Merchant Link SecurityCents

The Georgia Center, a conference center and hotel with 200 rooms and suites on the campus of the University of Georgia (UGA), will be providing a more restful night’s stay for their guests moving forward. That’s because the Georgia Center is working with Merchant Link to install the company’s TransactionShield™ point-to-point encryption solution to ensure that customer data is secure from the moment their credit card is swiped.

“We have always sought to be aggressive when it comes to our approach to data security,” said Corey Doster, the IT Director at the Georgia Center.  ”Merchant Link solutions help us meet and exceed our PCI compliance requirements while removing the customer data completely from our premises.  The addition of TransactionShield provides another layer of security to protect our faculty, staff, students and campus visitors against theft and misuse.”

The Georgia Center, which serves over 42,000 guests every year, has been a longtime customer of the Merchant Link Payment Gateway™ since August 2006. The conference center and hotel also deployed Merchant Link’s TransactionVault™ tokenization solution last year with significant success. By combining the two solutions, the Georgia Center removed sensitive data completely from their systems.

The recent addition of the TransactionShield point-to-point encryption solution will extend the protection of customer data from the moment the credit card is swiped and as data travels through UGA’s IT environment to the Merchant Link network. New credit card readers immediately encrypt credit card data and decryption does not occur until it reaches Merchant Link’s cloud-based payment gateway. Once authorization is received, data is sent back to UGA’s Micros OPERA Property Management System in the form of a token.

The implementation of TransactionShield at the Georgia Center is Merchant Link’s first point-to-point encryption installation. Following the successful implementation at the Georgia Center, Merchant Link expects to rapidly deploy the solution to other hotel, restaurant and retail merchants around the country.

About the Georgia Center

The Georgia Center, the University of Georgia’s Conference Center and Hotel, is located on the beautiful, historic campus of UGA in Athens, Georgia. The Center includes a 200-room hotel, four onsite dining options, banquet areas, conference rooms, auditoriums, a fitness center, and a computer lab — all under one roof.

For additional information, go to http://www.georgiacenter.uga.edu.

About Merchant Link

Merchant Link is a leading provider of cloud-based payment gateway and data security solutions, removing the risk and hassle from credit card acceptance for more than 150,000 hotel, restaurant and retailers. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link currently enables more than 3 billion transactions annually for some of the world’s best-known merchants, providing connectivity to the major U.S. payment card processors. TransactionVault™, our tokenization solution, and TransactionShield™, our point-to-point encryption solution, mitigate the risk of a data compromise while lowering the cost and effort of PCI compliance. Further information is available at www.merchantlink.com. For our expert opinion on encryption, tokenization and PCI compliance, visit the Merchant Link blog at www.merchantlinksecuritycents.com.

The Copper Cellar Corporation, which owns and operates 19 Copper Cellar, Calhoun’s, Smoky Mountain Brewery, Cherokee Grill and Chesapeake’s restaurants, will be serving more than quality dining and memorable experiences to its guests moving forward: it will also provide peace of mind with a robust payment protection solution.

The Copper Cellar Corporation recently installed TransactionVault^™, Merchant Link’s tokenization solution, and the Merchant Link Payment Gateway^™ across all of their locations in Knoxville, Nashville, Gatlinburg, Pigeon Forge, Maryville and Lenoir City.

“It’s comforting to not have to worry about the security of our guests’ credit card information,” said Mike Gaston, vice president of information services for Copper Cellar Corporation. “The fact that it is not stored anywhere on our network is a huge relief.”

The company chose to utilize these solutions to safeguard customer’s sensitive payment data and remove it from the premise to ensure that it is transmitted safely and effectively while reducing their PCI DSS compliance footprint.

The Merchant Link Payment Gateway sends payments quickly, while detecting and correcting errors along the way. It ensures funds are delivered accurately and consistently, prevents expensive chargeback fees and reduces clerk or system errors and prevents them from showing up on customer credit statements.

TransactionVault removes customer credit card data at the point of sale where it would be at risk from hackers. The data is instead stored in Merchant Link’s hosted “vault,” effectively securing “data at rest” and reducing the cost and effort of attaining and maintaining PCI compliance. Through TransactionVault, Merchant Link processed 1 billion transactions at more than 15,000 merchant locations in 2010.

The Copper Cellar Corporation utilizes a Squirrel point-of-sale (POS) system for customer payments. Their previous payment processor and data security solution created problems for them by posting batches twice. Merchant Link’s full suite of reporting and error detection tools help to eliminate failed batch attempts, duplicate batches or no settlement attempts.

“Our old processor had double posted batches before,” said Gaston. “Despite not being directly responsible for the error, it made us look bad in the eyes of our guests. Merchant Link monitors for potential batch issues and ensures that problems such as these are a thing of the past for Copper Cellar, its restaurants and its customers.”

The wide-scale implementation was completed shortly after a pilot site went live successfully with Merchant Link’s solutions.

By: Nathan Eddy

This story was originally published on eWeek

The hosted platform offers businesses cloud-based services to protect cardholder data.

Voltage Security, a provider of enterprise and payment card data protection inside and outside the cloud, and Merchant Link, a provider of payment gateway and data security solutions, announced a partnership to provide point-to-point encryption, cloud-based decryption and tokenization to businesses looking for a security solution to protect cardholder data and reduce PCI scope. The hosted solution enables merchants to have their Voltage SecureData Payments solution with the decryption and tokenization services hosted within the Merchant Link Payment Gateway.

The service provides a solution to secure data in-flight and data at rest: Voltage Security’s point-to-point encryption technology, where cardholder data is encrypted immediately at point of capture and remains protected throughout the merchant’s environment. The service also provides Merchant Link’s TransactionVault tokenization technology, decryption and payment gateway connecting the POS to the merchant’s processor of choice.

“With this new offering, we are moving the decryption point to the cloud, so the merchant no longer has to have decrypted data in their environment,” said Dan Lane, chief technology officer for Merchant Link. “Data is protected within our secure, PCI-validated redundant data centers. And because the decryption and tokenization is cloud-based, it is both affordable and easy to implement.”

Other features include simplified key management, with no need to inject keys into devices or manually rotate encryption keys; encryption support for a range of form factors in the industry, from payment peripherals to counter-top terminals to multilane terminals; and removal of cardholder data from merchant environments along with outsourced key management, allowing for a reduction of PCI scope.

“Voltage is taking a leadership role in providing data protection both inside and outside the cloud. Now, for the protection of sensitive cardholder data used in payment transactions, merchants can turn to Merchant Link and Voltage for a safe and powerful solution to protect both data in-flight and data at rest,” said Mark Bower, vice president of product management for Voltage Security.

The release comes on the heels of a WatchGuard security forecast for 2011, which predicts VOIP (voice over IP) attacks, manufacturer-delivered malware and social media security breaches will be among the top security concerns for businesses this year.

“2011 stands to be a dynamic year for network security as criminals and hackers take threats to new levels,” said Eric Aarrestad, vice president at WatchGuard Technologies. “Given how new threats are constantly evolving, WatchGuard remains ever vigilant in staying one step ahead of these threats, which gives our customers unparalleled protection for their networks, applications and data.”

Two leaders in the payments industry team up to provide multi-lane merchants with a comprehensive data security solution to protect cardholder data in-flight and at rest

New York, NY — January 10, 2011 – National Retailer’s Federation 100th Annual Convention and Expo

Ingenico, the leading worldwide provider of payment devices and services, and Merchant Link, a leading provider of payment gateway and data security solutions, today announced a joint solution to offer Merchant Link’s TransactionVault™ tokenization technology with Ingenico On-Guard point-to-point encryption (P2PE) to merchants in the U.S. Ingenico On-Guard with TransactionVault is a comprehensive data security solution is primarily geared toward integrated multi-lane merchants.

Ingenico On Guard
Designed on the industry accepted standards of 3DES DUKPT non-intrusive point-to-point encryption and secure tokenization technology, the Ingenico On-Guard with TransactionVault solution helps merchants reduce their business risks and liabilities associated with potential data breaches by eliminating the transmission and storage of plain-text cardholder data from the merchant’s environment, rendering card data unreadable and unusable to cyber criminals. This comprehensive payment processing and hosted tokenization solution will help merchants reduce their PCI DSS compliance footprint.

With data security breaches on the rise, merchants require payment solutions that help them spend less time worrying about their data and spend more time concentrating on their business, ” says Chris Justice, President of Ingenico North America. “The constant pressure of potential threats to their business and brand is forcing merchants to maintain a strong stance on security and the protection of cardholder data. Our partnership with Merchant Link brings together two industry leaders with well established track records and tested solutions that deliver peace of mind. With over four decades of combined experience, our expertise comes from real-world deployments including large-scale, high volume accounts. ”

The Ingenico On-Guard with TransactionVault solution will use the following systems and technologies:

* Ingenico’s multi-lane POS devices.
* Ingenico’s On-Guard point-to-point encryption at card swipe or manual entry at POS.
* Merchant Link hosting the Ingenico Decryption Appliances (DA) in their secure, PCI-validated redundant data centers.
* Merchant Link’s TransactionVault TM tokenization technology, decryption, and payment gateway connecting the POS to the merchant’s processor of choice.

Merchant Link’s TransactionVault TM tokenization technology uses format-preserving tokens so they easily fit into existing reporting, receipts, and databases. It has been recognized by Javelin Strategy & Research for its innovative ability to move customer credit card data to a safe, secure, fully monitored and managed location away from the merchant’s POS terminals. Implemented at more than 15,000 merchant locations and major POS / PMS providers, TransactionVault is implemented in more locations than any other tokenization product on the market and is being used by leading merchants, restaurants, and hotels.

Experts agree the most effective way to protect data and prevent attacks is to employ a layered security solution. Our combined point-to-point encryption and tokenization solution will protect cardholder data throughout the entire transaction life cycle,” says Tim Kinsella, Executive Vice President, Sales and Marketing. “Further, The PCI Council has given special attention to these two emerging technologies as an effective way to both increase security and significantly reduce PCI scope.”

Ingenico On-Guard with TransactionVault will provide the highest level of security and reliability available today for encrypting data in-flight and data at rest:

* Encryption of swiped, manually keyed, contactless and smartcard data
* Device management for key rotation and software upgrades
* PAN tokenization to reduce PCI DSS compliance footprint while maintaining critical business functionality
* Cloud-based decryption and tokenization to reduce the risk of compromised data
* Connectivity to all major processors with flexible options to connect to multiple processors simultaneously (Amex, private label, gift cards, etc.)
* Flexible and expandable technology to address current and future business requirements

Ingenico and Merchant Link are both exhibiting at Booths #459 and #1960 respectively at the National Retailer’s Federation (NRF) 100th Annual Convention and EXPO January 10-11, 2011 in New York City.

New cloud-based batch management solution allows access from anywhere at anytime

Merchant Link today announced the launch of its next generation Merchant Link Payment Gateway™, offering merchants more flexibility in processing and managing electronic transactions.  This next generation solution now offers anywhere, anytime cloud-based batch management and advanced tokenization and point-to-point encryption, and is easier for merchants and software providers to implement.  Merchant Link’s Payment Gateway is a secure, high-speed payment network that connects a merchant’s point-of-sale terminal and payment processors.

An ideal solution for the restaurant sector, the gateway also includes TransactionVault™, Merchant Link’s tokenization technology that replaces each card number with tokens.  The solution is highly flexible and interfaces with multiple point-of-sale (POS) systems and processors.

“We are committed to extending and evolving our solutions to meet the changing payment and security needs of the restaurant sector,” said Dan Lane, Chief Technology Officer, Merchant Link.  ”As such, we have enhanced our gateway to offer cloud-based batch management for greater flexibility, as well as made implementation easier.  In fact, the solution can now be implemented in as little as two weeks from start to finish.”

Key new features of the next generation Merchant Link Payment Gateway solution include:

• CLOUD-BASED BATCH MANAGEMENT: Merchant Link customers can now control the batch management process centrally and from any location with a secure Internet connection.  This new feature will also help facilitate integrations with Merchant Link’s growing list of point-of-sale partners.

• ADVANCED TOKENIZATION AND POINT-TO-POINT-ENCRYPTION: The updated gateway now uses card-based tokens that extend beyond traditional, transaction-based tokens and protects cardholder data.   This allows merchants to track participation in loyalty programs and other marketing analytics.  All cardholder data is still removed from the merchant’s IT environment – dramatically reducing the risk of a data breach.

• EASIER IMPLEMENTATION: The updated gateway is easier for merchants and POS software providers to implement because it offers a simpler message format, as well as handles settlement batches in a cloud-based environment.  For example, a Merchant Link technology partner recently integrated with TransactionVault in just two weeks – as opposed to a longer implementation cycle that can take up to two months.

About Merchant Link

Merchant Link is a leading provider of security and support for credit card transactions, connecting point-of-sale and property management systems to payment processors. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link handles more than 3 billion transactions annually for some of the world’s best-known merchants. The company currently supports more than 150,000 hotel, restaurant and retail locations, and maintains connectivity to the major US payment card processors. The company also maintains extensive partnerships with leading point-of-sale vendors, value-added resellers, banks and the card associations, ensuring integrated and streamlined support for their customers. Further information is available at www.merchantlink.com.

The Missing Link in SMP

Originally posted to Retail Reseller News

Reselling Panasonic’s System Manager Pro (SMP) and growing worried about PCI now that the vendor no longer supports the software? An interesting third-party solution has been developed by Bunt Software (Rockford, IL), which works in concert with the hosted payment gateway at Merchant Link (Silver Spring, MD). Entitled SMPLink, and launched in July, this new middleware exploits Merchant Link’s TransactionVault for tokenization of consumer data, meets PA-DSS requirements, and even supports gift cards. So far, Bunt Software has sold about 400 licenses, with 11 Panasonic dealers marketing to their customers.

In an interview with RRN.Com, Don Bunt said he spent 20 years developing POS software for Panasonic before launching his company. “Without SMPLink, customers would have had to replace their POS software, maybe even hardware,” Bunt suggested. “All of the familiar QSRs are using SMP in some form or another–Wendy’s, Arby’s, Burger King, Taco Bell, KFC, Cold Stone Creamery. With SMPLink, merchants can continue operations without worry until such time as they want to replace the POS.”

“I’m working with Panasonic dealers who are already servicing these customers for the long haul,” Bunt continued. “I’ve built margin into the product, and there’s also installation charges for them.” Bunt Software helps dealers with the installation process and provides two-tier support for Merchant Link. Now negotiations are underway with other POS companies to provide middleware similar to SMPLink for their PCI compliance needs, RRN.Com was told.

by Tim Kinsella

When Visa released its suggested best practices for tokenization on July 16th, those of us in the industry knew it was just the beginning of a much broader debate on what these guidelines meant and whether or not they really were the best practices.

Merchant Link’s stance is very clear: while Visa’s best practices are a good start and we laud their endorsement of tokenization, there is more to be done. Just what needs to be done and how it needs to happen should be a source of great debate among not only solution providers, but also merchants.

Ericka Chickowski has certainly added to the debate in her recent piece in Dark Reading where she offers four best practices for tokenization. Her suggestions focus on:

1. Generating random tokens
2. Engaging a third party solution to create robust solutions
3. Ensuring that the server is PCI-compliant
4. Creating a multifaceted solution – one which includes both tokenization and encryption

What do you think? Leave us a comment with your insights.

Originally featured on Tnooz

Day Four: Protecting data at rest and data in motion – Tokenization and encryption

As you may have noticed, VISA recently came out with guidelines for tokenization. This is after they already established guidelines for point encryption solutions.

Most believe that this latest guidance is indicative of what we will be seeing in the future from the PCI Security Standards Council.

The use of both tokenization and encryption is necessary to ensure protection of credit card information that is stored as well as information that is in transit.

But first, we must understand how each technology works.

Tokenization is the replacement of a data element (such as a credit card number) with another data element which serves as a reference to the original.

This replacement data element is also known as a token.

This token/reference number is stored in a hotel’s computer systems instead of the real credit card number so that if someone tries to steal the credit card number, all they end up with is a non-actionable token that has no value.

The value of a token is that it cannot be decrypted, derived, cracked, or reverse engineered to discover the original value.

Encryption on the other hand, is the process of transforming a data element using an algorithm to make it unreadable to anyone except those who possess the decryption key.

While both have their place, tokenization is more effective at removing data, as encrypted data is dependent on the strength of the encryption as algorithms as well as secure key management practices.

The best security strategy is a layered one where merchants employ both tokenization (to secure data at-rest) and encryption (to secure data in-flight).

By utilizing both technologies, hotel operators and merchants can reduce the scope of their PCI compliance audits, by ensuring data doesn’t reside in full on internal systems.

Originally featured on Tnooz

Day Three: On the horizon… What’s next for PCI DSS?

Recently, VISA, one of the founding members of the PCI Council, made headlines by developing global industry best practices for tokenization.

This guidance was provided to merchants, vendors, and service providers in an effort to promote safe merchant environments.

Tokenization is the process through which a credit card’s primary account number is replaced by a proxy, with no mathematical relationship back to the original number.

By replacing the account number, merchants and processors limit the sensitive data that is stored on their systems thereby significantly reducing the risk that that sensitive data could be stolen by hackers.

Could this guidance be a preview to what is on the horizon for PCI DSS?

We hope so.

The PCI Council continues to work on developing guidelines that will help merchants eliminate sensitive card data from payment systems in order to simplify data security and compliance efforts.