Coalfire Validates the Ability of Merchant Link’s TransactionShield and TransactionVault Solutions to Significantly Reduce Merchants’ PCI DSS Scope

  • Merchant Link
  • 06.22.11
Hospitality Industry Technology Exposition and Conference (HITEC) – Merchant Link’s TransactionShield™ and TransactionVault™ solutions can significantly reduce merchants’ PCI DSS scope, according to an independent security assessment released today by Coalfire Systems, Inc, a Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company.

Merchant Link’s TransactionShield is a point-to-point encryption (P2PE) solution that ensures that customer data is secure from the moment their credit card is swiped.  Merchant Link’s TransactionVault tokenization solution removes customer credit card data where it would be at risk from hackers. The data is instead stored in Merchant Link’s hosted vault.  The combination of TransactionShield and TransactionVault secure both data in-flight and data at rest, and reduce the cost and effort of attaining and maintaining PCI compliance.

“Merchants continue to be plagued by data breaches caused by inadequate security controls or applications which allow access to sensitive payment card data,” said Kennet Westby, president and COO of Coalfire.  “Merchant Link’s comprehensive offering including both tokenization and encryption can provide significant risk mitigation of data compromise and is one of the most effective data security controls available to merchants today.”

“Merchants are currently burdened with having to keep all customer data secure while also meeting challenging PCI requirements,” said Dan Lane, President and CEO of Merchant Link.  “Coalfire’s assessment of our P2PE and tokenization solutions further validates that Merchant Link can provide transaction security solutions that go beyond current PCI requirements, ultimately allowing merchants to focus on their core businesses.”

Coalfire’s assessment, which included technical testing, architectural assessment, industry analysis, compliance validation and peer review, found that:

  • TransactionShield will leverage multiple encrypting point of interaction (POI) devices deployed in the merchant network and a Merchant Link-hosted decryption system which eliminates the transmittal of cleartext cardholder data through the entire merchant network.
  • TransactionVault can eliminate post authorization storage of cardholder data from a merchant’s network by storing it in Merchant Link’s PCI DSS compliant data centers.
  • TransactionShield is aligned with Visa Best Practices for Data Field Encryption published by VISA in October 2009, as well as guidance provided in the Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance published by PCI SSC in October 2010.
  • TransactionVault is aligned with Visa Best Practices for Tokenization guidance published by VISA in July 2010.
  • Properly deployed, implementation of the TransactionShield and TransactionVault solutions together can effectively remove merchant retail POS systems from the scope of PCI DSS by:

o Capturing card data only via a TransactionShield integrated POS application and encrypting Point of Interaction (POI) device;
o Strongly encrypting card data at the TransactionShield point of capture in a secure, restricted access, encrypting POI device, where the merchant has no ability to decrypt the card data;
o Storing only card data tokens post authorization as returned by TransactionVault.

Related Articles
want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.