Intel and NCR Raise the Bar on Data Protection, Securing

Solution Brief
NCR Retail & Financial Security Solution
Intel® Data Protection Technology
for Transactions and NCR DataGuardTM
Intel and NCR Raise the Bar
on Data Protection, Securing
Transactions Today…and Tomorrow
Intel® Data Protection Technology for Transactions and NCR DataGuardTM
deliver unprecedented end-to-end protection to safeguard sensitive data
from malicious attacks.
Data protection is a long
play. By working with Intel,
we have the ability to look
to the horizon and build
broadly to protect
consumer information.
Chris Lybeer,
VP of Strategic Development, NCR
For 130 years, NCR has been a leader
in retail transaction technology. Since
the early days of the original cash
register business, NCR’s commitment
to making merchants’ lives easier has
kept the company on the forefront of
technology innovations. Its leadership
position in global retail point-of-sale
(POS) systems, self-checkout, and
consumer banking technology is proof
of its success; it’s also a focus of the
company’s latest innovations.
To address the ongoing occurrence
of data breaches and compromised
consumer information, NCR has
concentrated significant efforts on
making its retail and financial solutions
considerably more secure than those
currently available in the marketplace.
“Even with substantial industry efforts
over the past decade, including new
and more comprehensive standards
and new waves of technology, fraud has
continued at an alarming rate,” says
Chris Lybeer, VP of Strategic
Development. “The damage from
criminal breaches of systems increases
each year despite the acceleration
of security expenditures. Clearly,
something is broken. We felt the
severity of the problem required us
to approach it from a totally fresh
perspective.”
That’s exactly what NCR has done.
Combining NCR DataGuard with
Intel® Data Protection Technology
for Transactions, this breakthrough
security architecture will offer retailers,
financial institutions, and consumers a
new level of data protection.
Continued Vulnerability
NCR is keenly aware of the cost of
security issues, both in terms of the
liability they can create and the sheer
magnitude of time and money spent
to keep payments and other
consumer-identifiable data secure.
Solution Brief
NCR Retail & Financial Security Solution
Intel® Data Protection Technology
for Transactions and NCR DataGuard
Globally, new standards and
technologies have been launched to
decrease fraud. Most notable is EMV,
which stands for Europay, MasterCard,
and Visa, the three companies that
jointly produced this standard for
authenticating credit and debit card
transactions. Although EMV and other
standards have helped to stem theft by
protecting data at certain points, some
personal data may remain vulnerable.
Existing point to point encryption
technology can be a solution for this in
the payments world, but does nothing
to help with other personal data that
may be just as valuable to criminals.
Through collaboration, Intel and NCR
are developing new evolutionary
solutions needed to defend against
future security attacks.
Says Lybeer, “Current industry
standards provide some assurance
that the cardholder is at the terminal
by requiring that person know the
PIN. So they offer a level of nonrepudiation and protect against card
cloning, but don’t adequately protect
against card skimming. A new approach
to the problem is required. Current
approaches miss the bigger picture.”
“Combined, NCR DataGuard and
Intel Data Protection Technology for
Transactions are designed to enhance
security as well as non-repudiation,”
continues Lybeer. “It’s a very important
distinction.”
Non-Repudiation
The ability to prove that a
transaction was successfully
sent and received by the
parties. It guarantees that
the sender of the message
cannot later deny sending
it nor can the receiver deny
receiving the message.
2
Strengthening Security with
Software, End-to-End
Intel Data Protection Technology for
Transactions tackles the issue of data
exposure by separating transaction
processing from the operating system,
both physically and logically. This
design has the net effect of protecting
transactional data from the moment
a transaction is initiated all the way
through the transfer of the encrypted
information to the retailer and/or bank
server networks. From start to finish,
sensitive data is inaccessible by the
main CPU and operating system, and
invisible to conventional malware.
Intel Data Protection Technology for
Transactions is easy to install and
update, and is compatible with systems
built on select Intel® Core™ processors
and Intel® Atom™ processors.
Benefits
By integrating Intel Data Protection
Technology for Transactions with its
assisted and self-service solutions,
NCR provides three distinct benefits:
1. A broad range of data can be
secured. This goes beyond just
magnetic stripe data. Customers
can choose an extensive range of
consumer information to protect,
such as driver’s license number,
insurance information, birth date,
social security number, physical
address, email, and more. “Current
solutions, including mobile wallets,
don’t necessarilly handle this, but
our joint solution is architectected to
cover all of these cases,” says Lybeer.
2. D
ata can be secured not only by a
card reader or other peripheral, but
throughout its life in the system.
The comprehensive architecture
allows for new ways to improve the
payment data protection problem,
including new peripherals, and new
use cases and functionality as they
come into play. Whether its an old
fashioned card swipe, or whatever
comes next, NCR DataGuard and
Intel Data Protection Technology for
Transactions will protect sensitive
data throughout the entire process.
3. Tracking, alerting, and updating are
centralized. Intel Data Protection
Technology for Transactions
regularly communicates with a
cloud based management console.
This allows stores, restaurants, and
financial institutions and their secure
devices to receive software updates,
have security policies set, and
provide proactive alerts on the status
of and any issues for NCR DataGuard
enabled devices. This reduces the
time, labor, and costs associated
with managing systems that handle
sensitive information.
The payments challenge
is the tip of the iceberg. In
a connected world, there
is an enormous amount of
personal information being
captured. Driver’s licenses,
insurance cards, addresses,
account numbers, the list
goes on and on. We believe
that once criminals have
a harder time attacking
payments, they will shift
their focus towards stealing
consumer data. We have
to enhance our systems
now. Intel® Data Protection
Technology for Transactions
and NCR DataGuard offer a
platform to accomplish this.
TM
— Erick Kobres, Director of Applied
Innovation, NCR
Solution Brief
NCR Retail & Financial Security Solution
Intel® Data Protection Technology
for Transactions and NCR DataGuard
NCR DataGuard and Intel® Data Protection Technology for Transactions Overview
Secure I/O in Open Platforms
TM
Secure channel
over USB,
WiFi, BLE, etc.
Isolated
processing
environment
for security
Creates a secure
transaction path from
the peripherals,
around the POS to the
server, end-to-end
Applet management
channel
Service Provider
Data Center
Internet
Secure Input Devices Trusted Execution
Environment
+ Applet
NFC radio
Bar code
Mag-stripe
Touch
EMV contact
Keyboards
Bank-encrypted
card transactions
Bank Transactional
Gateway
• First focus is payment transactions for retail (NFC, mag stripe, EMV)
TM
• Built
on top of Intel
ingredients
toTechnology
provide privacy,
integrity and
manageability
Figure 1.
NCR DataGuard
andsecurity
Intel® Data
Protection
for Transactions
willremote
be available
to protect sensitive non-payment data, as well
as payment data in select retail and financial solutions.
Long-Term Collaboration,
Long-Term Security
Data protection and security
is increasingly critical; the
consequences of not providing
modern payment tools or of
neglecting sources of potential
security breaches are too great to
ignore.
In keeping with its mission, NCR is
again delivering new innovations to
the retail and financial industries,
disrupting the market, and ultimately
improving the consumer experience.
“Until now, security was not built
into the architecture,” says Kobres.
“Working in conjunction with NCR
DataGuard, Intel Data Protection
Technology for Transactions builds
security features directly into the
platform. It makes all the difference.”
For more information about Intel®
Data Protection Technology for
Transactions, visit
www.intel.com/
transactiondataprotection
To learn more about NCR solutions,
visit www.ncr.com
No computer system can provide absolute security. Requires an enabled Intel® processor and software optimized for use of the technology. Consult your system manufacturer and/or software
vendor for more information.
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® AND NCR PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL
OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S AND NCR’S TERMS
AND CONDITIONS OF SALE FOR SUCH PRODUCTS, NEITHER INTEL NOR NCR ASSUMES ANY LIABILITY WHATSOEVER, AND INTEL AND NCR DISCLAIM
ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL AND NCR PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING
TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY
RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL AND NCR, THE INTEL AND NCR PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY
APPLICATION IN WHICH THE FAILURE OF THE INTEL OR NCR PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.
Intel and NCR may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or
characteristics of any features or instructions marked “reserved” or “undefined.” Intel and NCR reserve these for future definition and shall have no
responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information in this document is subject to change
without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known
as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your
local Intel or NCR sales office or your distributor to obtain the latest specifications and before placing your product order.
Copies of documents which have an order number and are referenced in this document, or other Intel or NCR literature, may be obtained by calling,
for Intel, 1-800-548-4725 or by visiting Intel’s Web site at www.intel.com, or for NCR, by visiting NCR’s Web site at www.NCR.com.
Copyright © 2014 Intel Corporation and NCR Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the U.S.
and/or other countries. NCR and the NCR logo are trademarks of NCR Corporation in the U.S. and/or other countries.
* Other names and brands may be claimed as the property of others. Printed in USA 1014/MB/ICMCRC/PDF Please Recycle 331359-001US