Merchant Warehouse, a provider of merchant accounts and credit card processing solutions for small- and mid-sized businesses, unveils a solution that will greatly reduce the possibility of cardholder data loss in the event of a network security breach. The new product, MerchantWARE, also makes complying with the payment card industry data security standards (PCI DSS) much simpler and more affordable.
As part of the regulations, PCI DSS mandates that sensitive personal data, including credit card numbers, be encrypted when stored or before being transmitted over public networks. Despite this, savvy thieves can, and have, found ways to steal unencrypted card information while transmitted within the restaurant's internal networks or point-of-sale (POS) hardware - a vulnerability not addressed by the PCI DSS guidelines. An especially susceptible point in the process is when card data is sent from a card reader to the POS or POS to in-store database.
Merchant Warehouse's MerchantWARE solution encrypts the data at the card reader, completely eliminating this threat. With MerchantWARE, merchants never actually store or transmit any unencrypted credit card information. By taking this one simple step, small- and mid-sized merchants will eliminate the sensitive data that five of the 12 most intensive and costly PCI DSS requirements seek to protect.
The MerchantWARE solution contains two core components:
- Hardware - The solution utilizes the latest MagneSafe secure card readers for MagTek to encrypt card data at the "read head" to ensure sensitive data is never exposed. The reader meets all current PCI DSS requirements to ensure cardholder data via 3DES DUKPT encryption.
- Software - To ensure a seamless user experience, the solution includes an integrated version of Merchant Warehouse's MerchantWARE Payment Gateway. The MerchantWARE Payment Gateway enables merchants to process credit cards, debit/EBT cards and manage their account over a secure Internet connection. It also contains extensive reporting features with the capability to re-charge, refund or adjust previously processed cards, all without decrypting sensitive cardholder data.