MagTek Responds to the SPVA's Recently Published E2E Guidelines
June 01, 2010 (PRLEAP.COM) Technology NewsSeal Beach, CA. (June 1, 2010) – MagTek, Inc., a well known leader in payment security, today responded to the Secure POS Vendors Alliance and its published guidelines on the application of encryption technology (E2E) to payment card data used for retail financial transactions. The guidelines establish an auditable set of requirements that can be used to validate cardholder data security across the many entities that participate in the transport of payment card data.
MagTek's IPAD® and its entire product line of secure card reader authenticators (SCRAs) are protected by MagneSafe security which conforms to the SPVA recommended guidelines. In fact its encryption begins within the magnetic sensor, the instant the card is read. But MagTek cautions that E2E is not the panacea the industry is expecting. Experts agree that payment card data should be encrypted from the point of swipe to the point of authorization. This will increase the degree of difficulty that thieves encounter when trying to steal cardholder data for nefarious purposes like those carried out against TJX Corporation and Heartland Payment Systems. But E2E will do little to deter criminals, or detect and stop counterfeit card fraud and ultimately may not by itself be worth the investment.
"Cardholder data is un-encrypted on the magnetic stripe and is vulnerable at all times when not encrypted. Hence, MagTek questions the efficacy of encryption as a constructive means to protect consumers and merchants", says Andy Deignan, MagTek's vice president of global marketing and strategy. "Encryption at the point of swipe offers no protection for the millions of other locales where cardholder data may be obtained such as pocket skimmers, false-front ATMs, and socially engineered scams. If the goal is to stop the billions of dollars lost annually to fraud and to restore convenience and trust in the payments system, then authentication methods that inject dynamic data into the approval stream are essential."
MagneSafe security, a multi-layered approach to protecting card data, does just that; it provides dynamic authentication data as a means to ascertain that the terminal, the host, the reader, the card, and the data it carries, are all genuine and haven't been tampered or cloned. Two of its attributes; Encryption and Tokenization help with PCI-DSS compliance, but that's all they do. Authentication is the critical component that deters, detects and stops fraud. Whereas, compliance is an elusive, morphing, frustrating target, ending fraud is a worthy, achievable, and cost beneficial goal. Only a strategy that includes authentication can decimate fraud and produce a positive ROI."
Since 1972, MagTek has been a leading manufacturer of electronic devices and systems for the reliable issuance, reading, transmission and security of cards, checks, PINs and other identification documents. Leading with innovation and engineering excellence, MagTek is known for quality and dependability. Its products include secure card readers, check scanners, PIN pads and distributed credential issuing systems. These products are used worldwide by financial institutions, retailers, hotels, law enforcement agencies and other organizations to provide secure and efficient electronic payment and identification transactions.
Today, MagTek continues to innovate with the development of a new generation of security centric products secured by MagneSafe™. By leveraging strong encryption, secure tokenization, real time authentication and dynamic payment card data, MagneSafe products enable users to assess and validate the trustworthiness of credentials used for online identification, payment processing, and other high-value electronic transactions.
MagTek is based in Seal Beach, California and has sales offices throughout the United States, Europe, and Asia, with independent distributors in over 40 countries. For more information, please visit www.magtek.com.