Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Visa to Launch Encryption Service to Secure Card Data

Visa said on Tuesday that it is rolling out a new service for acquirers and their merchants that will help to better secure payment card data. The service, Visa Merchant Data Secure with Point-to-Point Encryption, will be fully available to customers by early 2013.

Visa said on Tuesday that it is rolling out a new service for acquirers and their merchants that will help to better secure payment card data. The service, Visa Merchant Data Secure with Point-to-Point Encryption, will be fully available to customers by early 2013.

Visa Encryption ServiceFor now, Visa is working with a select group of acquirers, processors and payment technology vendors in order to better develop specs and determine the correct needs. Once complete, the new service will be intergraded into critical systems across the payment processing industry.

The service is built on P2PE (Point-to-point encryption), which protects cardholder information and related data in transit and at rest.

“Merchants large and small have expressed an interest in encryption as a way to protect cardholder data in their payment systems and simplify their security protocols,” said Ellen Richey, Chief Enterprise Risk Officer, Visa Inc.

“Since encrypted data can’t be used to commit fraud, Visa’s point-to-point encryption solution can significantly reduce the risk and impact of data compromises.”

Visa says the new service relies on the same Triple Data Encryption Standard (TDES) and Derived Unique Key per Transaction (DUKPT) key management methods that are used to encrypt PINs today. It’s because of this, that they will reach their goal of a consistent framework for managing keys, while minimizing the impact of merchant system updates. In addition, when the service is fully launched, Visa will also offer the option to use FPE (format preserving encryption).

As mentioned, the service is still in trial and undergoing structured testing. Visa expects the service to launch fully in Q1 2013.

Over the coming months, Visa will provide specifications and implementation guides through technical review agreements. 

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...