Above photo courtesy of HomeATM CEO, Ken Mages
I am pleased to report that since October 2008, HomeATM's personal card swiping device has undergone the scrutiny and rigors of PCI 2.0 testing at Witham Labs, and that as of today, 1/29, our SafeTPIN device has either met or exceeded the PCI 2.0 requirements "for a PIN Entry Device for online PINs".
Congratulations are in order for our CTO, Ben Lo, who works out of our Hong Kong location. Congrats to Ben and his team for their integral role in achieving this milestone!
Congratulations are in order for our CTO, Ben Lo, who works out of our Hong Kong location. Congrats to Ben and his team for their integral role in achieving this milestone!
When you combine this news with the fact that HomeATM already provides "end to end encryption" which is only a topic of discussion for other processors, it escalates HomeATM to the top of the security ranks in the payments industry.
* E2EE = Continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination. For example, a virtual private network (VPN) uses end-to-end encryption. Another example, HomeATM uses end-to-end encryption.
Back to our PCI 2.0 story. Here's a sampling from the Witham Labs report: Click on the graphics to enlarge and read.
Executive Summary
HomeATM of 1010 Sherbrooke West, Monreal, Quebec, Canada H3A 2R7, has designed and manufactured a PIN Entry Device named “SafeTPIN”. This PED has magnetic stripe reader.
Witham Laboratories was asked to study the SafeTPIN and comment on its compliance with the PCI requirements for PEDs, v2.0. Under NDA, working units were provided for destructive analysis, along with wiring schematics and layouts, test data, loader application and firmware source code. We tested and evaluated the submitted samples of the device.
This report presents our findings for compliance to the PCI-PED requirements (v2.0), with detailed analysis of each requirement, overview of architecture and methods and cost estimates of possible attacks.
Witham Laboratories was able to verify the compliance of the SafeTPIN with all applicable PCI requirements v2.0 for PIN entry devices.
This report details the results of the evaluation, and is suitable for submission to PCI.
“The PED uses tamper detection and response mechanisms which cause the PED to become immediately inoperable and results in the automatic and immediate erasure of any secret information which may be stored in the PED. These mechanisms protect against physical penetration of the device by means of (but not limited to) drills, lasers, chemical solvents, opening covers, splitting the casing (seams) and using ventilation openings and there is not any demonstrable way to disable or defeat the mechanisms"