Mercator Advisory Group Publishes End-to-End Encryption Report

"End-to-end encryption's beauty is very much in the beholder's eye. If you're a Tier one merchant in no mood to risk the reputational crisis of a data breach, using E2EE to rid your network of card data is a good move," George Peabody, Director of Mercator Advisory Group's Emerging Technologies Advisory Service and principal analyst on the report.

"E2EE also reduces the scope of PCI compliance audits and remediation costs but the beauty of encryption and card security will likely be lost on millions of Tier 4 merchants. Strong sales incentives and messaging will be required to have them join in the data protection fight."

End to end encryption (E2EE) is a long forestalled rational reaction to data breaches and PCI DSS audit costs.

The advantages to merchants of getting out from under a large set of PCI compliance burdens may make E2EE worthwhile.

Defining the "ends" in E2EE is a key step for every deployment.

The encryption zones under a processor's control - from the merchant's magstripe reader to the interconnection point with card brand or issuer - appear to be a manageable domain where the burdens of key management and new POS gear equal the benefits.

Standards development is in early days. A new working group under ASC X9 has brought together the key stakeholders, some of whom have sharply diverging goals.

Companies and programs mentioned in this report include: Hypercom, VeriFone, Ingenico, MagTek, Magensa, Heartland Payment Systems, Visa, MasterCard, RBS Worldpay, RSA, Prime Factors, Verizon Business, Voltage Security, Semtek, Futurex, SafeNet, Transaction Network Services (TNS), Thales, Atos wordlwide, HP Attala, Banco de Credito e Inversiones, Propay, Fifth Third Bancorp, and EMVCo.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at http://www.mercatoradvisorygroup.com.