Townsend Security Data Privacy Blog

3 Reasons Retail ISVs Should Use OEM Encryption Key Management

Posted by Luke Probasco on Jun 11, 2013 8:39:00 AM

Today there are hundreds of independent software vendors (ISVs) selling niche retail management software and payment applications designed specifically for various types of businesses. All of these retail ISVs must certify all payment applications that process credit card data with the payment card industry (PCI) payment application data security standard (PA-DSS). This certification verifies that the software handling customer credit and debit card information encrypts the software and protects the encryption keys.

ISV payment application security

Although all retail ISVs must certify their payment application software under the PA-DSS standard, many vendors skate by with poor encryption and encryption key management that has been thrown together to meet the bare minimum requirements. Good encryption and key management is the cornerstone of good security. When retail ISVs don’t adequately protect encryption keys or use encryption key management best practices to secure cardholder data, they leave  their customers vulnerable to data breaches.

In order to protect customers, retail management software vendors can upgrade their encryption and key management solutions. Townsend Security offers industry standard AES encryption and certified key management that ease the burden of data security with these three features:

1. Reduced Cost and Complexity

Getting a new encryption key management project off the ground is difficult when you have to justify doing the project over again. Encryption key Management has a reputation for being both costly and difficult, which is partly the reason why many encryption key management projects are rushed through certifications using the bare minimum requirements. That reputation was accurate ten years ago, but today certified encryption key management using best practices can be achieved quickly, easily, and at an affordable price. We help businesses achieve this by offering encryption key management that is easy and fast to deploy, has an easy and cost effective licensing model, and has OEM or “white label” options because we don’t believe issues around branding should get in the way of good data security.

2. Certifications

We supply NIST and FIPS 140-2 certified encryption and key management, or we’ll help you achieve FIPS certifications for your solution. Retailers, especially at the enterprise level, are becoming more and more savvy about the need for certified solutions, and their demand is increasing. NIST and FIPS certifications ensure that their encryption key management has been tested against government standards and will stand up to scrutiny in the event of a breach.

3. Protect Your Customers from Data Breaches

As we see time and time again in the news, retailers still experience data breaches through their payment application software, despite the fact that these applications have a PA-DSS certification. This tells us that certifications don’t always equal good security. In order to protect your customers from a data breach, you must not only meet these certifications, but also build a security solution that will truly protect data at rest and in transit using industry best practices. If your customer experiences a data breach, and you have implemented adequate security that renders the data that was compromised unreadable, you will be not only your customer’s hero, but your own company’s hero as well.

Retail ISVs and payment application software companies also need to know that although they  have certified their solutions with PA-DSS, these standards, like all PCI standards, are not set in stone. Data security is constantly evolving to meet the challenges of new threats that are always surfacing. Retail ISVs need to be aware that just because their solution has been certified, their encryption and key management practices might not suffice during their next certification.

Townsend Security has redefined what it means to partner with a security company. With our NIST and FIPS certified encryption and key management solutions, retail ISVs can offer easy and affordable industry standard data security. Our dedicated team provides our partners with extensive training, back end support, marketing materials, and a cost effective licensing model. We’ll help you turn encryption and key management into a revenue generating option to help build your business and protect your valued customers.

Download Podcast

Topics: Retail ISV, Point of Sale (POS)