Visa is setting up a new encryption service called Visa Merchant Data Secure with Point-to-Point Encryption that it says will be available to merchants and partners by early 2013.
"Merchants large and small have expressed an interest in encryption as a way to protect cardholder data from their payment systems and simplify their security protocols," said Ellen Richey, chief enterprise risk officer, Visa.
"Since encrypted data can't be used to commit fraud, Visa's point-to-point encryption solution can significantly reduce the risk and impact of data compromises," added Richey.
Point-to-point encryption (P2PE) technology helps merchants and acquirers protect payment card data within their systems by encrypting sensitive cardholder information.
Because the card data can only be accessed, or unscrambled, with decryption keys held securely by the acquirer, gateway or Visa, cardholder information is protected within the payment processing environment.
According to Visa, P2PE technology is complementary to EMV chip technology, by providing an added layer of protection against the threat of data breaches, especially as the industry works to reach critical mass in the adoption of chip terminals and chip cards to benefit from EMV's defence against counterfeit fraud.
Visa said that with the new solution, merchants and acquirers can adopt point-to-point encryption with ease because of the minimal impact to existing payment systems. To make the transition as easy as possible, Visa will also offer a "format preserving" option, enabling merchants to integrate point-to-point encryption using a 16-digit encrypted value with their current systems.
The system relies on the same Triple Data Encryption Standard (TDES) and Derived Unique Key per Transaction (DUKPT) key management that are used to encrypt PINs today. This provides a consistent framework for managing keys and minimises the impact of merchant system updates.
Visa's solution allows for encryption and decryption in multiple zones, providing merchants and acquirers flexibility in how to deploy encryption within their unique environments. Multi-zone encryption can facilitate routing to multiple endpoints, if the merchant is using multiple processors, consistent with how PIN encryption is managed today.
Sign up for CIO Asia eNewsletters.