Steve Elefant is the new GoPago Chief Strategy Officer. Bringing with him over 25 years’ in the industry, most recently with Google Payments as a consultant and Heartland as CIO, Elefant intends to lead GoPago growth in new channels and further develop its “GoPago LIVE” all-in-one cloud POS. As a Senior Strategic Consultant at Google,…
Heartland Payment Systems launched its “Mobuyle”(pronounced MO-buy-uhl) comprehensive mobile solution that enables merchants to accept credit, debit and gift card payments through their smartphones or mobile devices. The “Mobuyle” solution is the first mobile application fully designed and developed by a major payments processor, providing business owners the most comprehensive processing capabilities of any mobile payment application currently on the market. It is designed for brick and mortar businesses looking for off-premise processing capabilities or on-site flexibility, including as a POS payment terminal to dispel long checkout lines, and features electronic signature capture, GPS location capture, merchandise picture storage, and voice authorization capabilities, and enables merchants to accept card payments even if they are out of range for cellular coverage or WiFi access with Store and Forward (SAF) functionality.
IDG’s “Computerworld” selected Heartland Payment Systems one of the 2011 Best Places to Work in Information Technology (IT), ranking it No. 30 of 100 top organizations that challenge their IT staffs while providing great compensation and benefits, including continuing education programs designed specifically for Heartland employees. In addition to a corporate award submission, the nomination process also included a random, confidential survey of Heartland’s IT organization. Since 1994, Computerworld’s annual “Best Places to Work in IT” feature has ranked the top 100 work environments for technology professionals, based on a comprehensive questionnaire regarding company offerings in categories such as benefits, diversity, career development, training and retention.
Steve Elefant, chief information officer at Heartland Payment Systems, has been elected to the 2011-2013 PCI Security Standards Council Board of Advisors to join its 21 current members. He will help determine strategic and technical guidance as the Council continually develops security standards and seeks to raise awareness and compliance with its guidance. He is well received as an industry leader in payment card security, having pioneered Heartland’s ” E3″ end-to-end encryption technology to encrypt sensitive data from the moment of card swipe to and through Heartland’s network. Elefant was also recently named one of ComputerWorld’s Premier 100 IT Leaders for 2011 and is also involved with various other groups and coalitions, including the US Secret Service Electronic Crimes Task Force, the Federal Bureau of Investigation’s Infragard Electronic Crimes Task Force, the Payments Processor Information Sharing Council (PPISC) and the Secure Remote Payment Council (SRPC).
Heartland Payment Systems has partnered with Acculynk to provide “PaySecure” Internet PIN debit solution to its Internet merchants. The software-only service lets customers use his/her debit card and bank-issued PIN to pay for online purchases. Available to existing and prospective Heartland merchants by 2Q/11, the service uses its graphical PIN-pad for the secure entry of a consumer’s PIN. Transactions are processed using a merchant’s existing payment processor connections.
Made commercially in November, Coalfire Systems PCI Qualified Security Assessors validated Heartland Payment Systems’ “E3” end-to-end encryption magnetic stripe reader wedge eliminates the scope of the Payment Application Data Security Standard (PA-DSS) for POS developers. The “E3” reader prevents plaintext data from being available to the payment application, removing the payment application from PA-DSS scope and encrypts sensitive cardholder data in a tamper-resistant security module to offer a variety of security options to merchants using computer-based POS systems. To fully eliminate PA-DSS scope, Coalfire specifies provisions including that no encrypted data can be stored locally; no other payment systems can be supported; and that merchants cannot possess or have access to decryption keys in their retail or corporate environments. Coalfire also determined the “E3” wedge solution can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants; its use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength and meets industry standards and VISA best practice guidance; and its use of Identity-Based Encryption key management processes removes most of the challenges of key management for the merchant that have been found in many other end point encryption solutions.
Heartland Payment Systemsâ “E3” end-to-end encryption terminal is now showing it can reduce the scope of PCI compliance by 79% for merchants. This according to Coalfire also shows “E3” can minimize the resulting costs of PCI compliance assessment and validation, also by up to 69% over an IP connection. Designed to provide the highest degree of payment card data security available, E3 technology meets the PCI Security Standards Council (SSC) guidance for point-to-point encryption (P2PE) to protect cardholder data through the Heartland network. Coalfire also determined E3 meets all Visa Data Field Encryption guidelines; its use of Format Preserving Encryption (FPE) meets encryption best practices and standards for cryptographic algorithms and key strength; and the use of Identity-Based Encryption (IBE) key management processes removes most of the challenges of key management for the merchant that have been found in many other encryption solutions.
Since introduction, 5,100 business owners across the country have purchased and deployed the Heartland “E3” terminal. Protecting their users with end-to-end encryption, this marks the largest number of merchants in the United States actively using this technology to secure their transactions. The “E3” terminal protects users by ensuring analog data on the magnetic stripe never enters the acquiring payments system in clear-text digital form. It safeguards card account information from the moment of card swipe and through the processing network to protect cardholder data, making it useless to cyber criminals. In response, Heartland is set to further its footprint with the launch of its “E3” magnetic stripe reader (MSR) wedge for PC-based payment applications. Designed to protect cardholder data at the point of swipe before the data reaches potentially vulnerable PC-based applications, the ‘wedge’ encrypts sensitive cardholder data in a tamper-resistant security module (TRSM) with state-of-the-art Advanced Encryption Standard (AES), Identity-Based Encryption and physical protections compliant with the PCI PIN Transaction Security (PTS) 3.0 standards.
Heartland Payment Systems has confirmed with the United States Secret Service it is not a target in the investigation of data theft at one Austin, Texas-area restaurant. Data breaches at merchant locations are occurring with increasing frequency, for which iHeartland has been vigilant in educating business owners and the payments industry about the importance of credit and debit card security â as well as rolling out its end-to-end encryption technology (E3â¢) that protects cardholder data. Heartland officials will continue to work closely with the business owner to help identify the source of the intrusion and help the merchant undertake remediation efforts.
Heartland Payment Systems payments processor has installed its “E3” terminals at 1,020 merchants since commercially launching the industry-leading end-to-end encryption technology on May 24. The “E3” technology is designed to protect cardholder credit and debit card data, implementing layers of security, employing both tamper-resistant hardware and AES (Advanced Encryption Standard) encryption, the most secure encryption algorithm available. E3 encrypts all Track 1 and 2 data read from the cardâs magnetic stripe or manually entered so merchants never have access to sensitive card data and never risk storing card numbers or transmitting them through their systems or networks. E3 also securely automates the process of changing the encryption keys that convert sensitive account information to encrypted data. With no changes to a merchantâs daily routine or the speed of transactions, “E3” terminals include EMV/chip card technology capabilities â which may be coming to the United States.
Several of the electronic payments system manufacturers working with Heartland Payment Systems payments processors are integrating Heartlandâs “E3” protocol end-to-end encryption solution. Leveraging Voltage “SecureData” encryption and key management technology, “E3” end-to-end encryption is considered the most effective security method available for protecting cardholder data on POS devices and other card payments platforms. Its encryption methods available to safeguard cardholder data at rest and in motion throughout the lifecycle of payments transactions through the payment processorâs network, making payment data useless in the event of a compromise. E3 features a tamper-resistant POS terminal, magnetic stripe reader/wedge and other devices and software tools that protect cardholder data and never store it on a businessâ system, relieving the business of PCI card data liability. Heartland currently provides Uniform Industrial Corporation (UIC), Hypercom, ExaDigm, and others with the “E3” protocol specification.
Information system provider Thales has partnered with data protection provider Voltage
Security centered around delivering End-to-End Encryption and key management solutions.
The Thales and Voltage technology integration allows customers to apply
hardened data protection measures at virtually any point along the data
path to help achieve the goal of end-to-end protection. By helping to
reduce the time and complexity of deploying data protection and by
significantly limiting the scope of security audits, the burden of
demonstrating regulatory and internal compliance is dramatically
reduced. The technology integration builds on “Voltage SecureData” to
protect data without having to make expensive changes to the point of
sales (POS) infrastructure, database and business applications. The
encryption and key management process is protected by Thales nShield
Connect hardware security modules â part of the nCipher product line –
to ensure the security and integrity of the overall solution. Beyond
initial deployment, Voltage and Thales encryption and key management
solutions further simplify the ongoing management and operation for