PCI and EMV Compliance Checkup

Size: px
Start display at page:

Download "PCI and EMV Compliance Checkup"

Transcription

1 PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated

2 Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

3 A Changing Landscape The U.S. Secret Service reports magnetic stripe skimming cases have risen by 10% during the past three years and estimates that losses from ATM card fraud are over USD 1 billion per year or $350,000 a day Nilson Report research indicated U.S. card fraud losses are more than twice as much as global fraud losses 9 cents compared with 4.5 cents for every $100 in transactions In 2009, the FBI stated that each ATM skimming device typically costs banks about $33,000 in losses. In 2012, reports estimate that it is now at $50,000 per ATM

4 With Global Consequences Bank Info Security, reports that even after an uptick in skimming incidents in 2010, the U.S. will see more ATM skimming Increase in attacks being reported at smaller financial institutions Increase in skimming attacks on lobby type and drive up ATMs Card reader theft and internal skimming on the rise Latest European ATM Security Team (EAST) report indicates recent rise in skimming in at least seven countries Resurgence of card and currency trapping/fishing remains strong in Europe, according to EAST In 2011, EAST reported 7,722 incidents of ATM skimming and 1,559 incidents of card trapping

5 and Investment in New Criminal Tactics The total number of ATM attacks is up 63 percent in European markets primarily due to cash trapping EAST, 2012 In the first half of 2012, bank robberies and ATM attacks soared 50 percent in Brazil from 838 incidents reported between January and June of 2011 to 1,261 for the same period in 2012 Cash trapping incidents up from 240 incidents in 2010 to 10,808 incidents in Verizon Business, 2012, reported that organized criminal groups targeting payment card information from Internet-facing POS systems or physically-exposed ATMs and gas pumps can launch a sting against hundreds of victims during the same operation

6 New Skimming Technology Recent skimming innovations : Wafer thin skimming devices inserted into card readers (as reported by EAST). Drilling a hole to attach a skimmer read head to a third-party acrylic anti-skimming extension in Europe. In Ecuador, a black strip with a read head molded to fit over just a portion of the black part of the dip card reader.

7 Focus on Risk Management Compliance/Legal Risks Threat: ADA Lawsuits Transaction/Operation Risks Threat: System Disruptions / Fraud Financial Risk Threat: Skimming / Logical Attacks / Acquirer Responsibility / Loss of ADA Lawsuits Reputational Risk Threat: Loss of Trust / Failure to Deliver on Marketing Claims / Inability to solve Customer Problems / Confusion between services Strategic Risk Early Adopters = Higher Costs and complexity Late Adopters = Miss customer demand Resources to monitor and maintain

8 Compliance is a Driver EXPECTED COST OF A BREACH The Security GAP SECURITY SPENDING Perceived Financial Optimum Compliance Minimum Today LEVEL OF SECURITY

9 Loss Perspective at the ATM

10 Cardholder Data Chain of Trust

11 PCI Security Standards Council Payment Card Industry Every entity around the world involved in payment card transactions including hardware/device manufacturers and software developers, as well as banks, service providers and merchants must continually focus on safeguarding payment card data.

12 What Comprises PCI? Learn more at

13 PCI PTS and EPP PCI v1.0 compliant Triple data encryption standard protection (Triple DES) enforced Secure key entry / loading via EPP only Tamper-resistant security module Certificate validation between ATM & host Compliance requirements ATM installations after January 1, 2008 (all) ATM installations prior to January 1, 2008 ATMs moved EPP replaced

14 PCI PA-DSS The PA-DSS applies to software vendors and others who develop payment applications that store, process, or transmit cardholder data as part of authorization or settlement, where these payment applications are sold, distributed, or licensed to third parties. Agilis 91x, 2.4 SP5 Agilis 91x, 3.0 SP1 Agilis NDx, 3.0 SP3

15 PCI DSS Requirements

16 Why Comply with PCI PA-DSS? Compliance can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences Compliance means that your systems are secure and customers can trust you with their sensitive payment card information Trust means your customers have confidence in doing business with you Confident customers are more likely to be repeat customers and to recommend you to others Compliance improves your reputation with acquirers and payment brands -- the partners you need in order to do business

17 PCI ATM Security Guidelines Currently an Information Supplement under development Version 0.2 Draft is in the review cycle Objective is to identify security guidelines for ATMs Primary focus is on mitigation of magnetic stripe skimming and PIN stealing attacks at ATMs, which are most prevalent during the transition of the payment systems to EMV chip technology Considering protection that can be provided by hardware and software

18 PCI ATM Security Guidelines ATM Security Overview Vulnerabilities, security requirements, services, and technical standards Integration of Hardware Components EPP, readers, cabinet, anti-skimming, encryption, and third party monitoring Security of Basic Software OS, XFS, XV, open protocols, devices Device Management / Operation Key management, life cycle management, configuration, environment Application Management security functions, patching, access control New technology support EMV, NFC

19 Coming to a Card Reader Near You Global Defense EMV Chip Cards Europay, MasterCard and Visa - EMV Organized to define a global standard for chip cards and security applications Ensures mutual acceptance of EMV cards between financial Institutions (FIs) and card associations EMV chip greatly reduces the fraudulent redemption of cash using a cloned magnetic stripe card EMVCo has a plan for the future

20 Source: EAST, 2011 EMV Impact on Card Fraud

21 Overview of EMV The card s chip communicates with card-accepting devices (POS and ATM terminals) through direct contact with the reader by way of a contact plate The chip contains info needed to use the card for payment and is protected by various security features Facilitates robust authentication, which can significantly reduce fraud at the POS or ATM Chip Cards or Smart Cards

22 The Security of Chip Cards Using EMV-compliant chip card technology improves security by adding functionality in three areas: 1. Card authentication, protecting against counterfeit cards 2. Cardholder verification, authenticating the cardholder and protecting against lost and stolen cards being used for fraudulent transactions 3. Transaction authorization, using issuer-defined rules to authorize transaction

23 Overview of Contactless Technology Contactless devices use radio wave technology to transfer account information from the user device to a terminal reader An embedded chip and antenna enable consumers to wave their card or fob over a reader at the terminal Solution requires change/investment in the card/token, reader, ATM application and host authorization Examples include: PayWave: Visa (May 2009) PayPass : MasterCard (August 2007)

24 Near Field Communication (NFC) NFC technology is a standards-based wireless communication technology that allows data to be exchanged between devices in close proximity NFC-enabled mobile phones incorporate smart chips that allow the phones to securely store the payment application and account information NFC-enabled mobile phones will be able to carry one or more payment applications and accounts from different issuers

25 EMV ATM Transaction

26 Visa and MasterCard Announcements August 9 April Visa issues Acquirer Processor Mandate Merchant acquirers must be certified to accept EMV chip transactions Liability shift for merchants October 2015 September April MC issues EMV Mandate USA participation in the Global Liability Shift program begins for Maestro interregional ATM Transactions Liability shift for merchants October 2015

27 Chip Liability Shift Goes Global How does chip liability shift work? When both parties to a transaction are in participating countries: Issuers assume counterfeit fraud-related liability if a non-emv chip card is used at a hybrid terminal (a payment device that can accept transactions using both contact chip and magnetic stripe technologies) Acquirers assume counterfeit fraud-related liability if an EMV chip card is used at a magnetic stripe-reading-only terminal

28 Liability Shift for Global EMV

29 Diebold Recommendations Utilize various sources and training to raise your knowledge level of PCI and EMV and the impact on security Initiate internal discussions regarding the U.S. migration to EMV and why it is important Discuss the move to EMV with ATM processing entities to understand their roadmaps Develop strategies associated with issuing of chip cards and the future contactless technology Assess your ATM needs for EMV for hardware and software Establish and execute on a plan to move to EMV

30 ATM Security Alert Diebold Subscription Created whenever an ATM attack trend is detected Attack details and pictures Recommendations for how to protect from this type of attack Diebold free service sent to over 3,000 global subscribers

31 Diebold ATM Security Websites For more information, please visit:

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

How To Comply With The New Credit Card Chip And Pin Card Standards

How To Comply With The New Credit Card Chip And Pin Card Standards My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

Credit Card Processing Overview

Credit Card Processing Overview CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

Practically Thinking: What Small Merchants Should Know about EMV

Practically Thinking: What Small Merchants Should Know about EMV Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

CardControl. Credit Card Processing 101. Overview. Contents

CardControl. Credit Card Processing 101. Overview. Contents CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old

More information

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association

Changing Consumer Purchasing Patterns. John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Changing Consumer Purchasing Patterns John Mayleben, CPP SVP, Technology and Product Development Michigan Retailers Association Michigan Retailers Association! Michigan Retailers Association is trade

More information

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

American Express Contactless Payments

American Express Contactless Payments PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009 AIS Webinar Payment Application Security Hap Huynh Business Leader Visa Inc. 1 April 2009 1 Agenda Security Environment Payment Application Security Overview Questions and Comments Payment Application

More information

Frequently asked questions - Visa paywave

Frequently asked questions - Visa paywave Frequently asked questions - Visa paywave What is Visa paywave? Visa paywave is a new contactless method of payment - the latest evolution in Visa payments. It is a simple, secure and quick payment method

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Understand the Business Impact of EMV Chip Cards

Understand the Business Impact of EMV Chip Cards Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

How To Protect Your Restaurant From A Data Security Breach

How To Protect Your Restaurant From A Data Security Breach NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

Credit Card Processing, Point of Sale, ecommerce

Credit Card Processing, Point of Sale, ecommerce Credit Card Processing, Point of Sale, ecommerce Compliance, Self Auditing, and More John Benson Kurt Willey HACKS REGULATIONS Greater Risk for Merchants Topics Compliance Changes Scans Self Audits

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

Implication of EMV Migration for the U.S. Transportation Industry. May 1, 2015. Implication of EMV Migration for the U.S. Transportation Industry

Implication of EMV Migration for the U.S. Transportation Industry. May 1, 2015. Implication of EMV Migration for the U.S. Transportation Industry Implication of EMV Migration for the U.S. Transportation Industry 1 Introduction Transportation payment methods are constantly evolving. When cash handling became too expensive and inconvenient, the metal

More information

PCI DSS Compliance Services January 2016

PCI DSS Compliance Services January 2016 PCI DSS Compliance Services January 2016 20160104-Galitt-PCI DSS Compliance Services.pptx Agenda 1. Introduction 2. Overview of the PCI DSS standard 3. PCI DSS compliance approach Copyright Galitt 2 Introduction

More information

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options

More information

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit and debit

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Plotting a Course for EMV Compliance

Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently

More information

How to Prepare. Point of sale requirements are changing. Get ready now.

How to Prepare. Point of sale requirements are changing. Get ready now. How to Prepare for EMV Point of sale requirements are changing. Get ready now. The EMV mandate is fast approaching. Now is the time to plan a strategy to prepare for this change. 2 EMV: The Backstory 3

More information

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS SETUP GUIDE High Speed Secure Credit Card Processing Thank you for your purchase of Hamilton products! In this handy guide, you will discover: WHAT IS INCLUDED ADDITIONAL REQUIREMENTS HOW IT WORKS SETUP

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS

Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS The PCI Security Standards Council http://www.pcisecuritystandards.org The OWASP Foundation http://www.owasp.org Payment Card Industry Security Standards PCI DSS, PCI-PTS and PA-DSS Omar F. Khandaker,

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

NACS/PCATS WeCare Data Security Program Overview

NACS/PCATS WeCare Data Security Program Overview NACS/PCATS WeCare Data Security Program Overview March 27, 2012 Abstract This document describes the WeCare Program, discusses common data security threats, outlines an 8-point plan to improve data security,

More information

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5

More information

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process Overview Credit Card Processing 101 is your go-to handbook for navigating the payments industry. This document provides a quick and thorough understanding on how businesses accept electronic payments,

More information

EMV Acquiring at the ATM: Early Planning for Credit Unions

EMV Acquiring at the ATM: Early Planning for Credit Unions EMV Acquiring at the ATM: Early Planning for Credit Unions EMV Adoption Recent data breaches and planned Network Liability shifts have increased the interest in EMV at the ATM and have affected the planned

More information

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know Sage 100 ERP I White Paper What You Need to Know Over the past few years, credit and debit card acceptance has come on the scene as a required payment option. Similarly, the number of customers using credit

More information

PCI PA-DSS Requirements. For hardware vendors

PCI PA-DSS Requirements. For hardware vendors PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through

More information

PCI DSS 101- The background you need for understanding the PCI DSS

PCI DSS 101- The background you need for understanding the PCI DSS PCI DSS 101- The background you need for understanding the PCI DSS Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies www.nntws.com

More information

Securing the Payments System. The facts about fraud prevention

Securing the Payments System. The facts about fraud prevention Securing the Payments System The facts about fraud prevention Contents Introduction 3 Visa s Security Programme 4 Fraud Types and Threats 6 Fraud Statistics and Research 7 Visa s Security Agenda for New

More information

A Guide to EMV Version 1.0 May 2011

A Guide to EMV Version 1.0 May 2011 Table of Contents TABLE OF CONTENTS... 2 LIST OF FIGURES... 4 1 INTRODUCTION... 5 1.1 Purpose... 5 1.2 References... 5 2 BACKGROUND... 6 2.1 What is EMV... 6 2.2 Why EMV... 7 3 THE HISTORY OF EMV... 8

More information

The EMV Readiness. Collis America. Guy Berg President, Collis America berg@collisamerica.com +1 651 925 5411

The EMV Readiness. Collis America. Guy Berg President, Collis America berg@collisamerica.com +1 651 925 5411 The EMV Readiness Collis America Guy Berg President, Collis America berg@collisamerica.com +1 651 925 5411 1 Collis Solutions & Markets Finance Consultancy Card Payments SEPA Financial Risk Mgmt Test Tools

More information

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public

Identifying Security. Payment System. Federal Reserve Bank. Ellen Richey Chief Enterprise Risk Officer Visa Inc. Visa Public Identifying Security Issues in the Retail Payment System Federal Reserve Bank Chicago Ellen Richey Chief Enterprise Risk Officer Visa Inc. June 5, 2008 Agenda 1. The Data Security Landscape 2. Recent Trends

More information

Data Security Basics for Small Merchants

Data Security Basics for Small Merchants Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate.

MasterCard PCI & Site Data Protection (SDP) Program Update. Academy of Risk Management Innovate. Collaborate. Educate. MasterCard PCI & Site Data Protection (SDP) Program Update Academy of Risk Management Innovate. Collaborate. Educate. The Payment Card Industry Security Standards Council (PCI SSC) Open, Global Forum Founded

More information

EMV: A to Z (Terms and Definitions)

EMV: A to Z (Terms and Definitions) EMV: A to Z (Terms and Definitions) First Data participates in many industry forums, including the EMV Migration Forum (EMF). The EMF is a cross-industry body focused on supporting an alignment of the

More information

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to

More information

Information about this New Guide

Information about this New Guide Information about this New Guide New Guide This PayPass POS Host/Payment Software Implementation Guide, dated September 2007, is an entirely new guide. Contents This guide helps point-of-sale (POS) host/payment

More information

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out. Wayne EMV Solutions Protect your business with a complete EMV Solution inside and out. The transition to Europay, MasterCard, Visa (EMV) standards: Significantly reduce your risk of payment card fraud

More information

Visa Inc. PIN Entry Device Requirements

Visa Inc. PIN Entry Device Requirements Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);

More information

The Canadian Migration to EMV. Prepared By:

The Canadian Migration to EMV. Prepared By: The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for

More information

How Secure are Contactless Payment Systems?

How Secure are Contactless Payment Systems? SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2

More information

How To Protect Your Credit Card Information From Being Stolen

How To Protect Your Credit Card Information From Being Stolen Visa Account Information Security Tool Kit Welcome to the Visa Account Information Security Program 2 Contents 1. Securing cardholder data is everyone s concern 4 2. Visa Account Information Security (AIS)

More information

Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies

Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies images: Fotolia Situation Report - Payment Card Fraud 2012 Public Version Situation Report Payment Card Fraud in the European Union Perspective of Law Enforcement Agencies This Europol product analyses

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

Project Title slide Project: PCI. Are You At Risk?

Project Title slide Project: PCI. Are You At Risk? Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

American Bankers Association

American Bankers Association Statement for the Record Of the American Bankers Association before the Committee on Small Business United States House of Representatives Statement for the Record American Bankers Association Committee

More information

Chip Card (EMV ) CAL-Card FAQs

Chip Card (EMV ) CAL-Card FAQs U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents

More information

PREVENTING PAYMENT CARD DATA BREACHES

PREVENTING PAYMENT CARD DATA BREACHES NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction

More information

Payment Card Industry Compliance Overview

Payment Card Industry Compliance Overview January 31, 2014 11:30am 12:30pm Central Hosted by: Texas.gov Presented by: Jayne Holland Barbara Brinson Payment Card Industry Compliance Overview Securing Government Payments Audio Dial In: 866-740-1260

More information

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer Laboratory www.torproject.org

More information

EMV mobile Point of Sale (mpos) Initial Considerations

EMV mobile Point of Sale (mpos) Initial Considerations EMV mobile Point of Sale EMV mobile Point of Sale (mpos) Initial Considerations Version 1.1 June 2014 2014 EMVCo, LLC ( EMVCo ). All rights reserved. Any and all uses of the EMV Specifications ( Materials

More information

Visa global Compromised Account

Visa global Compromised Account Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers

More information

Payment Card Industry Update and Cyber Risk Management

Payment Card Industry Update and Cyber Risk Management Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, 2015 2014 ARTHUR

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1

Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 Suzanne Lynch Professor of Practice Economic Crime Utica College sl6-15 1 The most significant trend is decreasing paper payments and increasing electronic payments. Many organizations are also seeing

More information

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic

More information

Payments Fraud: It's Not Fun & Games

Payments Fraud: It's Not Fun & Games Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice

More information