Beyond PCI - End to end encryption

Merchant Warehouse just released their MerchantWARE solution that aids merchants in complying with the PCI DSS, I figured I would share it since this is a PCI related forum.

MerchantWARE ensures that the transaction is automatically encrypted throughout the whole process on the merchant’s side and the merchant never has possession of any unencrypted data.

The key to MerchantWARE is that it utilizes a magnetic card readers that encrypts the transaction with a unique key right at the swipe and before it is passed through to the POS. The transaction is then passed to the MerchantWARE Gateway which decrypts the transaction, processes it and return a token for the transaction. The POS system can then use the token to process any voids or adjusts that may be necessary.

Although no one solution can make a merchant PCI complaint… this is a great solution for merchants and developers to ease compliance efforts and of course save a significant amount of money. For developers, PABP validation becomes a breeze since the POS never has access to sensitive data and there is no need to store the cardholder data since it resides on the gateway and can be accessed at anytime.

I would hope that the PCI DSS eventually would move towards these kinds of solutions but I can’t imagine them making this a requirement any time soon.


Markiyan Malko, Compliance Officer, Merchant Warehouse, Inc
[email protected]

This solution is targeted at POS only?