Chase Paymentech has announced a joint initiative with VeriFone and Semtek to provide end-to-end encryption technologies for merchants to combat threats to security. The companies said they "will work together to market and distribute VeriFone’s VeriShield Protect solution to the Chase Paymentech base of retail merchants. The end-to-end encryption solution is designed to help merchants reduce the costs to comply with Payment Card Industry (PCI) requirements and associated security risk by protecting card information from the point of swipe to the Chase Paymentech authorization host." READ MORE »

Hypercom and Heartland Payment Systems have announced a strategic relationship to deliver integrated, high-security payment systems to retailers nationwide and implement Heartland’s end-to-end encryption E3™ solution. READ MORE »

Commidea, a card payment processing solution provider in the UK, has announce the launch of Ocius Sentinel - calling it "the UK's first solution to offer both true end-to-end dual encryption and tokenisation. Ocius Sentinel has been fully certified for use by the major UK acquiring banks." READ MORE »

CyberSource has announced the incorporation of automated account updating services into its Enterprise Payment Security 2.0 solutions. According to the company, "customer billing records tokenized in CyberSource's remote secure storage servers can now be automatically updated with new account information (such as bank card expiration data or replacement card number) via the CyberSource Account Updater Service." READ MORE »

Visa has announced new global industry best practices for data field encryption, also known as end-to-end encryption. According to Visa, "the best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects card information from the swipe to the acquirer processor with no need for the merchant to process or transmit card data in the "clear."" The best practices document is available for download. READ MORE »

VeriFone Holdings has announced that it has signed an agreement to become the lead investor in a Series B financing of Semtek Corporation - saying it "has doubled its investment in the security technology developer and acquired an option at a future date to purchase the remaining shares in Semtek." READ MORE »

Voltage Security, has announced it has extended Voltage SecureData™ by adding tokenization and data masking capabilities to the existing encryption functionality - enabling the end-to-end protection of data, such as credit card numbers, in applications and databases. Voltage SecureData says these additions provide "the most comprehensive end-to-end data protection solution available, giving customers the widest choice of protection options to simplify implementation, reduce PCI audit scope and lower costs." READ MORE »

First Data and RSA have announced they are teaming up to provide a new service called First Data Secure Transaction Management - "engineered to enable merchants to secure payment card data and remove it from their environment while allowing access when needed." The new service "is designed to dramatically reduce the cost and complexity of complying with the Payment Card Industry Data Security Standard (PCI DSS)." READ MORE »

VeriFone has announced the formation of a Global Security Solutions Business Unit - saying it will be "focused on delivering innovative security solutions, including VeriShield Protect end-to-end encryption, to protect cardholder data throughout merchant and processor systems." Jeff Wakefield, formerly vice president of marketing for VeriFone’s Integrated Systems business, was named general manager and vice president of the new business unit. READ MORE »

Glenbrook is looking for more information about providers who are providing tokenization and/or encryption products/services to merchants to help them reduce the scope of their PCI-DSS compliance obligations?

Last week, several companies responded to our Twitter tweets and LinkedIn status asking for more information - if you've already responded via email, there's no need to do so again!

But, If your company does provide tokenization/encryption services and hasn't already responded, then please do respond to this survey and tell us more about your offering. You can click "Read More" to answer our mini-survey or click here to open a fresh copy. READ MORE »

In an article titled "Defying Experts, Rogue Computer Code Still Lurks", John Markoff writes for the New York Times about the Conficker virus - first detected last November which now has some five million computers around the world under its control. "Wherever the authors are, the experts say, they are clearly professionals using the most advanced technology available."

Radisson Hotels & Resorts has issued an open letter to its customers informing them that the computer systems of some Radisson hotels in the U.S. and Canada were accessed without authorization. According to the company, "this unauthorized access was a violation of both civil and criminal laws. Radisson has been coordinating with law enforcement to assist in their investigation of this incident. While the number of potentially affected hotels involved in this incident is limited, the data accessed may have included guest information such as the name printed on a guest’s credit card or debit card, a credit or debit card number, and/or a card expiration date." READ MORE »

Based on an interview with Heartland Payment Systems CEO Robert Carr, Rachael King writes for BusinessWeek about lessons learned during the Heartland data breach that began in 2008 and was discovered and announced in January 2009.

Heartland Payment Systems has announced that yesterday it successfully completed the first phase of its end-to-end encryption pilot project. According to the company, "this first step involved the transmission of live AES (Advanced Encryption Standard)-encrypted card transactions from a merchant to Heartland’s processing platform. AES is the highest level of encryption and is currently on track to replace DES (Data Encryption Standard) and Triple DES as the desired standard for sensitive data."

Earlier this month Heartland announced it was working with Voltage Security to develop its end-to-end encryption approach. READ MORE »

Mercator Advisory Group has published a new report, End-to-End Encryption: The Acquiring Side Responds to Data Loss and PCI Compliance that "explores end-to-end encryption (E2EE) in the hands of merchants, payment service providers and processors. In the face of the three bogies of PCI DSS compliance and penalties, reputational risk and direct financial loss, the acquiring half of the payments process is evaluating options for eliminating cleartext cardholder data from their systems. Tokenization (the subject of a recent Mercator report) and end-to-end encryption are the leading candidates. This report examines the complexity of E2EE within payments and enterprise security." READ MORE »

Merchant Link has announced that it will offer later this year its TranactionVault hosted credit card security product and service to users of the latest version of the MICROS OPERA Property Management System (PMS). READ MORE »

Heartland Payment Systems has selected Voltage Security as a partner to develop end-to-end encryption (E3) software specifically suited to payments processing.

“Heartland is developing a complete end-to-end encryption solution designed to protect cardholder data at all stages of a transaction – from card swipe through delivery to the card brands,” said Bob Carr, Heartland’s chairman and chief executive officer. “Together with Voltage, we are developing a comprehensive solution that currently does not exist.” READ MORE »

A new research report titled "Protecting Personal Information: We Lost the Battle, Can We Win the War?" by TowerGroup declares that the financial services industry has lost the battle to protect consumers' personally identifiable information (PII) data. TowerGroup's George Tubin points out that "in light of the loss or theft of hundreds of millions of data records containing PII, the financial services industry must consider the ramifications of past, present and future data losses." READ MORE »

ThreatMetrix has unveiled a new mobile security application for smartphone users called SafeAndSurf - a web browser that securely stores a smartphone user's personal data until he or she is ready to sign-on to a social network, execute an online banking transaction, or complete an ecommerce purchase. According to the company, "SafeAndSurf is the only mobile security application to safeguard a smartphone user's personal information and also allow the user to automatically insert that information to transaction data fields, a combination that allows consumers to shop, bank and play on their smartphones more safely and easily." SafeAndSurf is available today for use on the Apple iPhone. READ MORE »

The Payment Card Industry (PCI) Security Standards Council must take the lead in developing a collaborative approach with merchants in defining more open standards for future PCI Data Security Standard (DSS) requirements, stressed NACS (the National Association of Convenience Stores) and several other trade associations in a June 8 letter to the Council. READ MORE »

Voltage Security has introduced the Voltage Data Breach Index, a single at-a-glance view into the state of national and global data breaches.

According to Voltage, "the visual map brings data breach reporting to life, summarizing historical and real-time breaches, size and scope, types of records, regions affected, industry and more. Perhaps most interesting is that patterns in the data enable the creation of a predictive data breach model. This model predicts, for example, that 14 data breaches will, over the next year, each expose 1,000,000 or more records to potential use by criminals. And, at least one breach of over 10,000,000 records will affect nearly 5 percent of the U.S. population." A white paper is also available.

Hypercom, Ingenico, and VeriFone have announced the formation of the Secure POS Vendor Alliance - SPVA, a non-profit business organization chartered with implementing common payment security standards among vendors of secure point-of-sale (POS) devices used by retailers, acquirers and cardholders alike. READ MORE »

More electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry and a strong involvement of organized crime, according to the "2009 Verizon Business Data Breach Investigations Report" released today. Full press release here. READ MORE »

The US House of Representatives Subcommittee on Emerging Threats, Cybersecurity and Science and Technology is holding a hearing today on the subject: "Do the Payment Card Industry Data Standards Reduce Cybercrime?". Witnesses include representatives from the US Department of Justice, the Payment Card Industry Data Security Standards Council, Visa Inc., Michaels Stores, and the National Retail Federation. A webcast is available.

The Bank Fraud Forum Blog has been launched by Memento Security.

Fraud is a serious issue that deserves serious discussion. The Bank Fraud Forum℠ has two primary objectives: 1) to convey insights, opinions and comments on the world of financial crime, and 2) to serve as an open, albeit virtual, forum for the fraud fighting community. Our goal is to offer intelligent, timely and thought-provoking analysis of trends, news, best practices and more.

Visa chief enterprise risk officer Ellen Richey told security experts today that payment card data fraud rates remain near historic lows despite economic woes and high-profile compromises, and called for continued industry investment, collaboration and innovation, three key components in keeping the electronic payment system secure in the future. She made her comments to a gathering of business, government, academic and law enforcement officials at Visa's Global Security Summit, its third cross-functional symposium on payment security, held in Washington, DC. READ MORE »

Voltage Security has announced major enhancements to Voltage SecureData, supporting more environments and platforms, including end-to-end encryption across distributed environments such as those used by retail and payment processors. "Voltage customers are finding it easier to protect their data end-to-end, comply with regulations and protect sensitive customer information from the moment it is collected." READ MORE »

Kimberly Kiefer Peretti of the Computer Crime and Intellectual Property Section of the US Department of Justice has authored a paper titled "Data Breaches: What the Underground World of “Carding” Reveals" to be published in the Santa Clara Computer and High Technology Journal. READ MORE »

Heartland Payment Systems has announced that "it has formed an internal department dedicated exclusively to the development of end-to-end encryption to protect merchant and consumer data used in financial transactions. For the past year, Robert O. Carr, Heartland's chairman and chief executive officer, has been advocating for payments industry adoption of this technology - which will protect data at rest as well as data in motion - as an improvement for payment transaction security." READ MORE »

With all of the news this week surrounding the payment card data breach at Heartland Payments Systems, we've added a new section to the Payments News Bookstore with several new books covering the topic of PCI-DSS (Payment Card Industry-Data Security Standard) compliance. If you're aware of any we've missed, please send us Feedback and we'll add them to the bookstore.

In addition to these books about the subject, the PCI Security Standards Council website is a great starting point for learning more about PCI-DSS.