Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

Posts Tagged ‘ Dan Lane ’

Joie de Vivre, which manages the largest collection of boutique hotels in California and an assortment of restaurants and spas, will raise the standards of customer service by implementing Merchant Link’s tokenization solution to protect the credit card data of its guests across 27 of its locations.  Merchant Link is a leading provider of cloud-based payment gateway and data security solutions.

Joie de Vivre offers one of the most unique collections of lifestyle hotels and continues to expand on its fresh and inventive properties.  Merchant Link will deploy its hosted, card-based tokenization solution across the Joie de Vivre enterprise, including the hotel property management systems and the spa point-of-sale systems, ensuring that every transaction is tokenized and there is an extra layer of protection that will protect Joie de Vivre’s brand.

“We pride ourselves on being innovative and offering exceptional hospitality services and products to our customers,” said Michael Stano, Joie de Vivre’s vice president of technology. “Our commitment to excellence extends even further by offering safe and secure financial transactions for our customers so they can enjoy their experience without worrying about the safety of their payment information.  And we have the peace of mind knowing that sensitive data doesn’t live on our network.”

Joie de Vivre, a long time customer of Merchant Link, will utilize TransactionVault™, a tokenization technology that removes customer card data from merchants’ systems where it is most at risk of being compromised by hackers. By tokenizing every transaction throughout the entire hotel experience from check-in to purchases at the gift shop and more, Joie de Vivre can remove payment data from all points in the payment process.  This valuable data will instead be stored in Merchant Link’s secure, hosted “vault,” and therefore effectively lowering the cost and effort of attaining and maintaining PCI compliance.

“The lodging industry is quickly realizing the importance of tokenization to secure sensitive data,” said Dan Lane, President and CEO of Merchant Link.  “We have served Joie de Vivre’s payment transaction needs since 2007, and we continue to work with them as they address the complexities of payment transactions.”

About Joie de Vivre Hotels

Joie de Vivre Hotels ( ) embarked on its mission to “create joy” for guests and employees in 1987, when Chip Conley founded the innovative hospitality company in San Francisco. Each one of Joie de Vivre’s more than 30 hotels is an original concept designed to reflect the local community and engage the five senses so that guests enjoy authentic, memorable experiences. Today Joie de Vivre manages the largest collection of boutique hotels and resorts in California and is expanding outside the state with openings in Scottsdale, Arizona this fall and Chicago in early 2012.

New cloud-based batch management solution allows access from anywhere at anytime

Merchant Link today announced the launch of its next generation Merchant Link Payment Gateway™, offering merchants more flexibility in processing and managing electronic transactions.  This next generation solution now offers anywhere, anytime cloud-based batch management and advanced tokenization and point-to-point encryption, and is easier for merchants and software providers to implement.  Merchant Link’s Payment Gateway is a secure, high-speed payment network that connects a merchant’s point-of-sale terminal and payment processors.

An ideal solution for the restaurant sector, the gateway also includes TransactionVault™, Merchant Link’s tokenization technology that replaces each card number with tokens.  The solution is highly flexible and interfaces with multiple point-of-sale (POS) systems and processors.

“We are committed to extending and evolving our solutions to meet the changing payment and security needs of the restaurant sector,” said Dan Lane, Chief Technology Officer, Merchant Link.  ”As such, we have enhanced our gateway to offer cloud-based batch management for greater flexibility, as well as made implementation easier.  In fact, the solution can now be implemented in as little as two weeks from start to finish.”

Key new features of the next generation Merchant Link Payment Gateway solution include:

  • CLOUD-BASED BATCH MANAGEMENT: Merchant Link customers can now control the batch management process centrally and from any location with a secure Internet connection.  This new feature will also help facilitate integrations with Merchant Link’s growing list of point-of-sale partners.
  • ADVANCED TOKENIZATION AND POINT-TO-POINT-ENCRYPTION: The updated gateway now uses card-based tokens that extend beyond traditional, transaction-based tokens and protects cardholder data.   This allows merchants to track participation in loyalty programs and other marketing analytics.  All cardholder data is still removed from the merchant’s IT environment – dramatically reducing the risk of a data breach.
  • EASIER IMPLEMENTATION: The updated gateway is easier for merchants and POS software providers to implement because it offers a simpler message format, as well as handles settlement batches in a cloud-based environment.  For example, a Merchant Link technology partner recently integrated with TransactionVault in just two weeks – as opposed to a longer implementation cycle that can take up to two months.

About Merchant Link

Merchant Link is a leading provider of security and support for credit card transactions, connecting point-of-sale and property management systems to payment processors. Founded in 1993 and headquartered in Silver Spring, Md., Merchant Link handles more than 3 billion transactions annually for some of the world’s best-known merchants. The company currently supports more than 150,000 hotel, restaurant and retail locations, and maintains connectivity to the major US payment card processors. The company also maintains extensive partnerships with leading point-of-sale vendors, value-added resellers, banks and the card associations, ensuring integrated and streamlined support for their customers. Further information is available at

By Sue Zloth

Drum roll please…in case you missed it, the new PCI Data Security Standard 2.0 (PCI DSS) and the Payment Application Data Security Standard 2.0 (PA-DSS) were released by the PCI Security Standards Council late last week.

The Council released the latest version to provide “greater clarity and flexibility to facilitate improved understanding of the requirements and eased implementation for merchants” according to the announcement.  Version 2.0 will become effective for merchants on January 1, 2011.

So, with the new standards in place, now what?

  • Should merchants continue their current efforts in becoming PCI DSS compliant under v1.2?
  • Do merchants need to stop their efforts to focus on becoming compliant under PCI DSS v 2.0 in preparation for the New Year?
  • Will the “validation” documents on encryption and tokenization require additional changes?

Luckily for merchants, version 2.0 doesn’t introduce any new major requirements and most of the changes are geared towards clarification of the existing requirements.  Moreover, for merchants who are well down the path of complying with v.1.2 they are not required to restart their efforts and comply immediately with the new standard since the old 1.2 standard is valid until December 31, 2011.  However, if a merchant hasn’t started yet, they should look to achieve compliance against the 2.0 spec (it is valid now for merchants).

Regarding point-to-point encryption and tokenization, the Council is simply offering guidance.  Last month they released guidance on P2PE and before the end of the year, guidance on tokenization will be released from the Special Interest Group (SIG) that I sit on.  We don’t expect that merchants will have to comply with any additional requirements, although once all of the documents are released, merchants will need to make sure that their providers comply with the P2PE and tokenization requirements.

The Council understands that merchants need more clarity regarding the standards and small merchants, in particular, are struggling to ensure compliance with limited resources and knowledge. In fact, just this past week Troy Leach, the Council’s CTO, was sitting on a panel next to our CTO, Dan Lane, at an industry conference.  He highlighted the changes and discussed how the Council will be taking proactive steps to ensure merchants have the tools needed to understand exactly what is going to be required of them.

Have you ever wondered how tokenization secures credit card data?  Dan Lane, Merchant Link’s CTO, not only understands why it works, but can explain why tokenization solves the problem of securing data at rest.

But Dan raises another security issue that merchants should also be concerned about: How do you secure data in-flight?  In the video below Dan explains why merchants should be just as concerned about data in-flight and explains how, in the millisecond it takes credit card data to travel from merchant to authorizing bank, a full copy of the mag stripe can be pulled and a credit card stolen.

While we hear a great deal about the threats to consumer credit card security, we don’t hear that much about the issues facing merchants, just criticism and finger pointing when they suffer a breach.

At Merchant Link we understand how complicated it is for merchants to navigate their way through the payment processing system to ensure the safety and security of their customers’ personal information.

Our CTO, Dan Lane, spends a lot of time thinking about these problems and devising solutions for merchants who are confronted with a lack of resources and too many vendors touting too many products.

In the video below Dan outlines his top tips and suggestions for merchants looking to protect their brand and their customers against ever-evolving threats.