Townsend Security Data Privacy Blog

3 Reasons Point of Sale (POS) Vendors Should Offer Encryption Key Management

Posted by Luke Probasco on May 28, 2013 8:01:00 AM

In a world where data breaches are occurring nearly every day, and data security in many organizations looks more like a sieve than a safeguard, using a strong encryption and key management solution is a must. Protecting sensitive data using encryption and protecting encryption keys using a strong encryption key management hardware security module (HSM) is so important today that it is required, if not strongly recommended, by most data security industry regulations such as PCI-DSS, HIPAA/HITECH, and GLBA/FFIEC.

encrytion key manageament simplified ebook

If encryption and key management are so critical to protecting data, why are so many data breaches occurring every week? This is especially an important question to ask merchants and retail companies whose encryption and key management strategy has already passed a PCI test in order to operate their POS systems. Although they’ve passed the test, many are still the easiest targets for hackers and seem to be the most susceptible to data loss in general.

At the end of the day, individual businesses are responsible for their own data security, but POS vendors can boost their own security posture and industry leadership by offering better encryption and better encryption key management solutions to their customers. Since encryption and key management are necessary components of POS systems, providing customers with third-party OEM NIST-certified AES encryption and FIPS 140-2 compliant key management would give a POS vendor these critical advantages:

  1. Competitive Advantage - As we have seen over the past few years, industry regulations such as PCI-DSS and HIPAA/HITECH continue to become more stringent. POS vendors offering NIST-certified encryption key management will only retain customers if they can offer encryption key management solutions that fall in line with these regulations.
  2. Protect Customers to Protect Yourself - When a data breach occurs, two parties take the most heat: the CEO and the software vendor whose solution was inadequately protecting the data. Retailers who experience data breaches due to poor encryption and key management techniques employed in their POS systems will likely blame their vendor and are more likely to migrate to a competitor.
  3. Offer a Higher Quality Product and Generate New Revenue - Almost every single POS vendor offers encryption and key management on their devices, but not every POS vendor does the job right. In these cases, a retailer may pass a PCI audit but still be vulnerable to a data breach. With a NIST-certified OEM encryption key management solution, a POS vendor can offer retail customers the best data security available and generate new revenue with that offer.

In our opinion, POS vendors should absolutely offer their customers the best encryption and encryption key management solutions that are out there. It is clear that many POS vendors are not offering their customers the best data security tools, and the evidence is in the data breaches that happen nearly every week. POS vendors can offer their customers industry standard and certified solutions by implementing an affordable OEM encryption key management solution that is customized for their specific applications.

Download eBooK: "Encryption Key Management Simplified"

Topics: Point of Sale (POS), Encryption Key Management, OEM