VeriFone Aligns with Visa Best Practices for End-to-End Encryption

VeriFone Holdings, Inc., announced that its VeriShield Protect card payment data protection solution is in compliance with Visa's best practices for data field encryption, also known as end-to-end encryption, that were published on October 5.

Visa's announcement reflects growing momentum for implementation of end-to-end encryption as a key payments security layer that can render any intercepted data useless.

These data encryption best practices provide merchants and acquirers with a scorecard for evaluating proposed end-to-end solutions. Three critical questions they should ask security vendors are:

1. Does your key management technique protect against public key substitution?
2. Do you protect keys utilizing industry-approved hardware security modules?
3. Do you mutually authenticate the payment device to prevent man-in—the middle attacks?

VeriShield Protect utilizes a unique format preserving encryption that achieves the goals of Visa's best practices and requires no changes to most POS software and retail systems, or store procedures.

The VeriShield Protect solution is installed into the security module of VeriFone card-acceptance devices to encrypt cardholder data as soon as the card is presented; encrypted data is transmitted to a Decryption Appliance installed at a secure data center to ensure no unencrypted data can be intercepted.