Heartland ECSI can help. With Heartland SecureTM, you can rest easy when we are managing your payment process.
PCI Compliance. To underscore our commitment to the security and compliance of payment processing, Heartland is Payment Card Industry (PCI) compliant and a member of the PCI Security Standards Council—a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. In addition to our affiliations, Heartland is also a PCI Level one (1) certified solution provider.
Heartland monitors the transaction volume for all merchants to identify the PCI DSS compliance level. For the Level 1 and Level 2 merchants who are required to complete the Report on Compliance (ROC), Heartland provides monitoring and reminders, applies for extensions as applicable and serves as the liaison between the merchant and the brands. For our small and medium business customers, we recommend that you download and enact what is required for you to be PCI compliant.
The Tokenization Process
After processing a credit or debit card transaction, the data is sent to Heartland who authorizes the transaction and returns a token, which replaces sensitive card holder data with a surrogate value that cannot be mathematically reversed or “decrypted” to expose the card holder number; the token can then be stored in the POS/PMS system for use at a later time (i.e. folio billing at a hotel, recurring billing such as monthly insurance installments, etc.). Tokens can be generated in various formats, one of which is a format-preserving token (FPT) that matches formatting characteristics of card holder’s account number (i.e. 15-digit token for AMEX, 16-digit for Visa, MC, Discover). The original account information that is associated with the token is stored in Heartland’s Data Vault where it is safe from would-be hackers.
End to End Encryption
The authorization process—initiated when the card is read at a terminal or card number is key entered then passed through the merchant’s network to Heartland for authorization—is a crucial stage in the payment transaction process and one that can be protected through end-to-end encryption.
Unlike point-to-point encryption, end-to-end encryption is direct to Heartland so there are no additional points in the transaction where the data is decrypted before being passed to Heartland, minimizing the opportunities for compromise by hackers and criminals. Terminals and customer card entry devices with the end-to-end encryption label feature a tamper-resistant security module, so that the device can’t be converted into a skimming device. Unlike less secure solutions that solely rely on hardware or software encryption, end-to-end encryption provides protection in both hardware and software to ensure sensitive information is useless to would-be hackers.
NEVER PAY MORE TO BE SECURE. We believe so strongly in the ability of end-to-end encryption to protect card holder data that, as stated in Heartland’s end-to-end encryption warranty, we will reimburse you for any breach-related fines and forensic fees should transactions protected by end-to-end encryption be breached.