Keeping Data Out of the Clear

MagTek releases solutions that provide security at a swipe.

To aid the retail industry's continuing effort to safeguard customer data during the acceptance and processing of electronic transactions, MagTek is offering a new secure mobile card reader and PIN entry device.

The electronic payments technology provider announced the MagneSafe m20 card reader and iPad PIN entry device April 14 at the Electronic Transactions Association Meeting & Exposition in Las Vegas.

"Security is one of the biggest challenges on the market for transaction processing," said John Arato, vice president and business unit manager of retail products for MagTek.

Arato said MagneSafe m20 is a version of the standalone MagneSafe reader released a year ago that is specifically designed for use in wireless or mobile environments. "A mobile merchant can collect data, swipe cards, and have the data encrypted at the swipe," he said. "The data is never in the clear. It's stored in the reader until you can upgrade it. The data is fully encrypted so it can never get hacked or breached by a third party. This provides a great solution for retailers who have the challenge of storing data in the clear."

Arato said MagneSafe m20 exceeds the regulations of the Data Security Standard from the Payment Card Industry (PCI) Security Standards Council, which requires the encryption of customer data once it's stored, but not while in transit.

"MagneSafe m20 has a battery and can store 70 encrypted transactions to be uploaded later," he said. "It spares the expense of a mobile point-of-sale [POS] terminal."

MagTek also released the iPad, a secure PIN entry device that includes a built-in MagneSafe reader. The iPad also encrypts data at the point of swipe without putting it in the clear for any length of time, using the Triple Data-Encryption Standard (3DES) and Derived Unique Key Per Transaction (DUKPT) protocols.

"Retailers and processors are familiar with these protocols and already know how to work with them," Arato said.

The iPad can be used as a handheld device or mounted to work with a retailer's existing POS systems and infrastructures.

Steve Rowen, a partner with retail consulting firm Retail Systems Research, said securing customer data at the swipe provides real value and demonstrates the lead in data security being taken by some technology providers.

"Several technology vendors have recognized that PCI compliance isn't-and has never been-enough for a retailer to post a sign in the sand that says 'secure,'" Rowen said. "In some ways, it's very good news that the industry is now getting leadership from the technology vendors. It wouldn't have taken many security breaches at PCI compliant-retailers to prove the point that leadership should be coming from technologists, not a bank."

Dan Berthiaume covers the retail space for eWEEK. For more industry news, check out's Retail Site.