As credit and debit cards become ubiquitous in commerce, security concerns that were once limited to centralized databases are expanding to encompass the entire stream of commerce, beginning at the point of sale. Moreover, organizations must comply with a number of data security standards including the Payment Card Industry (PCI) Data Security Standard, Basel II, the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act (HIPAA), and California State Bulletin 1836.
Consider the example of a supermarket with a number of point of sale terminals. Each terminal should be capable of accepting credit card payments which must be transferred to the card issuer for payment and/or stored in the supermarket's database. Each terminal may be used by several cashiers over the course of a day. Each terminal may be powered on or off due to planned or unplanned events and may lose network connectivity at any given moment. Moreover, each terminal may be used in an attended mode in which a user such as a cashier, manager, or technician is authenticated or in an unattended mode where an authenticated user is not present, such as in a self-checkout environment. Such a system presents a need for strong security need, while requiring that the system is resilient in the face of network and power interruptions.