PCI and EMV Compliance Checkup
|
|
- May Palmer
- 8 years ago
- Views:
Transcription
1 PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated
2 Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
3 A Changing Landscape The U.S. Secret Service reports magnetic stripe skimming cases have risen by 10% during the past three years and estimates that losses from ATM card fraud are over USD 1 billion per year or $350,000 a day Nilson Report research indicated U.S. card fraud losses are more than twice as much as global fraud losses 9 cents compared with 4.5 cents for every $100 in transactions In 2009, the FBI stated that each ATM skimming device typically costs banks about $33,000 in losses. In 2012, reports estimate that it is now at $50,000 per ATM
4 With Global Consequences Bank Info Security, reports that even after an uptick in skimming incidents in 2010, the U.S. will see more ATM skimming Increase in attacks being reported at smaller financial institutions Increase in skimming attacks on lobby type and drive up ATMs Card reader theft and internal skimming on the rise Latest European ATM Security Team (EAST) report indicates recent rise in skimming in at least seven countries Resurgence of card and currency trapping/fishing remains strong in Europe, according to EAST In 2011, EAST reported 7,722 incidents of ATM skimming and 1,559 incidents of card trapping
5 and Investment in New Criminal Tactics The total number of ATM attacks is up 63 percent in European markets primarily due to cash trapping EAST, 2012 In the first half of 2012, bank robberies and ATM attacks soared 50 percent in Brazil from 838 incidents reported between January and June of 2011 to 1,261 for the same period in 2012 Cash trapping incidents up from 240 incidents in 2010 to 10,808 incidents in Verizon Business, 2012, reported that organized criminal groups targeting payment card information from Internet-facing POS systems or physically-exposed ATMs and gas pumps can launch a sting against hundreds of victims during the same operation
6 New Skimming Technology Recent skimming innovations : Wafer thin skimming devices inserted into card readers (as reported by EAST). Drilling a hole to attach a skimmer read head to a third-party acrylic anti-skimming extension in Europe. In Ecuador, a black strip with a read head molded to fit over just a portion of the black part of the dip card reader.
7 Focus on Risk Management Compliance/Legal Risks Threat: ADA Lawsuits Transaction/Operation Risks Threat: System Disruptions / Fraud Financial Risk Threat: Skimming / Logical Attacks / Acquirer Responsibility / Loss of ADA Lawsuits Reputational Risk Threat: Loss of Trust / Failure to Deliver on Marketing Claims / Inability to solve Customer Problems / Confusion between services Strategic Risk Early Adopters = Higher Costs and complexity Late Adopters = Miss customer demand Resources to monitor and maintain
8 Compliance is a Driver EXPECTED COST OF A BREACH The Security GAP SECURITY SPENDING Perceived Financial Optimum Compliance Minimum Today LEVEL OF SECURITY
9 Loss Perspective at the ATM
10 Cardholder Data Chain of Trust
11 PCI Security Standards Council Payment Card Industry Every entity around the world involved in payment card transactions including hardware/device manufacturers and software developers, as well as banks, service providers and merchants must continually focus on safeguarding payment card data.
12 What Comprises PCI? Learn more at
13 PCI PTS and EPP PCI v1.0 compliant Triple data encryption standard protection (Triple DES) enforced Secure key entry / loading via EPP only Tamper-resistant security module Certificate validation between ATM & host Compliance requirements ATM installations after January 1, 2008 (all) ATM installations prior to January 1, 2008 ATMs moved EPP replaced
14 PCI PA-DSS The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. Agilis 91x, 2.4 SP5 Agilis 91x, 3.0 SP1 Agilis NDx, 3.0 SP3
15 PCI DSS Requirements
16 Why Comply with PCI PA-DSS? Compliance can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences Compliance means that your systems are secure and customers can trust you with their sensitive payment card information Trust means your customers have confidence in doing business with you Confident customers are more likely to be repeat customers and to recommend you to others Compliance improves your reputation with acquirers and payment brands -- the partners you need in order to do business
17 PCI ATM Security Guidelines Currently an Information Supplement under development Version 0.2 Draft is in the review cycle Objective is to identify security guidelines for ATMs Primary focus is on mitigation of magnetic stripe skimming and PIN stealing attacks at ATMs, which are most prevalent during the transition of the payment systems to EMV chip technology Considering protection that can be provided by hardware and software
18 PCI ATM Security Guidelines ATM Security Overview Vulnerabilities, security requirements, services, and technical standards Integration of Hardware Components EPP, readers, cabinet, anti-skimming, encryption, and third party monitoring Security of Basic Software OS, XFS, XV, open protocols, devices Device Management / Operation Key management, life cycle management, configuration, environment Application Management security functions, patching, access control New technology support EMV, NFC
19 Coming to a Card Reader Near You Global Defense EMV Chip Cards Europay, MasterCard and Visa - EMV Organized to define a global standard for chip cards and security applications Ensures mutual acceptance of EMV cards between financial Institutions (FIs) and card associations EMV chip greatly reduces the fraudulent redemption of cash using a cloned magnetic stripe card EMVCo has a plan for the future
20 Source: EAST, 2011 EMV Impact on Card Fraud
21 Overview of EMV The card s chip communicates with card-accepting devices (POS and ATM terminals) through direct contact with the reader by way of a contact plate The chip contains info needed to use the card for payment and is protected by various security features Facilitates robust authentication, which can significantly reduce fraud at the POS or ATM Chip Cards or Smart Cards
22 The Security of Chip Cards Using EMV-compliant chip card technology improves security by adding functionality in three areas: 1. Card authentication, protecting against counterfeit cards 2. Cardholder verification, authenticating the cardholder and protecting against lost and stolen cards being used for fraudulent transactions 3. Transaction authorization, using issuer-defined rules to authorize transaction
23 Overview of Contactless Technology Contactless devices use radio wave technology to transfer account information from the user device to a terminal reader An embedded chip and antenna enable consumers to wave their card or fob over a reader at the terminal Solution requires change/investment in the card/token, reader, ATM application and host authorization Examples include: PayWave: Visa (May 2009) PayPass : MasterCard (August 2007)
24 Near Field Communication (NFC) NFC technology is a standards-based wireless communication technology that allows data to be exchanged between devices in close proximity NFC-enabled mobile phones incorporate smart chips that allow the phones to securely store the payment application and account information NFC-enabled mobile phones will be able to carry one or more payment applications and accounts from different issuers
25 EMV ATM Transaction
26 Visa and MasterCard Announcements August 9 April Visa issues Acquirer Processor Mandate Merchant acquirers must be certified to accept EMV chip transactions Liability shift for merchants October 2015 September April MC issues EMV Mandate USA participation in the Global Liability Shift program begins for Maestro interregional ATM Transactions Liability shift for merchants October 2015
27 Chip Liability Shift Goes Global How does chip liability shift work? When both parties to a transaction are in participating countries: Issuers assume counterfeit fraud-related liability if a non-emv chip card is used at a hybrid terminal (a payment device that can accept transactions using both contact chip and magnetic stripe technologies) Acquirers assume counterfeit fraud-related liability if an EMV chip card is used at a magnetic stripe-reading-only terminal
28 Liability Shift for Global EMV
29 Diebold Recommendations Utilize various sources and training to raise your knowledge level of PCI and EMV and the impact on security Initiate internal discussions regarding the U.S. migration to EMV and why it is important Discuss the move to EMV with ATM processing entities to understand their roadmaps Develop strategies associated with issuing of chip cards and the future contactless technology Assess your ATM needs for EMV for hardware and software Establish and execute on a plan to move to EMV
30 ATM Security Alert Diebold Subscription Created whenever an ATM attack trend is detected Attack details and pictures Recommendations for how to protect from this type of attack Diebold free service sent to over 3,000 global subscribers
31 Diebold ATM Security Websites For more information, please visit:
EMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationtoast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard
toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationThe Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group
The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the
More informationPayments Transformation - EMV comes to the US
Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent
More informationWhat is EMV? What is different?
U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationWhat Merchants Need to Know About EMV
Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the
More informationICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!
ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors
More informationA Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.
A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role
More informationPreparing for EMV chip card acceptance
Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June
More informationPractically Thinking: What Small Merchants Should Know about EMV
Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationMobile Near-Field Communications (NFC) Payments
Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationTHE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change
THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationEMV : Frequently Asked Questions for Merchants
EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationEMV Frequently Asked Questions for Merchants May, 2014
EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,
More informationPrevention Is Better Than Cure EMV and PCI
Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,
More informationChanging Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association
Changing Consumer Purchasing Patterns John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Michigan Retailers Association! Michigan Retailers Association is trade
More information8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationA Brand New Checkout Experience
A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small
More informationAmerican Express Contactless Payments
PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless
More informationOpenEdge Research & Development Group April 2015
2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The
More informationVisa Recommended Practices for EMV Chip Implementation in the U.S.
CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt
More informationAIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009
AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application
More informationFrequently asked questions - Visa paywave
Frequently asked questions - Visa paywave What is Visa paywave? Visa paywave is a new contactless method of payment - the latest evolution in Visa payments. It is a simple, secure and quick payment method
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationCard Network Update Chip (EMV) Acceptance in the United States At-A-Glance
Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face
More informationNeed to be PCI DSS compliant and reduce the risk of fraud?
Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction
More informationUnderstand the Business Impact of EMV Chip Cards
Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability
More informationwelcome to liber8:payment
liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience
More informationHow To Protect Your Restaurant From A Data Security Breach
NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that
More informationPCI Security Standards Council
PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI
More informationEMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com
EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed
More informationCredit Card Processing, Point of Sale, ecommerce
Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits
More informationU.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon
U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia
More informationImplication of EMV Migration for the U.S. Transportation Industry. May 1, 2015. Implication of EMV Migration for the U.S. Transportation Industry
Implication of EMV Migration for the U.S. Transportation Industry 1 Introduction Transportation payment methods are constantly evolving. When cash handling became too expensive and inconvenient, the metal
More informationPCI DSS Compliance Services January 2016
PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction
More informationEmerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER
Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options
More informationPayment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1
Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationSage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit
More informationEMV in Hotels Observations and Considerations
EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered
More informationPlotting a Course for EMV Compliance
Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently
More informationHow to Prepare. Point of sale requirements are changing. Get ready now.
How to Prepare for EMV Point of sale requirements are changing. Get ready now. The EMV mandate is fast approaching. Now is the time to plan a strategy to prepare for this change. 2 EMV: The Backstory 3
More informationSETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS
SETUP GUIDE High Speed Secure Credit Card Processing Thank you for your purchase of Hamilton products! In this handy guide, you will discover: WHAT IS INCLUDED ADDITIONAL REQUIREMENTS HOW IT WORKS SETUP
More informationU.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)
U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationPayment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS
The PCI Security Standards Council http://www.pcisecuritystandards.org The OWASP Foundation http://www.owasp.org Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS Omar F. Khandaker,
More informationEMV and Restaurants What you need to know! November 19, 2014
EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability
More informationSellWise User Group. Thursday, February 19, 2015
SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User
More informationNACS/PCATS WeCare Data Security Program Overview
NACS/PCATS WeCare Data Security Program Overview March 27, 2012 Abstract This document describes the WeCare Program, discusses common data security threats, outlines an 8-point plan to improve data security,
More informationE2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA
E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5
More informationEMV EMV TABLE OF CONTENTS
2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.
More informationPayment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.
Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance
More informationNewtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba
thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent
More informationWe believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating
Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their
More informationTable of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process
Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,
More informationEMV Acquiring at the ATM: Early Planning for Credit Unions
EMV Acquiring at the ATM: Early Planning for Credit Unions EMV Adoption Recent data breaches and planned Network Liability shifts have increased the interest in EMV at the ATM and have affected the planned
More informationSage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know
Sage 100 ERP I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit
More informationPCI PA-DSS Requirements. For hardware vendors
PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through
More informationPCI DSS 101- The background you need for understanding the PCI DSS
PCI DSS 101- The background you need for understanding the PCI DSS Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies www.nntws.com
More informationSecuring the Payments System. The facts about fraud prevention
Securing the Payments System The facts about fraud prevention Contents Introduction 3 Visa s Security Programme 4 Fraud Types and Threats 6 Fraud Statistics and Research 7 Visa s Security Agenda for New
More informationA Guide to EMV Version 1.0 May 2011
Table of Contents TABLE OF CONTENTS... 2 LIST OF FIGURES... 4 1 INTRODUCTION... 5 1.1 Purpose... 5 1.2 References... 5 2 BACKGROUND... 6 2.1 What is EMV... 6 2.2 Why EMV... 7 3 THE HISTORY OF EMV... 8
More informationThe EMV Readiness. Collis America. Guy Berg President, Collis America berg@collisamerica.com +1 651 925 5411
The EMV Readiness Collis America Guy Berg President, Collis America berg@collisamerica.com +1 651 925 5411 1 Collis Solutions & Markets Finance Consultancy Card Payments SEPA Financial Risk Mgmt Test Tools
More informationIdentifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public
Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationPCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.
PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information
More informationMasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.
MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded
More informationEMV: A to Z (Terms and Definitions)
EMV: A to Z (Terms and Definitions) First Data participates in many industry forums, including the EMV Migration Forum (EMF). The EMF is a cross-industry body focused on supporting an alignment of the
More informationDATA SECURITY, FRAUD PREVENTION AND COMPLIANCE
DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to
More informationInformation about this New Guide
Information about this New Guide New Guide This PayPass POS Host/Payment Software Implementation Guide, dated September 2007, is an entirely new guide. Contents This guide helps point-of-sale (POS) host/payment
More informationWayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.
Wayne EMV Solutions Protect your business with a complete EMV Solution inside and out. The transition to Europay, MasterCard, Visa (EMV) standards: Significantly reduce your risk of payment card fraud
More informationVisa Inc. PIN Entry Device Requirements
Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);
More informationThe Canadian Migration to EMV. Prepared By:
The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced
More informationPCI Security Standards Council
PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for
More informationHow Secure are Contactless Payment Systems?
SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2
More informationHow To Protect Your Credit Card Information From Being Stolen
Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)
More informationPayment Card Fraud in the European Union Perspective of Law Enforcement Agencies
images: Fotolia Situation Report - Payment Card Fraud 2012 Public Version Situation Report Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies This Europol product analyses
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationProject Title slide Project: PCI. Are You At Risk?
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationAmerican Bankers Association
Statement for the Record Of the American Bankers Association before the Committee on Small Business United States House of Representatives Statement for the Record American Bankers Association Committee
More informationChip Card (EMV ) CAL-Card FAQs
U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for
More informationOpenEdge Research & Development Group April 2015
2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents
More informationPREVENTING PAYMENT CARD DATA BREACHES
NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction
More informationPayment Card Industry Compliance Overview
January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260
More informationSecurity Failures in Smart Card Payment Systems: Tampering the Tamper-Proof
Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer Laboratory www.torproject.org
More informationEMV mobile Point of Sale (mpos) Initial Considerations
EMV mobile Point of Sale EMV mobile Point of Sale (mpos) Initial Considerations Version 1.1 June 2014 2014 EMVCo, LLC ( EMVCo ). All rights reserved. Any and all uses of the EMV Specifications ( Materials
More informationVisa global Compromised Account
Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers
More informationPayment Card Industry Update and Cyber Risk Management
Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, 2015 2014 ARTHUR
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationSuzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1
Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing
More informationEnhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011
Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic
More informationPayments Fraud: It's Not Fun & Games
Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice
More information