From the Company's founder
First of all, I should introduce myself as the guy who actually invented the technology behind the product. It seems like a lot of people have misconceptions about the technology. And that criticism is fair - to date we haven't done a good enough job about making technical details of the product available (though they are publicly available if you look - we're not hiding anything). We are in the process of changing that, and will be introducing a section of our website explaining the technology. In the meantime, I recommend you download the whitepaper from www.dynamic-ssl.com to understand exactly what the technology is and how it works.
In the meantime, to alleviate any concerns or misconceptions, I'd like to clarify exactly what the product does, and how it is, in fact, secure.
We use a new process called "Dynamic SSL" to secure the information. What Dynamic SSL does is allow externally encrypted data (e.g. from a card reader) to merge seamlessly with the browser's SSL session, using a tokenization approach to ensure that you real credit card data is never present in the browser (or even at any of the layers below it). If you use a script or HTTP proxy to check the data in the browser or the HTTP request, you'll note that your card number isn't present.
Because your card number is never present, it renders your sensitive information immune to virtually all endpoint attacks, not just keyloggers. If you don't believe me, buy one and try and hack it. I bet you'll be surprised.
As mentioned above, the one thing the device does NOT protect against is sloppy merchant practices. Your first thought may be that this is where most of the risk is. While that was true even a few years ago, it's not as much today. Industry initiatives such as PCI compliance are dramatically lowering the risk on the merchant end, which is driving most of the cyber-criminals to focus on endpoint attacks such as malware, scareware, phishing, etc.. Given that even the most effective endpoint protection is reactive (e.g. works after the fact) and only effectively stops less than 50% of emerging threats, something is needed to protect the end user. That's why this device was invented.
For the tech savvy that know how to protect themselves, it may not be so useful. However, there's a lot of people out there who don't have the knowledge or ability to effectively recognize threats and protect themselves. This product is for them.
If you have questions, let me know. I'm happy to respond to any feedback, both positive and negative.