DeliciousDoin' It Right
- The Green Sheet - November 9, 2009
Security and anti-fraud technology solutions provider MagTek Inc. reported that its MagneSafe technology for Secure Card Reader Authentication (SCRA) not only meets but exceeds all 14 points of Visa Inc.'s 2009 published best practices for data field encryption.
Additionally, MagneSafe was recognized by Pricewaterhouse Coopers, in a September 2009 report to the PCI Security Standards Council (PCI SSC) entitled Emerging Technology Research, as the only solution to combine all five "emerging technologies" identified as dynamic payment card data (DPCD), magnetic stripe imaging, end-to-end encryption, tokenization and virtual terminals.
One and only
"Our interpretation is that we are the only security vendor to combine all of these technologies," said Andy Deignan, MagTek's Vice President of Global Marketing and Strategy. "No one security technology out there is going to deliver all the protection necessary.
"However, stopping the use of a fraudulent card is not being addressed by PCI initiatives. So we've taken that process one step further by not only protecting the data, but actually stopping counterfeit card use. We do this by leveraging encryption, tokenization, fraudulent card detection, tamper recognition and data relevance and integrity to validate and protect the entire transaction."
Deignan added that the most important feature of the MagneSafe solution is its ability to use existing mag stripe cards to generate DPCD. It is the static data, he said, that is so valuable to cyberthieves.
Too much static
"DPCD is the opposite of static data," Deignan said. "In the traditional payment, the static data on a card is the same from transaction to transaction. So that information has value for the bad guys because they can reuse that data again and again."
Deignan said that MagTek has solved the problem of static data susceptibility with its MagnePrint solution, a dynamic card authentication technology that reads the individual "fingerprint" indigenous to every mag stripe card called the digital identifier.
"Every magnetic stripe card that has ever been manufactured has randomly distributed and randomly sized magnetic material that is as unique as your retina or DNA," Deignan said.
"If I take two magnetic cards and encode the same data on them, it is the same from card to card – but the material that the data is encoded onto emits an inherent or analog noise that is unique to that card.
"MagnePrint is able to identify those fraudulent cards and determine whether they are authentic or counterfeit. Additionally, that transaction is only good one time. Once it's used, it can't be re-presented; there's no redemption value to that stolen data; that's why PWC said that this solution has the potential to eliminate PCI DSS [Payment Card Industry Data Security Standard]."
Problem affects all
MagTek is a company that believes industry-wide problems need industry-wide solutions. Deignan said that data breaches and counterfeit cards go hand in hand and he feels PCI DSS at this time serves only to place "a band-aid on a bleeding wound."
"We believe we're giving merchants a cure to this problem, so we're trying to educate the industry about dynamic authentication," Deignan said. "We can't keep shifting the liability to the next guy.
"No one is taking on the task of 'How do we fix the problem and stop the fraud?' so we see DPCD as a sensible and practical way of providing real security.
"Merchants don't want to invest in technology that won't give them future piece of mind. We're making excellent progress, though, and getting more players to join our cause because we're getting to the core of the problem to stop fraud altogether and forever."