authorization and settlement, through business processes such as charge-backs, loyalty or repeat payments, merchants and processors must be able to reliably protect credit card data at rest and in transit, and, at the same time, reduce PCI scope as much as possible, without impacting business workflows or customer facing business processes.



“Our partnership with UIC is another example of how widely available Voltage end-to-end encryption is across the payments industry. Businesses have the option to implement Voltage SecureData Payments on a wide variety of payments devices and perform decryption within their own data environments or with a Voltage platform partner, and Voltage works with six of the top eight U.S. payment processors,” said Bower.



By strongly encrypting cardholder data at the read head, using tamper-resistant and tamper-evident payment devices, any malware installed on the intermediate POS systems would only have access to the ciphertext, while the keys necessary to decrypt it stay safely inside the most secure PCI environments at the decryption endpoint. The cipher text, using Voltage Format-Preserving Encryption (FPE), can be used by those POS systems, just as the original plaintext was; but, it is useless to any attackers.