Wednesday, May 5, 2010

End-to-End Encryption in Card Payments: An Introduction













Vendors perceive merchants to be as likely to purchase E2EE solutions to offload PCI DDS requirements as they are to secure card data.
Boston, MA, May 5, 2010 – A new report from Aite Group provides insight into where end-to-end Encryption (E2EE) is going based on the perspectives of key decision-makers from core vendors of such solutions. Among other things, the report considers the revenue models being adopted by E2EE vendors and speculates on the long-term prospects for E2EE adoption, standardization of tokenization, and the likelihood of a shift to EMV chip card infrastructure in the United States.
Aite Group concludes that the most appropriate technological route to address current card fraud threats in the United States is E2EE, particularly given the entrenched nature of magnetic card infrastructure in the United States. While E2EE does not prevent the use of counterfeit or lost and stolen cards, it prevents criminals from accessing the raw materials for card crime: the card data itself. It also appeals to merchants, helping remove them from the scope of Payments Card Industry Data Security Standards (PCI DSS). In fact, vendors perceive merchants to be as likely to purchase E2EE solutions to offload PCI DDS requirements as they are to secure card data.



"Merchant choices will be highly subjective based on transaction fees, hardware requirements, and, not insignificantly, the degree to which an offering removes the merchant from PCI scope," says Nick Holland, senior analyst with Aite Group and author of this report. "While a focus on PCI scope reduction may be a fine way for E2EE vendors to gain merchant attention, it loses sight of the fundamental aspect of solutions - protecting consumer cardholder data. Vendors should be careful not to over-focus on this aspect of E2EE promotion; ultimately, the definition of what takes PCI out of scope is in the hands of the PCI Standards Council, and not in the hands of vendors."



The providers of E2EE are generally point-of-sale hardware vendors, payments processors, or security vendors that partner with E2EE experts to offer solutions. Among the providers mentioned in the report are Element, First Data Corporation, Heartland, Hypercom, Ingenico, MagTek, RSA, Semtek, VeriFone, and Voltage Security.



This 26-page Impact Report contains 16 figures. Clients of Aite Group's Retail Banking service can download the report by clicking on the icon to the right.
 
Related Aite Group Research:
To purchase this report or

for additional information,

please contact:

Aite Group SalesTel: +1.617.338.6050sales@aitegroup.com
Reblog this post [with Zemanta]

Disqus for ePayment News