Perle Systems Application Note
Secure Data Encryption
How to upgrade existing technology to meet encryption requirements and save costs
The Scenario - A retailer with a serial-based POS system and multi-port device server transmitting data over a public network.
The Challenge: Credit Card Information Security Compliance
For today’s retailers, there has been increasing pressure by credit card companies to protect the privacy of customer information. Among other initiatives, there have been specific measures taken in the area of credit card data and the way information is used and transmitted.
Visa for example is enforcing strict policies and deadlines on its merchants through its Cardholder Information Security Program (CISP) in the U.S. and internationally through the Account Information Security (AIS) program. Other major card issuers have announced similar requirements and deadlines.
An integral part of privacy protection at the retail level is the capture of information at the debit/credit card terminals when a card is swiped. While there has been some level of privacy protection for the data being transmitted across public networks for approvals, this is no longer enough to meet new privacy requirements. This represents a particular challenge for retailers, who rely on public networks to keep their communications costs under control.
On the hardware front, many retailers use serial-based point of sale (POS) terminals with card reading devices attached that communicate with a serial to Ethernet terminal server. The typical serial to Ethernet multi-port terminal server in use today simply does not have the encryption capabilities required to meet the new demands imposed on the merchants by the credit card companies.
While replacing existing serial to Ethernet devices with more secure versions is the most obvious tactic, this would be a more costly and complex exercise than most retailers can handle. Switching to a VPN (virtual private network) infrastructure is another option, but again would involve complex changes and considerable time and expenses.
A third alternative – and one that leverages existing technology to deliver significant cost savings – is using a Perle Serial Device Server with built in encryption capabilities to link card reader terminals to the public network. This allows retailers to maintain their existing technology investment, while providing the highest data protection levels possible.
The IOLAN SDS1 is a single port encryption-enabled device server that can be deployed at each reader to create secure links to the remote application server. Users simply disconnect the card reader terminals from the terminal server, and connect each reader to an IOLAN SDS1. This configuration offers a number of advantages, including:
- Rapid deployment
- Ease of installation
- Minimal disruption to operations
- Investment protection of existing hardware
- No infrastructure changes
- Reduced cost – up to 40% savings per store vs. wholesale replacement
- Ability to retain use of public network for data capture and transfer
Perle’s IOLAN family of products was designed to deliver exceptional performance and expanded features in a cost-effective serial to Ethernet solution. The IOLAN SDS1 is the most advanced device server on the market for secure serial to Ethernet connectivity applications. This compact unit offers robust security and flexibility. It is the only device to offer next generation IPV6 technology, making it ideal for applications that require remote device/console management, data capture or monitoring.
- Dual 10/100/1000 Ethernet support
- Secure AES data encryption via SSH or SSL sessions
- Powerful authentication schemes to prevent unauthorized access
- Next Generation IP support ( IPV6 ) for investment protection and network compatibility
- Universal, software selectable RS-232/422/485 interface to prevent mechanical tampering in the field
- 15 KV ESD provides protection against electrostatic discharge and power surges
- Secure browser management with support HTTP, HTTPS/SSL/TLS, SSH and Telnet
- Trueport COM or TTY port control and management for serial based server applications
- Power over serial capability can eliminate the cost of a separate AC power installation
- Port Buffering for data capture and analysis
Flexible Solutions for Retail:
While it is inevitable that the retail environment will continue to evolve to meet increased data and security demands, the need for cost-effective, easy to deploy solutions is critical. Perle is committed to delivering solutions that will help retailers of all sizes be flexible and effective in meeting these ongoing technology challenges. The IOLAN SDS1 is one of a selection of Perle solutions that are designed to assist customers in meeting their data delivery and encryption needs.
The Customer: A US Furniture Retail Chain with 82 locations plus distribution centers
Revenues: US $2 Billion
The Challenge: Designated by Visa as Level 1 Merchant, requiring that data protection be in place by March 31, 2005 deadline
Results: Encryption requirements met by deadline date, overall savings versus server replacement = 40% savings per store