Using End-to-End Encryption Hardware For Better Security
Whenever you process a transaction through a web-based Virtual Terminal, you expose your computer and network to sensitive credit card information. It starts by entering the full credit card number, expiry date, and security code using your computer’s keyboard. That information flows through your computer and operating system, onto your web browser, and through your internet connection, finally reaching the processor’s web server.
Doing so means an increased scope for PCI-DSS compliance. While most small merchants can easily secure their computers with anti-virus software and segregate their network, large merchants with call centers that accept credit cards are placed in a much more challenging environment. Bringing your entire environment and every computer and sales agent into the scope of compliance can be a daunting task.
So what can you do to reduce that scope? Check out Helcim Commerce with the SRED Encrypted USB Keypad.
This USB-powered keypad acts as an encrypted replacement for typing sensitive credit card information on your keyboard. Full credit card numbers, expiry dates, security codes, and even addresses (for AVS) can be typed by your staff directly into the secured keypad. Once ready, the information is encrypted directly by the keypad and submitted as a secure block of data. It can only be decrypted once it’s received by Helcim’s servers. Through this use of end-to-end encryption (E2EE), your computers and network are removed from the scope of PCI-DSS.
While a secure keypad does not address all sections of PCI-DSS, removing your computers and network from scope goes a long way in becoming compliant.