June 08, 2005

Companies responsible for handling consumer financial data are moving quickly to repair the weak links in their information-security infrastructure in the wake of high-profile losses and thefts of customer information.

Transaction Network Services Inc., which provides network services to payment processors, this week revealed that it's encrypting personal-account and credit-card information sent across its Synapse system, which provides payment services for merchants that use wireless devices, including taxi and limousine companies, towing services, arts and crafts shows, and mobile concession and souvenir stands.

When merchants enter a request for a card authorization, it's transmitted over a wireless network such as Cingular or Verizon to Synapse, which transports the request over a landline to a payment processor. After the transaction is authorized, the approval is sent back via Synapse to the wireless network and on to the merchant.

Transaction Network Services is installing DataSecure, a hardware appliance and encryption software system from Ingrian Networks Inc. in its data centers. The system performs all cryptographic processing, logging, and auditing functions, off-loading those compute-intensive tasks from the Synapse platform.

"It was to guard against similar losses of data that led us to encrypt sensitive data," says Scott Ziegler, Transaction Network Services' chief systems officer, referring to this week's highly publicized loss of backup tapes containing financial data on 3.9 million Citigroup customers. The company also wanted to comply with the Payment Card Industry Data Security Standard, which mandates that cardholder data be encrypted when it's stored in a database.

ABOUT THE AUTHOR