Visa said on Tuesday that it is rolling out a new service for acquirers and their merchants that will help to better secure payment card data. The service, Visa Merchant Data Secure with Point-to-Point Encryption, will be fully available to customers by early 2013.
For now, Visa is working with a select group of acquirers, processors and payment technology vendors in order to better develop specs and determine the correct needs. Once complete, the new service will be intergraded into critical systems across the payment processing industry.
The service is built on P2PE (Point-to-point encryption), which protects cardholder information and related data in transit and at rest.
“Merchants large and small have expressed an interest in encryption as a way to protect cardholder data in their payment systems and simplify their security protocols,” said Ellen Richey, Chief Enterprise Risk Officer, Visa Inc.
“Since encrypted data can’t be used to commit fraud, Visa’s point-to-point encryption solution can significantly reduce the risk and impact of data compromises.”
Visa says the new service relies on the same Triple Data Encryption Standard (TDES) and Derived Unique Key per Transaction (DUKPT) key management methods that are used to encrypt PINs today. It’s because of this, that they will reach their goal of a consistent framework for managing keys, while minimizing the impact of merchant system updates. In addition, when the service is fully launched, Visa will also offer the option to use FPE (format preserving encryption).
As mentioned, the service is still in trial and undergoing structured testing. Visa expects the service to launch fully in Q1 2013.
Over the coming months, Visa will provide specifications and implementation guides through technical review agreements.