Intel and NCR Raise the Bar on Data Protection, Securing
Solution Brief NCR Retail & Financial Security Solution Intel® Data Protection Technology for Transactions and NCR DataGuardTM Intel and NCR Raise the Bar on Data Protection, Securing Transactions Today…and Tomorrow Intel® Data Protection Technology for Transactions and NCR DataGuardTM deliver unprecedented end-to-end protection to safeguard sensitive data from malicious attacks. Data protection is a long play. By working with Intel, we have the ability to look to the horizon and build broadly to protect consumer information. Chris Lybeer, VP of Strategic Development, NCR For 130 years, NCR has been a leader in retail transaction technology. Since the early days of the original cash register business, NCR’s commitment to making merchants’ lives easier has kept the company on the forefront of technology innovations. Its leadership position in global retail point-of-sale (POS) systems, self-checkout, and consumer banking technology is proof of its success; it’s also a focus of the company’s latest innovations. To address the ongoing occurrence of data breaches and compromised consumer information, NCR has concentrated significant efforts on making its retail and financial solutions considerably more secure than those currently available in the marketplace. “Even with substantial industry efforts over the past decade, including new and more comprehensive standards and new waves of technology, fraud has continued at an alarming rate,” says Chris Lybeer, VP of Strategic Development. “The damage from criminal breaches of systems increases each year despite the acceleration of security expenditures. Clearly, something is broken. We felt the severity of the problem required us to approach it from a totally fresh perspective.” That’s exactly what NCR has done. Combining NCR DataGuard with Intel® Data Protection Technology for Transactions, this breakthrough security architecture will offer retailers, financial institutions, and consumers a new level of data protection. Continued Vulnerability NCR is keenly aware of the cost of security issues, both in terms of the liability they can create and the sheer magnitude of time and money spent to keep payments and other consumer-identifiable data secure. Solution Brief NCR Retail & Financial Security Solution Intel® Data Protection Technology for Transactions and NCR DataGuard Globally, new standards and technologies have been launched to decrease fraud. Most notable is EMV, which stands for Europay, MasterCard, and Visa, the three companies that jointly produced this standard for authenticating credit and debit card transactions. Although EMV and other standards have helped to stem theft by protecting data at certain points, some personal data may remain vulnerable. Existing point to point encryption technology can be a solution for this in the payments world, but does nothing to help with other personal data that may be just as valuable to criminals. Through collaboration, Intel and NCR are developing new evolutionary solutions needed to defend against future security attacks. Says Lybeer, “Current industry standards provide some assurance that the cardholder is at the terminal by requiring that person know the PIN. So they offer a level of nonrepudiation and protect against card cloning, but don’t adequately protect against card skimming. A new approach to the problem is required. Current approaches miss the bigger picture.” “Combined, NCR DataGuard and Intel Data Protection Technology for Transactions are designed to enhance security as well as non-repudiation,” continues Lybeer. “It’s a very important distinction.” Non-Repudiation The ability to prove that a transaction was successfully sent and received by the parties. It guarantees that the sender of the message cannot later deny sending it nor can the receiver deny receiving the message. 2 Strengthening Security with Software, End-to-End Intel Data Protection Technology for Transactions tackles the issue of data exposure by separating transaction processing from the operating system, both physically and logically. This design has the net effect of protecting transactional data from the moment a transaction is initiated all the way through the transfer of the encrypted information to the retailer and/or bank server networks. From start to finish, sensitive data is inaccessible by the main CPU and operating system, and invisible to conventional malware. Intel Data Protection Technology for Transactions is easy to install and update, and is compatible with systems built on select Intel® Core™ processors and Intel® Atom™ processors. Benefits By integrating Intel Data Protection Technology for Transactions with its assisted and self-service solutions, NCR provides three distinct benefits: 1. A broad range of data can be secured. This goes beyond just magnetic stripe data. Customers can choose an extensive range of consumer information to protect, such as driver’s license number, insurance information, birth date, social security number, physical address, email, and more. “Current solutions, including mobile wallets, don’t necessarilly handle this, but our joint solution is architectected to cover all of these cases,” says Lybeer. 2. D ata can be secured not only by a card reader or other peripheral, but throughout its life in the system. The comprehensive architecture allows for new ways to improve the payment data protection problem, including new peripherals, and new use cases and functionality as they come into play. Whether its an old fashioned card swipe, or whatever comes next, NCR DataGuard and Intel Data Protection Technology for Transactions will protect sensitive data throughout the entire process. 3. Tracking, alerting, and updating are centralized. Intel Data Protection Technology for Transactions regularly communicates with a cloud based management console. This allows stores, restaurants, and financial institutions and their secure devices to receive software updates, have security policies set, and provide proactive alerts on the status of and any issues for NCR DataGuard enabled devices. This reduces the time, labor, and costs associated with managing systems that handle sensitive information. The payments challenge is the tip of the iceberg. In a connected world, there is an enormous amount of personal information being captured. Driver’s licenses, insurance cards, addresses, account numbers, the list goes on and on. We believe that once criminals have a harder time attacking payments, they will shift their focus towards stealing consumer data. We have to enhance our systems now. Intel® Data Protection Technology for Transactions and NCR DataGuard offer a platform to accomplish this. TM — Erick Kobres, Director of Applied Innovation, NCR Solution Brief NCR Retail & Financial Security Solution Intel® Data Protection Technology for Transactions and NCR DataGuard NCR DataGuard and Intel® Data Protection Technology for Transactions Overview Secure I/O in Open Platforms TM Secure channel over USB, WiFi, BLE, etc. Isolated processing environment for security Creates a secure transaction path from the peripherals, around the POS to the server, end-to-end Applet management channel Service Provider Data Center Internet Secure Input Devices Trusted Execution Environment + Applet NFC radio Bar code Mag-stripe Touch EMV contact Keyboards Bank-encrypted card transactions Bank Transactional Gateway • First focus is payment transactions for retail (NFC, mag stripe, EMV) TM • Built on top of Intel ingredients toTechnology provide privacy, integrity and manageability Figure 1. NCR DataGuard andsecurity Intel® Data Protection for Transactions willremote be available to protect sensitive non-payment data, as well as payment data in select retail and financial solutions. Long-Term Collaboration, Long-Term Security Data protection and security is increasingly critical; the consequences of not providing modern payment tools or of neglecting sources of potential security breaches are too great to ignore. In keeping with its mission, NCR is again delivering new innovations to the retail and financial industries, disrupting the market, and ultimately improving the consumer experience. “Until now, security was not built into the architecture,” says Kobres. “Working in conjunction with NCR DataGuard, Intel Data Protection Technology for Transactions builds security features directly into the platform. It makes all the difference.” For more information about Intel® Data Protection Technology for Transactions, visit www.intel.com/ transactiondataprotection To learn more about NCR solutions, visit www.ncr.com No computer system can provide absolute security. Requires an enabled Intel® processor and software optimized for use of the technology. Consult your system manufacturer and/or software vendor for more information. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® AND NCR PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S AND NCR’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, NEITHER INTEL NOR NCR ASSUMES ANY LIABILITY WHATSOEVER, AND INTEL AND NCR DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL AND NCR PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL AND NCR, THE INTEL AND NCR PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL OR NCR PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel and NCR may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Intel and NCR reserve these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information in this document is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel or NCR sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel or NCR literature, may be obtained by calling, for Intel, 1-800-548-4725 or by visiting Intel’s Web site at www.intel.com, or for NCR, by visiting NCR’s Web site at www.NCR.com. Copyright © 2014 Intel Corporation and NCR Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. NCR and the NCR logo are trademarks of NCR Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Printed in USA 1014/MB/ICMCRC/PDF Please Recycle 331359-001US
© Copyright 2024