AUSTIN, Texas, June 22, 2011 /PRNewswire/ -- Hospitality Industry Technology Exposition and Conference (HITEC) -- Merchant Link's TransactionShield™ and TransactionVault™ solutions can significantly reduce merchants' PCI DSS scope, according to an independent security assessment released today by Coalfire Systems, Inc, a Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company.
Merchant Link's TransactionShield is a point-to-point encryption (P2PE) solution that ensures that customer data is secure from the moment their credit card is swiped. Merchant Link's TransactionVault tokenization solution removes customer credit card data where it would be at risk from hackers. The data is instead stored in Merchant Link's hosted vault. The combination of TransactionShield and TransactionVault secure both data in-flight and data at rest, and reduce the cost and effort of attaining and maintaining PCI compliance.
"Merchants continue to be plagued by data breaches caused by inadequate security controls or applications which allow access to sensitive payment card data," said Kennet Westby, president and COO of Coalfire. "Merchant Link's comprehensive offering including both tokenization and encryption can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today."
"Merchants are currently burdened with having to keep all customer data secure while also meeting challenging PCI requirements," said Dan Lane, President and CEO of Merchant Link. "Coalfire's assessment of our P2PE and tokenization solutions further validates that Merchant Link can provide transaction security solutions that go beyond current PCI requirements, ultimately allowing merchants to focus on their core businesses."
Coalfire's assessment, which included technical testing, architectural assessment, industry analysis, compliance validation and peer review, found that:
- TransactionShield will leverage multiple encrypting point of interaction (POI) devices deployed in the merchant network and a Merchant Link-hosted decryption system which eliminates the transmittal of cleartext cardholder data through the entire merchant network.
- TransactionVault can eliminate post authorization storage of cardholder data from a merchant's network by storing it in Merchant Link's PCI DSS compliant data centers.
- TransactionShield is aligned with Visa Best Practices for Data Field Encryption published by VISA in October 2009, as well as guidance provided in the Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance published by PCI SSC in October 2010.
- TransactionVault is aligned with Visa Best Practices for Tokenization guidance published by VISA in July 2010.
- Properly deployed, implementation of the TransactionShield and TransactionVault solutions together can effectively remove merchant retail POS systems from the scope of PCI DSS by:
- Capturing card data only via a TransactionShield integrated POS application and encrypting Point of Interaction (POI) device;
- Strongly encrypting card data at the TransactionShield point of capture in a secure, restricted access, encrypting POI device, where the merchant has no ability to decrypt the card data;
- Storing only card data tokens post authorization as returned by TransactionVault.
To learn more about Merchant Link’s TransactionShield and TransactionVault, and obtain the report, visit (http://merchantlinksecuritycents.com/).
Coalfire is a leading, independent IT Audit and Compliance firm that provides information technology (IT) audit, security assessment and IT compliance management solutions. The company has grown rapidly since being founded in 2001 and now completes more than 1,000 projects annually in retail, financial services, healthcare, government and utilities. Coalfire has developed a new generation of technology-enabled IT Compliance Management Tools under the Navis brand. These tools enable Coalfire to efficiently deliver governance, risk and compliance (GRC) services and keep pace with rapidly changing regulations and best practices. Coalfire's solutions are adapted to requirements under emerging data privacy legislation, including the PCI Data Security Standard, Gramm-Leach-Bliley Act, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley and FISMA. For more information, please visit www.coalfiresystems.com
About Merchant Link
Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotel, restaurant and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world's best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault™, our tokenization solution, and TransactionShield™, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com. For our expert opinion on encryption, tokenization and PCI compliance, visit the Merchant Link blog at www.merchantlinksecuritycents.com.
Shany Seawright, 240-485-1081
SOURCE Merchant Link