Merchant Link SecurityCents

SILVER SPRING, MD (January 4, 2012) – Business Solutions magazine has named Merchant Link, a leading provider of cloud-based payment gateway and data security solutions, as one of the Best Channel Vendors for 2012 in the Payment Processing category.

Merchant Link scored particularly high in the areas of service and support, product reliability, and channel friendliness. The company was also recognized for product innovation, reflecting the company’s recent focus on providing cutting-edge tokenization and encryption solutions to protect sensitive customer data and enable merchants to meet and exceed PCI compliance standards.

“Merchant Link is pleased and honored to be named to the list of Best Channel Providers,” said Dan Lane, president and CEO of Merchant Link. “The company strives to deliver peace of mind for our channel partners and their customers by providing the highest level of service, security and reliability for their payment processing solutions.”

The list of best channel vendors was based on responses to a survey conducted by Business Solutions magazine and Penn State University. The survey was given to over 4,000 Value Added Reseller (VAR) subscribers and received over 10,000 votes. The Best Channel Vendor list includes only the service providers who received scores in the top 5 percent of their category and is published in the January 2012 issue of Business Solutions magazine.

About Merchant Link
Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotels, restaurants and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world’s best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault^TM, our tokenization solution, and TransactionShield^TM, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com. For our expert opinion on encryption, tokenization and PCI compliance, visit our blog at www.merchantlinksecuritycents.com.

Joie de Vivre, which manages the largest collection of boutique hotels in California and an assortment of restaurants and spas, will raise the standards of customer service by implementing Merchant Link’s tokenization solution to protect the credit card data of its guests across 27 of its locations.  Merchant Link is a leading provider of cloud-based payment gateway and data security solutions.

Joie de Vivre offers one of the most unique collections of lifestyle hotels and continues to expand on its fresh and inventive properties.  Merchant Link will deploy its hosted, card-based tokenization solution across the Joie de Vivre enterprise, including the hotel property management systems and the spa point-of-sale systems, ensuring that every transaction is tokenized and there is an extra layer of protection that will protect Joie de Vivre’s brand.

“We pride ourselves on being innovative and offering exceptional hospitality services and products to our customers,” said Michael Stano, Joie de Vivre’s vice president of technology. “Our commitment to excellence extends even further by offering safe and secure financial transactions for our customers so they can enjoy their experience without worrying about the safety of their payment information.  And we have the peace of mind knowing that sensitive data doesn’t live on our network.”

Joie de Vivre, a long time customer of Merchant Link, will utilize TransactionVault™, a tokenization technology that removes customer card data from merchants’ systems where it is most at risk of being compromised by hackers. By tokenizing every transaction throughout the entire hotel experience from check-in to purchases at the gift shop and more, Joie de Vivre can remove payment data from all points in the payment process.  This valuable data will instead be stored in Merchant Link’s secure, hosted “vault,” and therefore effectively lowering the cost and effort of attaining and maintaining PCI compliance.

“The lodging industry is quickly realizing the importance of tokenization to secure sensitive data,” said Dan Lane, President and CEO of Merchant Link.  “We have served Joie de Vivre’s payment transaction needs since 2007, and we continue to work with them as they address the complexities of payment transactions.”

About Joie de Vivre Hotels

Joie de Vivre Hotels ( www.jdvhotels.com ) embarked on its mission to “create joy” for guests and employees in 1987, when Chip Conley founded the innovative hospitality company in San Francisco. Each one of Joie de Vivre’s more than 30 hotels is an original concept designed to reflect the local community and engage the five senses so that guests enjoy authentic, memorable experiences. Today Joie de Vivre manages the largest collection of boutique hotels and resorts in California and is expanding outside the state with openings in Scottsdale, Arizona this fall and Chicago in early 2012.

Tokenization offers added layer of security to spa management software while reducing PCI scope

Merchant Link, a leading provider of payment gateway and data security solutions, today announced that its TransactionVault™ tokenization solution now fully integrates with industry leading spa and activity management software SpaSoft, providing an extra layer of payment security — while helping meet PCI compliance requirements — for spas and resorts.

Offered by PAR Springer-Miller, SpaSoft is a management and scheduling software solution for spas and resorts that now integrates with Merchant Link’s next-generation tokenization solution, which removes customer credit card data where it would be at risk from hackers. The data is instead stored in Merchant Link’s hosted vault. The combined solution helps reduce resorts, spas and health clubs Payment Card Industry Data Security Standards (PCI DSS) scope.

JC Resorts, a leader in the management and operation of premium golf and resort properties, has selected and is piloting the combined solution.  Having installed SpaSoft with TransactionVault in two of their largest properties in San Diego and Laguna Beach, JC Resorts now has a higher level of confidence in the security of their financial transaction data.

“We are always looking for solutions that will help us best manage our business while also ensuring that all of our transactions are fully secure,” said Diane Li, Chief Information Director, JC Resorts. “In addition, meeting current PCI compliance requirements can be very challenging. The new integration between SpaSoft and TransactionVault will allow us to be compliant and have the peace of mind knowing that we are ultimately protecting our guests.”

Since 2006, SpaSoft has interfaced with Merchant Link’s payment gateway solution and the integration with TransactionVault reinforces PAR Spring-Miller’s commitment to providing data security and PCI compliance solutions to its customers and users.  SpaSoft is currently in use in more than 900 locations.

“Providing tokenization with TransactionVault enhances the SpaSoft complete spa management solution. Our clients appreciate our system which is both feature-rich and fully secure when it comes to processing debit and credit card transactions,” said Victor Vesnaver, Senior Vice President, Sales and Marketing, PAR Springer-Miller Systems.  “Unfortunately, data breaches in the hospitality sector are on the rise and this new integration allows resort and spa operators to protect their guests from having their card information compromised.”

The PCI Security Standards Council recently released its tokenization guidance, which aims to provide greater clarity about how tokenization solutions relate to PCI DSS and impact compliance. In addition, the TransactionVault solution has been proven to significantly reduce merchants’ PCI DSS scope, according to an independent security assessment released by Coalfire Systems.

“Hospitality providers are constantly facing the threat of nefarious hackers who are very persistent in their efforts to obtain guest’s vital information,” said Dan Lane, President and CEO of Merchant Link.  “By integrating TransactionVault into SpaSoft, we are offering hospitality providers the most comprehensive line of defense against cyber criminals.”

About SpaSoft and PAR Springer-Miller Systems

An industry-standard for more than 10 years, SpaSoft is a fully integrated, dynamic activities management/scheduling software solution, specifically designed to meet the unique needs of resorts, day spas, medi-spas and health clubs. SpaSoft‘s integrated offering includes resource management, club membership, group management, inventory management, point-of-sale, yield management, loyalty proram, user-defined and standardized reporting, as well as client management and history.

SpaSoft is one of the many products offered by PAR Systems-Miller Systems Inc, the leading provider of hospitality management solutions. The extensive product line offered by PSMS meets the technology needs of all types of hospitality enterprises including city-center hotels, destination spa and golf properties, timeshare properties and casino resorts worldwide. For more information on SpaSoft or PAR Springer-Miller Systems, visit our website at www.spasoft.com.

About Merchant Link
Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotel, restaurant and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world’s best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault^TM, our tokenization solution, and TransactionShield^TM, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com. For our expert opinion on encryption, tokenization and PCI compliance, visit our blog at www.merchantlinksecuritycents.com.

.

Originally published by SC Magazine, reported by Angela Moscaritolo

The use of a tokenization solution does not eliminate a merchant’s need to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS), the industry group responsible for managing payment security guidelines said in a new document released Friday.

“The misconception is that I can buy one of these [tokenization solutions] and be PCI compliant,” Bob Russo, general manager of the PCI Security Standards Council, told SCMagazineUS.com. “That’s not the case.”

A mature and properly deployed tokenization solution can, however, simplify the requirements of PCI DSS by taking systems that no longer contain sensitive credit card numbers out of the scope of the standard, according to the 23-page supplement released by the PCI Council.

Meanwhile, Sue Zloth, product group manager at payment data security provider Merchant Link, a member of the PCI Council’s tokenization task force, told SCMagazineUS.com on Friday that she believes the document is a good first step, though it may lead to some confusion and deter adoption.

Zloth took issue with a section that discusses the need to evaluate whether a token itself could be used – in lieu of cardholder data – to perform a transaction.

The document states that so-called “high-value tokens,” which can be used as a form of payment, could be monetized by an attacker or used to generate fraudulent transactions.

The council introduced a valid concern –  that certain tokens could be valuable to attackers — but “fell down” by failing to describe how a tokenization system could adequately protect tokens from being fraudulently used, Zloth said.

“A properly implemented system will know who is sending transactions and will not allow anyone to send transactions with a token,” she added.

To read this full story go to http://www.scmagazineus.com/pci-council-releases-tokenization-guidance/article/209505/

Independent Assessment by Industry Leading PCI QSA, Finds That Merchant Link’s Encryption and Tokenization Solutions Enhance Transaction Security for Merchants.

Merchant Link’s TransactionShield™ and TransactionVault™ solutions can significantly reduce merchants’ PCI DSS scope, according to an independent security assessment released today by Coalfire Systems, Inc, a Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company.

Merchant Link’s TransactionShield is a point-to-point encryption (P2PE) solution that ensures that customer data is secure from the moment their credit card is swiped.  Merchant Link’s TransactionVault tokenization solution removes customer credit card data where it would be at risk from hackers. The data is instead stored in Merchant Link’s hosted vault.  The combination of TransactionShield and TransactionVault secure both data in-flight and data at rest, and reduce the cost and effort of attaining and maintaining PCI compliance.

“Merchants continue to be plagued by data breaches caused by inadequate security controls or applications which allow access to sensitive payment card data,” said Kennet Westby, president and COO of Coalfire.  ”Merchant Link’s comprehensive offering including both tokenization and encryption can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today.”

“Merchants are currently burdened with having to keep all customer data secure while also meeting challenging PCI requirements,” said Dan Lane, President and CEO of Merchant Link.  ”Coalfire’s assessment of our P2PE and tokenization solutions further validates that Merchant Link can provide transaction security solutions that go beyond current PCI requirements, ultimately allowing merchants to focus on their core businesses.”

Coalfire’s assessment, which included technical testing, architectural assessment, industry analysis, compliance validation and peer review, found that:

• TransactionShield will leverage multiple encrypting point of interaction (POI) devices deployed in the merchant network and a Merchant Link-hosted decryption system which eliminates the transmittal of cleartext cardholder data through the entire merchant network.
• TransactionVault can eliminate post authorization storage of cardholder data from a merchant’s network by storing it in Merchant Link’s PCI DSS compliant data centers.
• TransactionShield is aligned with Visa Best Practices for Data Field Encryption published by VISA in October 2009, as well as guidance provided in the Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance published by PCI SSC in October 2010.
• TransactionVault is aligned with Visa Best Practices for Tokenization guidance published by VISA in July 2010.
• Properly deployed, implementation of the TransactionShield and TransactionVault solutions together can effectively remove merchant retail POS systems from the scope of PCI DSS by:
  • Capturing card data only via a TransactionShield integrated POS application and encrypting Point of Interaction (POI) device;
  • Strongly encrypting card data at the TransactionShield point of capture in a secure, restricted access, encrypting POI device, where the merchant has no ability to decrypt the card data;
  • Storing only card data tokens post authorization as returned by TransactionVault.

To learn more about Merchant Link’s TransactionShield and TransactionVault, and obtain the report, click here.

About Coalfire

Coalfire is a leading, independent IT Audit and Compliance firm that provides information technology (IT) audit, security assessment and IT compliance management solutions.  The company has grown rapidly since being founded in 2001 and now completes more than 1,000 projects annually in retail, financial services, healthcare, government and utilities.  Coalfire has developed a new generation of technology-enabled IT Compliance Management Tools under the Navis brand.  These tools enable Coalfire to efficiently deliver governance, risk and compliance (GRC) services and keep pace with rapidly changing regulations and best practices.  Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, including the PCI Data Security Standard, Gramm-Leach-Bliley Act, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley and FISMA. For more information, please visit www.coalfiresystems.com

About Merchant Link

Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotel, restaurant and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world’s best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault™, our tokenization solution, and TransactionShield™, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com.

The Georgia Center, a conference center and hotel with 200 rooms and suites on the campus of the University of Georgia (UGA), will be providing a more restful night’s stay for their guests moving forward. That’s because the Georgia Center is working with Merchant Link to install the company’s TransactionShield™ point-to-point encryption solution to ensure that customer data is secure from the moment their credit card is swiped.

“We have always sought to be aggressive when it comes to our approach to data security,” said Corey Doster, the IT Director at the Georgia Center.  ”Merchant Link solutions help us meet and exceed our PCI compliance requirements while removing the customer data completely from our premises.  The addition of TransactionShield provides another layer of security to protect our faculty, staff, students and campus visitors against theft and misuse.”

The Georgia Center, which serves over 42,000 guests every year, has been a longtime customer of the Merchant Link Payment Gateway™ since August 2006. The conference center and hotel also deployed Merchant Link’s TransactionVault™ tokenization solution last year with significant success. By combining the two solutions, the Georgia Center removed sensitive data completely from their systems.

The recent addition of the TransactionShield point-to-point encryption solution will extend the protection of customer data from the moment the credit card is swiped and as data travels through UGA’s IT environment to the Merchant Link network. New credit card readers immediately encrypt credit card data and decryption does not occur until it reaches Merchant Link’s cloud-based payment gateway. Once authorization is received, data is sent back to UGA’s Micros OPERA Property Management System in the form of a token.

The implementation of TransactionShield at the Georgia Center is Merchant Link’s first point-to-point encryption installation. Following the successful implementation at the Georgia Center, Merchant Link expects to rapidly deploy the solution to other hotel, restaurant and retail merchants around the country.

About the Georgia Center

The Georgia Center, the University of Georgia’s Conference Center and Hotel, is located on the beautiful, historic campus of UGA in Athens, Georgia. The Center includes a 200-room hotel, four onsite dining options, banquet areas, conference rooms, auditoriums, a fitness center, and a computer lab — all under one roof.

For additional information, go to http://www.georgiacenter.uga.edu.

About Merchant Link

Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotel, restaurant and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world’s best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault™, our tokenization solution, and TransactionShield™, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com. For our expert opinion on encryption, tokenization and PCI compliance, visit the Merchant Link blog at www.merchantlinksecuritycents.com.

The Copper Cellar Corporation, which owns and operates 19 Copper Cellar, Calhoun’s, Smoky Mountain Brewery, Cherokee Grill and Chesapeake’s restaurants, will be serving more than quality dining and memorable experiences to its guests moving forward: it will also provide peace of mind with a robust payment protection solution.

The Copper Cellar Corporation recently installed TransactionVault^™, Merchant Link’s tokenization solution, and the Merchant Link Payment Gateway^™ across all of their locations in Knoxville, Nashville, Gatlinburg, Pigeon Forge, Maryville and Lenoir City.

“It’s comforting to not have to worry about the security of our guests’ credit card information,” said Mike Gaston, vice president of information services for Copper Cellar Corporation. “The fact that it is not stored anywhere on our network is a huge relief.”

The company chose to utilize these solutions to safeguard customer’s sensitive payment data and remove it from the premise to ensure that it is transmitted safely and effectively while reducing their PCI DSS compliance footprint.

The Merchant Link Payment Gateway sends payments quickly, while detecting and correcting errors along the way. It ensures funds are delivered accurately and consistently, prevents expensive chargeback fees and reduces clerk or system errors and prevents them from showing up on customer credit statements.

TransactionVault removes customer credit card data at the point of sale where it would be at risk from hackers. The data is instead stored in Merchant Link’s hosted “vault,” effectively securing “data at rest” and reducing the cost and effort of attaining and maintaining PCI compliance. Through TransactionVault, Merchant Link processed 1 billion transactions at more than 15,000 merchant locations in 2010.

The Copper Cellar Corporation utilizes a Squirrel point-of-sale (POS) system for customer payments. Their previous payment processor and data security solution created problems for them by posting batches twice. Merchant Link’s full suite of reporting and error detection tools help to eliminate failed batch attempts, duplicate batches or no settlement attempts.

“Our old processor had double posted batches before,” said Gaston. “Despite not being directly responsible for the error, it made us look bad in the eyes of our guests. Merchant Link monitors for potential batch issues and ensures that problems such as these are a thing of the past for Copper Cellar, its restaurants and its customers.”

The wide-scale implementation was completed shortly after a pilot site went live successfully with Merchant Link’s solutions.

By: Nathan Eddy

This story was originally published on eWeek

The hosted platform offers businesses cloud-based services to protect cardholder data.

Voltage Security, a provider of enterprise and payment card data protection inside and outside the cloud, and Merchant Link, a provider of payment gateway and data security solutions, announced a partnership to provide point-to-point encryption, cloud-based decryption and tokenization to businesses looking for a security solution to protect cardholder data and reduce PCI scope. The hosted solution enables merchants to have their Voltage SecureData Payments solution with the decryption and tokenization services hosted within the Merchant Link Payment Gateway.

The service provides a solution to secure data in-flight and data at rest: Voltage Security’s point-to-point encryption technology, where cardholder data is encrypted immediately at point of capture and remains protected throughout the merchant’s environment. The service also provides Merchant Link’s TransactionVault tokenization technology, decryption and payment gateway connecting the POS to the merchant’s processor of choice.

“With this new offering, we are moving the decryption point to the cloud, so the merchant no longer has to have decrypted data in their environment,” said Dan Lane, chief technology officer for Merchant Link. “Data is protected within our secure, PCI-validated redundant data centers. And because the decryption and tokenization is cloud-based, it is both affordable and easy to implement.”

Other features include simplified key management, with no need to inject keys into devices or manually rotate encryption keys; encryption support for a range of form factors in the industry, from payment peripherals to counter-top terminals to multilane terminals; and removal of cardholder data from merchant environments along with outsourced key management, allowing for a reduction of PCI scope.

“Voltage is taking a leadership role in providing data protection both inside and outside the cloud. Now, for the protection of sensitive cardholder data used in payment transactions, merchants can turn to Merchant Link and Voltage for a safe and powerful solution to protect both data in-flight and data at rest,” said Mark Bower, vice president of product management for Voltage Security.

The release comes on the heels of a WatchGuard security forecast for 2011, which predicts VOIP (voice over IP) attacks, manufacturer-delivered malware and social media security breaches will be among the top security concerns for businesses this year.

“2011 stands to be a dynamic year for network security as criminals and hackers take threats to new levels,” said Eric Aarrestad, vice president at WatchGuard Technologies. “Given how new threats are constantly evolving, WatchGuard remains ever vigilant in staying one step ahead of these threats, which gives our customers unparalleled protection for their networks, applications and data.”

Two leaders in the payments industry team up to provide multi-lane merchants with a comprehensive data security solution to protect cardholder data in-flight and at rest

New York, NY — January 10, 2011 – National Retailer’s Federation 100th Annual Convention and Expo

Ingenico, the leading worldwide provider of payment devices and services, and Merchant Link, a leading provider of payment gateway and data security solutions, today announced a joint solution to offer Merchant Link’s TransactionVault™ tokenization technology with Ingenico On-Guard point-to-point encryption (P2PE) to merchants in the U.S. Ingenico On-Guard with TransactionVault is a comprehensive data security solution is primarily geared toward integrated multi-lane merchants.

Ingenico On Guard
Designed on the industry accepted standards of 3DES DUKPT non-intrusive point-to-point encryption and secure tokenization technology, the Ingenico On-Guard with TransactionVault solution helps merchants reduce their business risks and liabilities associated with potential data breaches by eliminating the transmission and storage of plain-text cardholder data from the merchant’s environment, rendering card data unreadable and unusable to cyber criminals. This comprehensive payment processing and hosted tokenization solution will help merchants reduce their PCI DSS compliance footprint.

With data security breaches on the rise, merchants require payment solutions that help them spend less time worrying about their data and spend more time concentrating on their business, ” says Chris Justice, President of Ingenico North America. “The constant pressure of potential threats to their business and brand is forcing merchants to maintain a strong stance on security and the protection of cardholder data. Our partnership with Merchant Link brings together two industry leaders with well established track records and tested solutions that deliver peace of mind. With over four decades of combined experience, our expertise comes from real-world deployments including large-scale, high volume accounts. ”

The Ingenico On-Guard with TransactionVault solution will use the following systems and technologies:

* Ingenico’s multi-lane POS devices.
* Ingenico’s On-Guard point-to-point encryption at card swipe or manual entry at POS.
* Merchant Link hosting the Ingenico Decryption Appliances (DA) in their secure, PCI-validated redundant data centers.
* Merchant Link’s TransactionVault TM tokenization technology, decryption, and payment gateway connecting the POS to the merchant’s processor of choice.

Merchant Link’s TransactionVault TM tokenization technology uses format-preserving tokens so they easily fit into existing reporting, receipts, and databases. It has been recognized by Javelin Strategy & Research for its innovative ability to move customer credit card data to a safe, secure, fully monitored and managed location away from the merchant’s POS terminals. Implemented at more than 15,000 merchant locations and major POS / PMS providers, TransactionVault is implemented in more locations than any other tokenization product on the market and is being used by leading merchants, restaurants, and hotels.

Experts agree the most effective way to protect data and prevent attacks is to employ a layered security solution. Our combined point-to-point encryption and tokenization solution will protect cardholder data throughout the entire transaction life cycle,” says Tim Kinsella, Executive Vice President, Sales and Marketing. “Further, The PCI Council has given special attention to these two emerging technologies as an effective way to both increase security and significantly reduce PCI scope.”

Ingenico On-Guard with TransactionVault will provide the highest level of security and reliability available today for encrypting data in-flight and data at rest:

* Encryption of swiped, manually keyed, contactless and smartcard data
* Device management for key rotation and software upgrades
* PAN tokenization to reduce PCI DSS compliance footprint while maintaining critical business functionality
* Cloud-based decryption and tokenization to reduce the risk of compromised data
* Connectivity to all major processors with flexible options to connect to multiple processors simultaneously (Amex, private label, gift cards, etc.)
* Flexible and expandable technology to address current and future business requirements

Ingenico and Merchant Link are both exhibiting at Booths #459 and #1960 respectively at the National Retailer’s Federation (NRF) 100th Annual Convention and EXPO January 10-11, 2011 in New York City.