Emerging Technologies

Order Form

    This individual Report End-to-End Encryption: The Acquiring Side Responds to Data Loss and PCI Compliance is available for purchase. This Report is available to members of Mercator Advisory Group’s Emerging Technologies Advisory Service. Please be advised that this Report is normally part of a research and advisory service that provides ongoing support throughout the year. As such, this Report contains significant depth of content that is selected for its strategic importance to our members. (For a description of these services, see our Advisory Services section).

    While the Report represents significant analyst time invested, there is no means of our ascertaining if it will fully meet your specific intended purposes. Typically, these Reports form the basis for future discussions with our clients where we are able to fine-tune additional information that we have gathered in the construction of the series of Reports (or locate new information rapidly due to our exclusive focus on gathering information in the payments industry) for specific member needs.

    Unfortunately, in fairness to our paying members, we are not able to offer this level of support for a single Report purchase. We will, however, credit any Research Document purchase against the future purchase price of the service should you become a member within 30 days of purchasing the document.

    The price for individual Report purchases is $2950 per document. 


    Use the form below to request this individual Report purchase or

    Click here for a fax-back order form




End-to-End Encryption: The Acquiring Side Responds to Data Loss and PCI Compliance

End-to-End Encryption: The Acquiring Side Responds to Data Loss and PCI Compliance

New Research Provides Guidance on End-to-End Encryption for Merchants and Processors

Boston, MA. - June 24, 2009 -- With the US payments system under continuous cyberattack and data breaches endemic, merchants and processors are scrambling to protect their data assets and cardholder data in particular. Card data encryption turns valuable data into worthless bits and bytes, eliminating the economic incentive for a cyberattack.

In a new report, End-to-End Encryption: The Acquiring Side Responds to Data Loss and PCI Compliance, Mercator Advisory Group explores end-to-end encryption (E2EE) in the hands of merchants, payment service providers and processors. In the face of the three bogies of PCI DSS compliance and penalties, reputational risk and direct financial loss, the acquiring half of the payments process is evaluating options for eliminating cleartext cardholder data from their systems. Tokenization (the subject of a recent Mercator report) and end-to-end encryption are the leading candidates. This report examines the complexity of E2EE within payments and enterprise security.

"End-to-end encryption's beauty is very much in the beholder's eye. If you're a Tier one merchant in no mood to risk the reputational crisis of a data breach, using E2EE to rid your network of card data is a good move," George Peabody, Director of Mercator Advisory Group's Emerging Technologies Advisory Service and principal analyst on the report comments. "E2EE also reduces the scope of PCI compliance audits and remediation costs but the beauty of encryption and card security will likely be lost on millions of Tier 4 merchants. Strong sales incentives and messaging will be required to have them join in the data protection fight."

Highlights of the report include:

  • End to end encryption (E2EE) is a long forestalled rational reaction to data breaches and PCI DSS audit costs.

  • The advantages to merchants of getting out from under a large set of PCI compliance burdens may make E2EE worthwhile.

  • Defining the "ends" in E2EE is a key step for every deployment.

  • The encryption zones under a processor's control - from the merchant's magstripe reader to the interconnection point with card brand or issuer - appear to be a manageable domain where the burdens of key management and new POS gear equal the benefits.

  • Standards development is in early days. A new working group under ASC X9 has brought together the key stakeholders, some of whom have sharply diverging goals.

An Exhibit included in this report:

This report contains 36 pages and 7 exhibits.

Companies and programs mentioned in this report include: Hypercom, VeriFone, Ingenico, MagTek, Magensa, Heartland Payment Systems, Visa, MasterCard, RBS Worldpay, RSA, Prime Factors, Verizon Business, Voltage Security, Semtek, Futurex, SafeNet, Transaction Network Services (TNS), Thales, Atos Wordline, HP Attala, Banco de Credito e Inversiones, Propay, Fifth Third Bancorp, and EMVCo.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at www.mercatoradvisorygroup.com.

For more information and media inquiries, please call Mercator Advisory Group's main line: 781-419-1700 or send E-mail to info@mercatoradvisorygroup.com.

Mercator Advisory Group is the leading, independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors.