Point-of-sale systems have been a prime target in the string of retailer breaches over the past year, with last year’s Target hack a perfect example. After attackers failed to steal payments credentials from one of Target’s PCI-compliant databases, they switched tactics and infected Target’s POS system with malware to steal card information. First Data, one of the largest solution providers for merchants, announced a new partnership to offer Verifone’s Secure Commerce Architecture solution to ward off attacks on merchants' POS systems.
[For more on the tactics used in the Target attack, check out: What Banks Can Learn From the Target Breach.]
The Secure Commerce Architecture solution allows payment data from card purchases to be sent directly to the merchant acquirer without ever passing through the merchant’s POS system, according to a joint press release from the companies. Normally, payments data would be routed to the acquirer through the merchant’s POS system, which is where the Target hackers were able to steal 40 million card credentials.
Cutting out the point-of-sale system in the flow of data will also make it easier for First Data’s merchant customers using the Verifone terminals to become EMV-compliant, as they won’t have to update their POS systems for the migration.
First Data also said that it would encrypt payment data sent through Verifone’s solution to the acquirer with its own TransArmor data protection solution.
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio