By Thad Rueter - Internet Retailer
When most online shoppers get to the payment page of an e-commerce site they type in a credit or debit card number.
Editor's Note: ...and therein lies the problem (behind the continuing escalation of online payment fraud.)
When brick and mortar shoppers get to the POS they Swipe their card. They don't write their primary card number down on a piece of paper and leave it at the store's checkout counter. But that's exactly what you are doing when you type your card numbers into a browser.
The simple fact is that In order to properly secure the card holder data, instead of "typing" we should be "swiping." It's what we do in the brick and mortar world...and for good reason. That said, It is extremely important to note that it's not simply the act of "swiping" that makes the transaction secure.
As the eCommerce marketplace matures, (i.e. realizes that browsers are not safe) there has been a couple "swiping" devices introduced over the course of the last year. Square, SmartSwipe, etc. Yet, to this day, only one device in the world has been PCI 2.0 Certified. Why is that? It is because "encryption is the key" to securing cardholder data.
\
HomeATM understood the importance of strong encryption long ago which is why utilize 3DES encryption for the Track 2 data. (We encrypt the data at the magnetic head of the card reader so it is NEVER in the clear.)
Because our secure hardware solution incorporates a PIN Entry device, it enables us to further protect the online financial transaction with DUKPT encryption for the PIN. (Derived Unique Key Per Transaction)
So if you are curious as to why we are PCI certified and our competitors are not, think encryption. Neither Square, nor SmartSwipe incorporates a PIN Entry Device, so two factor authentication and DUKPT encryption does not, cannot, come into play. It is important to note that neither one 3DES encrypts the Track 2 data.
HomeATM understood the importance of strong encryption long ago which is why utilize 3DES encryption for the Track 2 data. (We encrypt the data at the magnetic head of the card reader so it is NEVER in the clear.)
Because our secure hardware solution incorporates a PIN Entry device, it enables us to further protect the online financial transaction with DUKPT encryption for the PIN. (Derived Unique Key Per Transaction)
So if you are curious as to why we are PCI certified and our competitors are not, think encryption. Neither Square, nor SmartSwipe incorporates a PIN Entry Device, so two factor authentication and DUKPT encryption does not, cannot, come into play. It is important to note that neither one 3DES encrypts the Track 2 data.
So, ask yourself "two questions" the next time you are asked to "type" your card number into a box on a checkout page of a website.
1. Does it make logical sense for me to be typing my card number into a box?
2. What hardware device best protects my sensitive data.
You'll have to answer the first question yourself, (see related articles below if you are stumped) but the answer to the second question is clearly HomeATM's PCI 2.0 PED certified technology. Contact me to learn more about how our technology can eliminate phishing and chargebacks and render malware useless.
Editor's Note: We also have an EMV ready Chip and PIN reader hardware device which will allow online banking authentication, online payment, online bill pay and real-time instant P2P money transfers.