By using the First Data Secure Transaction Management service, payment card data is encrypted at the time it is captured by the merchant's existing point-of-sale application and remains encrypted until it is securely delivered to the First Data authorization switch where decryption occurs. Once authorized through the switch, the card number is replaced by a "token" value that cannot be linked back to the original card data, but otherwise behaves like a card number. This enables the merchant to eliminate card numbers from various business applications without the need for costly application or point-of-sale hardware modifications. When needed, merchants can access the original card number through a secure vault that First Data maintains for controlled authorized look-ups. This outsourced service helps merchants to reduce the risks associated with the loss of cardholder data, avoid fines, and help prevent the loss of brand equity and trust.
"The increasing need for data protection and the growing complexity of PCI DSS compliance are driving merchants to evolve their business strategies for securing customers' sensitive information," said Robert Vamosi, security/risk & fraud analyst for Javelin Strategy & Research. "Organizations that can employ a layered approach to data security, one that capitalizes on the inherent advantages of encryption, tokenization and other technologies, will be well positioned to protect card data and reduce the scope of PCI compliance."
The First Data Secure Transaction Management service is powered by the RSA SafeProxy architecture, which employs a unique combination of tokenization, advanced encryption and public-key technologies that are engineered to provide merchants with the capability to eliminate credit card data from their environments without loss of business functionality or massive rewrites of applications. "Payment card data protection and PCI compliance are some of the most significant challenges that our merchant customers face today. Addressing these challenges is both complex and costly," said Michael Capellas, chairman and chief executive officer of First Data. "The simplicity of integrating encryption with tokenization through the First Data Secure Transaction Management service dramatically redefines how merchants of all kinds manage and protect their customer payment data."
"To comply with the PCI DSS and reduce risk, organizations need security controls built into their infrastructure, and not bolted on," said Art Coviello, executive vice president, EMC Corporation and president, RSA, The Security Division of EMC. "Rather than addressing security risks by deploying disparate point controls throughout their infrastructure, First Data Secure Transaction Management provides organizations with a simplified and scalable solution that helps radically reduce management complexity and costs."
First Data and RSA will host a media conference call today at 11:00 a.m. Eastern Time (ET). Media interested in participating should dial (888) 208-1812. Michael Capellas of First Data and Thomas Heiser, Senior Vice President of Global Customer Operations, RSA, will provide opening remarks and then take questions in an open forum.
About First Data First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for millions of merchant locations and thousands of card issuers in 36 countries. For more information, visit www.firstdata.com.
About RSA RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle - no matter where it moves, who accesses it or how it is used.
RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.