iPayX ValutaPortSM Card Cloaking Services is a combination of devices and services that cast a protective net around accepting card payments. ValutaPortSM supports EMV (Euro/MasterCard/Visa) to thwart identity theft and is coupled with card cloaking to complete the protection net. Card cloaking uses DUKPT (Derived Unique Key Per Transaction) so that if a key is ever compromised; future and past transactions are still protected. iPayX has integrated MagTek's MagneSafe™ Security Architecture to provide DUKPT card cloaking along with MagnePrint® which hides “in process” card information from hackers and takes a finger print of a magstripe to see if it may have been cloned.
What are the weak links in card security?
There are two significant weaknesses in accepting card payments. One, is proving the identity of the card holder. Hardly a day goes by with word of another breach where card information is stolen. EMV defeats this problem by embedding a chip into the card that is far superior to the magnetic stripe that thieves clone and is nearly impossible to replicate. Couple that with adding a private pin that can be validated within the card chip itself and you’ve taken a big step toward reducing the effects of card theft.
The second weak link is the cabling that connects card swipe devices and your keyboard to a PC. Generally, these devices transmit captured information and keystrokes in-the-clear, i.e. without any encryption. Later your PC encrypts the information before transmitting the card data for authorization, but for a few seconds, card numbers and codes are floating inside your PC’s memory where malware sniffers locate it and forward the information to offsite hackers. Encryption that originates inside the card swipe or keypad itself corrects this weakness.
Explain liability shifting, what’s that all about?
Well, before EMV the liability for fraud was generally covered by the card issuers. However after EMV (October 1, 2015) the merchant is responsible for card fraud unless 95% of their POS locations are utilizing EMV devices. So implementing EMV devices eliminates most, if not all, account data compromise penalties. Penalties that may run into the millions. In addition, a reduction of the card discount fee will be offered to customers using EMV devices.
What about the card swipe devices?
iPayX offers card swipe readers of many different styles including devices that meet EMV device standards and support card cloaking and card fingerprinting. iPayX can also help with setup and deployment and will pre-certify and configure each device before shipping to you for installation.
How do you handle agent telephone payments?
iPayX recognizes that agents perform card-not-present transactions when accepting telephone payments. That’s a risk if malware reaches an agent’s PC. To combat this, iPayX offers a keypad with a display that walks the agent through key entry of the card #, expiration, zip and CVV code then it encrypts before relaying it for authorization. All a memory sniffer sees is randomly encrypted information. Using iPayX ValutaPortsm even your key entered transactions are safely processed.
U.S. payment card fraud has become an ominous threat for any business. By October 1, 2015 every merchant must prepare for the EMV Liability Shift, which will make your business responsible for the expense of card fraud when EMV technology is not in place.
Contact Us for more information on our advanced card payment security features.