1 NCR Secure Pay FAQ Updated June 12, 2014 Contents What is NCR Secure Pay?... 1 What is the value of NCR Secure Pay?... 2 Host-based Settlement... 2 Token Replacement... 2 Point-to-Point Encryption (P2PE)... 2 Getting Started with NCR Secure Pay... 3 NCR Counterpoint Gateway... 4 Why switch to NCR Secure Pay?... 4 How is NCR Secure Pay different from NCR Counterpoint Gateway?... 4 NCR Counterpoint Mobile... 5 NCR Retail Online... 6 P2PE Hardware FAQ... 6 Europay, MasterCard, Visa (EMV)... 8 Additional Questions... 9 Secure Pay Details... 9 Processors Card Settlement and Manual Card Entry Connectivity What is NCR Secure Pay? NCR Secure Pay allows you to process payments in a PCI-DSS compliant and secure manner. This hosted electronic payment gateway works with NCR Counterpoint and NCR Retail Online for credit cards, debit cards, and stored value cards (gift cards). NCR Secure Pay helps you minimize your risk for a credit card security breach by taking credit card storage out of your local system and moving it to our NCR Secure Pay host. Big box stores aren t the only ones affected by security breaches; retailers of all sizes need to be aware of how to protect their businesses. Credit Card data breaches are expensive - even a modest exposure of 50 customer credit card numbers can result in unplanned costs of $10,000 or more in penalties, fees, time expenditure, and, the most difficult to quantify: reputation. (Source for penalty data)
2 What is the value of NCR Secure Pay? NCR Secure Pay was built to provide a hosted payment processing platform offering the highest level of payment security. It is our next generation gateway product to NCR Counterpoint Gateway. In addition to supporting additional processors, NCR Secure Pay also provides additional security measures including Token Replacement and Point-to-Point Encryption (P2PE), which is available when NCR Secure Pay-encrypted hardware is used. Host-based Settlement NCR Secure Pay uses host-based settlement, which stores transaction information at NCR s host, rather than your NCR Counterpoint installation, until settlement. This provides flexibility allowing settlement to be easily automated from the host or initiated from any web browser by using the NCR Secure Pay merchant portal. Token Replacement NCR Secure Pay automatically utilizes token replacement, also known as tokenization, which allows NCR Counterpoint to store a token instead of an actual card number. The card number is stored at the NCR Secure Pay host in its encrypted database. This functionality is used to securely store a customer's card number for future purposes such as validated returns and card-on-file transactions. Point-to-Point Encryption (P2PE) Point-to-point encryption (P2PE) ensures sensitive credit and debit card data is protected from first card swipe, while in transit, all the way to the NCR Secure Pay host. State of the art encrypting devices encrypt cardholder information prior to performing an electronic payment transaction. These sophisticated devices use strong encryption and industry standard key management technologies to encrypt and transmit cardholder data securely over any network. NCR Secure Pay provides point-to-point encryption for credit and debit transactions when an encrypting MSR is used. The MSR hardware is injected with NCR Secure Pay encryption keys, so NCR Counterpoint never has the actual card information. Only the NCR Secure Pay host has the keys to decrypt the data before sending it to the processor. What are the benefits of P2PE? Credit card data is encrypted throughout its lifecycle in your environment, increasing security, and reducing the risk of a credit card data breach. What are the requirements for P2PE? You will need to use an NCR Secure Pay encrypting MSR to take advantage of P2PE. What are the implications of P2PE on PCI Compliance? The merchant should still assume that they need to complete self-assessment questionnaires regularly as a part of their PCI compliance efforts. However, use of P2PE and token replacement should result in decreased scope for PCI.
3 Getting Started with NCR Secure Pay How do I sign up for NCR Secure Pay? You can register online through the NCR Counterpoint User Portal: https://userportal.counterpointpos.com/solution/merchant-services/ncrsecurepay.htm?do=register Do I need to buy new hardware to use NCR Secure Pay? No, you do not need new hardware to start realizing the benefits of tokenization and hosted settlements with NCR Secure Pay. However, if you would like to take advantage of P2PE offered with NCR Secure Pay, you will need to have NCR Secure Pay encrypted hardware. Find more details in the P2PE Hardware FAQ on page 6. What are the requirements for taking advantage of NCR Secure Pay? NCR Counterpoint: You must be using NCR Counterpoint version or higher to take advantage of NCR Secure Pay. In order to utilize the point-to-point encryption (P2PE) capabilities of NCR Secure Pay, you will also need to purchase NCR Secure Pay encrypting MSRs from NCR that have been injected with NCR Secure Pay encryption keys. NCR Retail Online (NRO): Credit card processing through NCR Retail Online will always be done using NCR Secure Pay. What is the pricing for NCR Secure Pay? The pricing for NCR Secure Pay is the same as it was for NCR Counterpoint Gateway: Description Standard NCR Merchant Solutions Activation Fee $150 $100 Transaction Fee Up to 4,000 / month Up to 7,000 / month More than 7,000 / month More than 15,000 / month Up to 2,000 / month, avg ticket under $40 $0.075 $0.07 $0.06 Request Quote Request Quote $0.05 $0.04 $0.04 Request Quote Request Quote Minimum Monthly Fee $20 $15 Minimum Inactive Fee $5 $5 What is the billing process for NCR Secure Pay? You will receive a monthly invoice for NCR Secure Pay. What is the URL for the NCR Secure Pay Merchant Portal? https://portal.ncrsecurepay.com
4 NCR Counterpoint Gateway Why switch to NCR Secure Pay? For the same price, NCR Secure Pay offers a PCI compliant electronic payment processing solution with access to an expanded list of processors and added security features, including Tokenization and Pointto-Point Encryption (P2PE) that are not available with NCR Counterpoint Gateway. Pricing for NCR Secure Pay is not affected by whether NCR Secure Pay encrypting hardware is used. P2PE encrypting hardware for NCR Secure Pay cannot be purchased on the open market and must be purchased directly from your NCR Authorized Partner. Please note that you do not need new hardware to start realizing the benefits of tokenization and hosted settlements with NCR Secure Pay. However, if you would like to take advantage of P2PE offered with NCR Secure Pay, you will need to have NCR Secure Pay encrypted hardware. Find more details about P2PE Hardware on page 6. How is NCR Secure Pay different from NCR Counterpoint Gateway? Added Functionality:. NCR Secure Pay offers Point-to-Point Encryption (P2PE) with encrypting MSR hardware which ensures credit card data is encrypted throughout its lifecycle in a merchant s environment, increasing security. NCR Counterpoint Gateway does not. NCR Secure Pay offers token replacement to NCR Counterpoint in cases where encrypted credit card data would typically be retained. NCR Counterpoint Gateway does not. NCR Secure Pay offers an expanded list of Credit Card and Gift Card processors. See our full list of Processors on page 10. Other Differences: NCR Secure Pay offers host-based settlement (NCR Counterpoint Gateway uses terminal-based settlement) which adds to system security by removing all cardholder data from the NCR Counterpoint database and allows settlement to be easily automated from the host or initiated from any web browser by using the NCR Secure Pay merchant portal. NCR Secure Pay is hosted in NCR's Beltsville, Maryland data center, while NCR Counterpoint Gateway is hosted in NCR's (formerly Radiant's) Dallas Data Center. NCR Secure Pay uses a third-party processing engine, Monetra, from Mainstreet Software, while NCR Counterpoint Gateway was written internally. For customers with multiple locations, each location will have its own separate merchant with the processor. A separate NCR Secure Pay account is also required for each location. These accounts can be configured on the NCR Counterpoint User Portal (https://userportal.counterpointpos.com/). Some transaction behaviors are different with NCR Secure Pay: o Sale transactions originating at an NCR Secure Pay store can be refunded at a different NCR Secure Pay store using a validated return but the refund will be applied to the store that originally created sale. This behavior is not consistent with NCR Counterpoint Gateway. o Orders created at an NCR Secure Pay store with a final payment card recorded can be released at a different NCR Secure Pay store but the final payment will be applied to the store that created the order. Again, this behavior is not consistent with NCR Counterpoint Gateway.
5 o Orders created at an NCR Secure Pay store with a final payment card recorded can accept deposits using the final payment card at a different NCR Secure Pay store, but the originating store will receive the deposit. o Note: Transactions originating at a NCR Counterpoint Gateway store can be completed at NCR Secure Pay stores since the stored credit card number can be used against NCR Secure Pay. The store receiving the charge in these transactions is the store completing the transaction. This behavior is consistent with NCR Counterpoint Gateway behavior today. NCR Counterpoint Gateway has support for dial back-up via CPDialup. With NCR Secure Pay to achieve dial back-up, you will need to use an ISP that supports dial back-up using a router. NCR Counterpoint Gateway supports check validation and EBT. NCR Secure Pay does not support either. NCR Counterpoint Gateway is integrated with Counterpoint V7 and NCR Counterpoint Online (CPO). NCR Secure Pay is not integrated with either. Are there any differences in speed between NCR Secure Pay and NCR Counterpoint Gateway? We have not benchmarked authorization speed yet, but we expect the processing time to be comparable as most of the time spent processing a transaction is with the processor, not NCR Counterpoint Gateway or NCR Secure Pay. What is the future of NCR Counterpoint Gateway? There is no plan to stop supporting NCR Counterpoint Gateway and force merchants to use NCR Secure Pay at this time. Merchants can keep using NCR Counterpoint Gateway, although new merchants will sign up for NCR Secure Pay by default, and NCR Retail Online merchants will be required to use NCR Secure Pay. NCR Counterpoint Gateway will be available at least through the end of 2015 to support Counterpoint V7, which will not interface to NCR Secure Pay. How do I move from NCR Counterpoint Gateway to NCR Secure Pay? First, you will need to ensure you are running version or above of NCR Counterpoint. To make the move you will initiate sign-ups for NCR Secure Pay on the NCR Counterpoint User Portal: https://userportal.counterpointpos.com/solution/merchant-services/ncrsecurepay.htm?do=register The sign-up fee for NCR Secure Pay is waived for merchants who move from NCR Counterpoint Gateway to NCR Secure Pay. Please use the promo code in the you received or contact to get a promo code to waive the sign-up fees. While you do not need new hardware to start realizing the benefits of tokenization and hosted settlements with NCR Secure Pay, if you would like to take advantage of NCR Secure Pay's P2PE capabilities, you will need to have NCR Secure Pay encrypted hardware. NCR Counterpoint Mobile Will NCR Secure Pay work with CPMobile? Yes. However, point-to-point encrypting MSRs for IOS devices are not available for use with NCR Counterpoint Mobile yet. We do not yet have a projected date for their availability.
6 NCR Retail Online How does NCR Secure Pay work with NCR Retail Online? NCR Retail Online uses what is known as the direct post method to access NCR Secure Pay. This means that when a customer creates an order on an NCR Retail Online site, the payment card information will be sent directly into the NCR Secure Pay host, and not the NCR Retail Online platform/application. Credit card settlement then happens at the host manually or on a scheduled basis as configured on the NCR Secure Pay merchant portal. The interface between NCR Retail Online and NCR Secure Pay is an NCR-developed and owned "extension" of Magento Community Edition. To process credit cards on NCR Retail Online, you must use NCR Secure Pay. What is the benefit of using NCR Secure Pay with NCR Retail Online? With the "direct post" method of processing card information, the NCR Retail Online platform does not retain the credit card data and is out of scope for PCI purposes. Where do I settle my NCR Retail Online credit cards? You will login to the NCR Secure Pay merchant portal (https://portal.ncrsecurepay.com) and initiate settlement manually or schedule settlement to happen at a pre-defined time every day. If I am using NCR Retail Online, does my NCR Counterpoint site have to use NCR Secure Pay as well? No. The implication of having this "split" environment is that there will be two settlements - one from NCR Secure Pay (for NCR Retail Online transactions) and one from NCR Counterpoint Gateway (for NCR Counterpoint transactions). This split settlement will be required until general release of NCR Secure Pay in 2014, and you will receive two invoices each month. Can I still use NCR Counterpoint Gateway with NCR Retail Online? No. NCR Retail Online is not integrated to NCR Counterpoint Gateway. I am a legacy Counterpoint Online customer. Can I use NCR Secure Pay? You can use NCR Secure Pay for NCR Counterpoint; however, you cannot use NCR Secure Pay for your Counterpoint Online site. We are not planning to integrate NCR Secure Pay with Counterpoint Online. If you use NCR Counterpoint Gateway for credit processing with Counterpoint Online and NCR Secure Pay for use with NCR Counterpoint, there will be two settlements, deposits, and monthly bills, one for each gateway. P2PE Hardware FAQ What hardware is available to take advantage of NCR Secure Pay's Point-to-Point Encryption capabilities? For pilot, only the MagTek Dynamag MagneSafe USB MSR is available, as of May 20, Our plans are as follows for NCR Secure Pay's General Release a. USB MSR: MagTek Dynamag MagneSafe USB MSR (Manufacturer model number ) b. Signature Capture, MSR, and PIN Debit: Ingenico isc250 c. POS Terminal HW: R7
7 How does the key injection process work for hardware that is injected with NCR Secure Pay encryption keys? Do I have to do anything to turn on encryption at the site? MSR Hardware must be injected with keys from the NCR Secure Pay hosts in order to do Point-to-Point Encryption with NCR Secure Pay. This ensures that data encrypted by the hardware can only be decrypted by NCR Secure Pay. The process is very similar to debit pin pad encryption, except rather than encrypting for a certain processor, we are encrypting for NCR Secure Pay. Encrypting MSR hardware must be purchased through your NCR Counterpoint Business Partner and will come with keys injected already. There is no onsite effort to turn on NCR Secure Pay P2PE encryption for equipment that is ordered from NCR with NCR Secure Pay encryption. Note: if you are using PIN debit, your hardware devices must also be injected with debit keys for your processor. Is hardware maintenance available for encrypted NCR Secure Pay hardware? Yes, the same hardware maintenance options that are available for non-encrypted hardware are available for encrypted NCR Secure Pay hardware. Which NCR POS terminals will have encrypting MSRs built-in for use with NCR Secure Pay? The R7, piloting in Q and generally available in Q4 2014, will definitely have an NCR Secure Pay built-in MSR option. The P1530 platform is currently being reviewed for feasibility of including an NCR Secure Pay built-in MSR. What is the timeline for the P1530 with NCR Secure Pay encrypting readers built-in? We are currently reviewing whether a P1530 solution with built-in NCR Secure Pay readers is feasible. Our new R7 POS will have the option of an NCR Secure Pay encrypting built-in MSR. If you hand-key a credit card number into an encrypting Ingenico device, will it be encrypted? Yes. The requirements provided to Ingenico for the isc250 encryption include encryption of manually keyed card numbers using NCR Secure Pay encryption. If you hand-key a credit card number into an encrypting Ingenico device or directly into NCR Counterpoint, will it be tokenized? When a cashier manually enters a credit card number on a ticket in a Secure Pay environment, tokenization will still occur. Even for manually-entered credit card numbers, the credit card transaction is stored in the NCR Secure Pay host database. After settlement, the data will be stored for one year in the Secure Pay host database, after which validated returns will no longer recognize the card number that was used in the original purchase. Does the encrypted card number go through the NCR Counterpoint server? When NCR Counterpoint uses NCR Secure Pay for credit processing, credit card information goes directly from the NCR Counterpoint workstation to the NCR Secure Pay host, and does not go through the NCR Counterpoint server. If I change processors do I need new hardware? Each PIN debit device is injected with separate keys for PIN encryption. NCR Secure Pay cannot decrypt PINs. If you change processors, and are using PIN debit, you will need to obtain new PIN pads or have your existing hardware re-injected with new PIN debit keys.
8 Can I have a mix of NCR Secure Pay encrypted hardware and non-ncr Secure Pay encrypted hardware? Yes. In a mixed scenario, NCR Secure Pay encrypting HW will offer Point-to-Point Encryption, and nonencrypting HW will use our standard NCR Counterpoint security measures. Since not all data entering the system is NCR Secure Pay encrypted, the site will not realize the full benefit of P2PE. Who issues the encryption key and holds the private decryption key? The NCR Secure Pay host issues the encryption key that is injected into the encrypting payment device, and the NCR Secure Pay host also retains the private key. That key is either injected by NCR or securely transmitted to an alternate HW vendor for injection into the device. NCR Secure Pay s Hardware Security Module (HSM), stores all key materials to perform cryptographic operations. Europay, MasterCard, Visa (EMV) What is EMV? EMV is a set of global standards for electronic payment cards utilizing an embedded processor on the physical payment card rather than a magnetic stripe on the back of a payment card, as is standard in the United States payment industry today. What are the benefits of EMV? Because of the smart card processor embedded in the payment card and the hardware required to read the card, creation and use of fraudulent cards is much less likely. Also, the consumer retains possession of cards at all times during a transaction, increasing security of the individual transaction. Am I required to support EMV? Processors were mandated to support EMV in April 2013 and merchants will be required to accept EMV in October 2015, or risk being financially liable in the event that a fraudulent card is used in the merchant s location. What is NCR s plan to support EMV? NCR Secure Pay development of EMV support is currently in progress. We expect to begin certifying processors with NCR Secure Pay in Q The Ingenico isc250 hardware platform already supports EMV with both signature and PIN from a manufacturer s standpoint and we will be adding support for these EMV capabilities in NCR Counterpoint. A device software update will be needed for any Ingenico isc250s in the field today in order to support EMV. EMV support through NCR Counterpoint using NCR Secure Pay and the Ingenico isc250 will be released in Is specific hardware required for EMV? Yes. EMV support will require using the Ingenico isc250. A device software update will be needed for any Ingenico isc250s in the field today in order to support EMV, but additional injection of keys in a secure facility is not required for EMV. How does supporting EMV impact PCI-DSS compliance? Currently, there is no overlap between PCI-DSS compliance and EMV. Support for EMV will required in 2015 and will help with liability in the event a fraudulent card is used.
9 Additional Questions Secure Pay Details What is the Monetra Processing Engine? NCR Secure Pay uses the Monetra processing engine (sometimes referred to as a 'gateway' or 'switch') to interface to credit, debit, and gift card processors. Monetra is a PA-DSS validated payment engine from Main Street Software, which will be hosted in a PCI compliant data center. Monetra does not have a web interface, so NCR has developed a browser-based Merchant Portal to allow merchants to configure their processing accounts. Merchants will also be able to schedule unattended settlement and have the results sent via . Where is NCR Secure Pay hosted? NCR Secure Pay is hosted in NCR's Beltsville, MD Data Center. The data center has the following Certifications/Standards/Compliance: d. SSAE 16 e. SOC 2 Type 2 f. PCI-DSS (Service Provider) on NCR Secure Pay platform g. ISO certified in Beltsville and at the Disaster Recovery site in Mason, Ohio h. FFIEC conducts an annual review of 4 weeks duration on behalf of financial institutions with a presence in the facility Is NCR Secure Pay PCI compliant? Yes Does using NCR Secure Pay make mea merchant PCI compliant? Use of NCR Secure Pay, even with NCR Secure Pay encrypting hardware and token replacement, does not automatically mean that a merchant isyou are PCI compliant, nor does it take a merchant's your site out of scope for PCI compliance, although its use is expected to reduce scope for PCI and make PCI compliance easier to obtain. PCI has developed requirements regarding End-to-End Encryption validation (also known as Point-to-Point Encryption), and we are working closely with our QSA, Coalfire, who sits on the PCI advisory board, to stay up-to-date on changes in this area and determine if the benefits of PCI P2PE validation outweigh the cost to the merchant of that certification. When using NCR Secure Pay, is credit card info (card #, exp date, etc.) stored in the NCR Counterpoint database? No cardholder data or sensitive authentication data is stored including card numbers and expiration dates. This is the primary benefit of tokenization.in addition to storing a token which will allow you to access transaction information for returns and other operations, you will have masked card information. NCR Secure Pay sends the first 6 and last 4 digits of the credit card as well as the expiration date and cardholder name which are useful in transaction lookups and reporting. Does NCR Secure Pay handle final payment processing on orders and layaways? Yes, final payment for orders and layaways will use tokenized credit card data. With P2PE, will I still have access to partial card number information for receipts and lookups? With P2PE MSRs, the MSR passes us both an encrypted credit card number, as well as masked credit card number for credit card look-ups, printing on receipts, etc.
10 Processors What types of payment transactions and processors are supported by NCR Secure Pay? Credit Card, PIN Debit Card, and Stored Value Card transactions (Gift Card transactions where Counterpoint Gift Cards are not used). Does NCR Secure Pay support every credit processor, gift card interface, and check processing host that is listed on the Monetra website (http://www.monetra.com)? NCR Secure Pay does not support all Monetra processors. We will first focus on delivering interface compatibility similar to NCR Counterpoint Gateway, along with new strategic processors. Support for additional processors will be added over time. Which processors are supported by NCR Secure Pay, with what capability, and when? Available at General Release July 31, 2014: Processor Name Credit PIN Debit Stored Value Cards Cards NCR Merchant Solutions (WorldPay/Lynk) First Data North (Cardnet) Chase Paymentech TSYS/Vital/VisaNet First Data South (Nabanco) Stored Value Systems (SVS) Elavon (Nova) * Mercury Payment Systems * Vantiv (Fifth Third Bank) * *Not supported with NCR Counterpoint Gateway. New for use with NCR Counterpoint! Future, Post-General Release Dates for Availability TBD: Processor Name Credit PIN Debit Stored Value Cards Cards First Data Omaha (ETC+) * Heartland Payment Systems * Elavon (Nova) * Mercury Payment Systems * Vantiv (Fifth Third Bank) * Global Payments * Givex * Chockstone Gift Valutec * *Not supported with NCR Counterpoint Gateway. New for use with NCR Counterpoint!
12 Card Settlement and Manual Card Entry How do I settle credit cards with NCR Secure Pay? Can I do automated settlements? You can log into the NCR Secure Pay merchant portal and initiate settlement manually or schedule settlement to happen at a pre-defined time of your choosing every day. What is the difference between host-based and terminal-based credit card settlement? The terms host-based and terminal-based refer to where the transactions are stored after authorization until they are settled. Terminal-based settlement requires the client application (NCR Counterpoint) to store transactions including card numbers and send all batch details to the host at time of settlement. Host-based settlement uses the same data but relies on the host to store the transactions. Settlement can occur purely on the host without the need for any additional data from NCR Counterpoint. This allows for settlement to be easily automated from the host or initiated from any web browser by using the NCR Secure Pay merchant portal. NCR Secure Pay can be considered a host-based system since it stores the transactions until settlement. Note that Monetra uses both terminal-based and host-based processor interfaces depending on the processor, but it is still a host-based system from NCR Counterpoint's perspective. Does host-based settlement completely remove authorizations from NCR Counterpoint? With host-based settlement, transaction data can be retained and later used for things like Validated Returns, but the actual credit card information is tokenized in those transactions. How does host-based settlement affect the card-on-file functionality in NCR Counterpoint for monthly billing? NCR Secure Pay supports tokenization which allows NCR Counterpoint to store a token instead of an actual card number while NCR Secure Pay stores card numbers in its encrypted database. This token allows for card-on-file transactions. What kind of settlement reporting does NCR Secure Pay have? Full reporting including transaction detail is available via the NCR Secure Pay merchant portal. What access do I have to credit card transaction information with NCR Secure Pay? You have online access, via the NCR Secure Pay merchant portal, to all credit card transaction information except full card numbers. Will manual entry of credit card numbers be possible in NCR Counterpoint using NCR Secure Pay? Yes. If you are using Ingenico isc250's for P2PE, you can maintain P2PE by having users enter credit card numbers manually on the Ingenico isc250. There is no provision for maintaining P2PE by entering credit card numbers manually into the NCR Counterpoint software. While NCR Counterpoint will not store the credit card numbers unencrypted if entered manually, the software will have knowledge of the credit card number before encrypting it. That said, if P2PE is not a concern, then manual entry in Counterpoint is still available functionality.
13 Connectivity Is there a dial-up option for NCR Secure Pay? (Related: If I am using NCR Secure Pay and lose access to it through a lost connection on my end or the host end, what alternatives do I have for taking payments?) Any high speed Internet connection can be used. Some routers offer automatic dial-up failover in case of a broadband connectivity failure. How reliable/available is NCR Secure Pay? Are there any availability or uptime guarantees? Our target is 99.99% or better application availability, which is less than an hour of unplanned inaccessibility per year. There are no availability or uptime guarantees. How will merchants, partners, and internal personnel be alerted to NCR Secure Pay availability issues/outages? Via , as is done with NCR Counterpoint Gateway today.
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
Office of Finance and Treasury How to Accept & Process Credit and Debit Card Transactions Procedure Related Policy Title Credit Card Processing Policy For University Merchant Locations Responsible Executive
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,
EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed
QUICK REFERENCE GUIDE FUTURE PROOF TERMINAL Review this Quick Reference Guide to learn how to run a sale, settle your batch and troubleshoot terminal responses. INDUSTRY Retail and Restaurant APPLICATION
Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper June 05 White Paper Author: Andrey Sazonov CISA, QSA, PA-QSA email@example.com Nick Trenc QSA, PA-QSA firstname.lastname@example.org
EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
SETUP GUIDE High Speed Secure Credit Card Processing Thank you for your purchase of Hamilton products! In this handy guide, you will discover: WHAT IS INCLUDED ADDITIONAL REQUIREMENTS HOW IT WORKS SETUP
EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,
EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
ICVERIFY V4.2 Processor List (also known as First Data Payment Software) First Data Merchant Services - Atlanta (Concord Buypass) Debit/ATM cards with DUKPT and TDES encryption including Cash back Check
ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone! Presenters: Cliff Gray Senior Associate of The Strawhecker Group Jon Bonham CISA, Coalfire The opinions of the contributors
White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,
ACH - Automated Clearing House for member banks to process electronic payments or withdrawals. (Credits or debits to a bank account) through the Federal Reserve Bank. Acquiring Bank - Licensed Visa/MasterCard
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information
Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year Over 80% of compromised systems were card present or in-person transactions
Blank slide Project Title slide Project: PCI Are You At Risk? Agenda Are You At Risk? Video What is the PCI SSC? Agenda What are the requirements of the PCI DSS? What Steps Can You Take? Available Services
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Self-Assessment Questionnaire C-VT Version 2.0 October 2010 Attestation of Compliance, SAQ C-VT Instructions for Submission
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
PCI Compliance 101: Payment Card Industry Basics Data Security Standards Compliance Wednesday, July 20, 2011 2:00 pm 3:00 pm EDT This complimentary webinar is brought to you by ASAE-Endorsed Business Solutions
PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
ODPS/BMV RFP QUESTIONS AND ANSWERS October 5, 2015 1. We planned on submitting our response just through email. Do we also have to send the pricing on a CD? No, the pricing can be sent by email also. However,
About PSC With offices in the USA, Canada, UK and Australia, PSC is a leading PCI, PA DSS, and P2PE assessor, PCI Forensics Company and Approved Scanning Vendor. PSC is one of an elite few companies qualified
Presented by: Sam Campisi, Business Relationship Manager, OECM Bruce Averill, Account Executive Sales, Chase Paymentech Kevin Brock, National Sales Director Sales, Chase Paymentech Today you will learn
PCI/PA-DSS FAQs Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions What is PCI DSS? The Payment Card Industry Data
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
SAN DIEGO STATE UNIVERSITY RESEARCH FOUNDATION CREDIT CARD PROCESSING & SECURITY POLICY MERCHANT SERVICES POLICIES & PROCEDURES POLICY STATEMENT Introduction Some San Diego State University Research Foundation
CREDIT CARD PROCESSING GLOSSARY OF TERMS 3DES A highly secure encryption system that encrypts data 3 times, using 3 64-bit keys, for an overall encryption key length of 192 bits. Also called triple DES.
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the
BACKGROUND State of Wisconsin agencies accepted more than 6 million credit/debit card payments annually through the following payment channels: Point of Sale (State agency location) Point of Sale (Retail-agent
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
Ebook 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE YOUR PCI SCOPE 2015 SecurityMetrics 5 TIPS TO PAY LESS FOR PCI COMPLIANCE 1 5 TIPS TO PAY LESS FOR PCI COMPLIANCE SIMPLE STEPS TO REDUCE
Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting
Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the
The Petroleum Marketer s PCI compliance Reference Guide 1. Become familiar with the 12 standards of card data security: Build and maintain a secure network Requirement 1 Install and maintain a firewall
PRODUCT FLYER Mail Telephone Order Financial Systems is a fully-featured, modular software suite designed to support financial institutions and enterprises in the management and optimization of recurring
PCI FAQ And MYTHS FREQUENTLY ASKED QUESTIONS (FAQ): Q: What is PCI? A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process,
The Value of a Payment Gateway White Paper The Ever-Evolving Payment Landscape There s no way around it. No matter what size your business is or what industry you work in, if you accept credit cards, keeping
Payment Gateway Solutions The Fusion Factor: Building Next Generation Gateway Solutions Elavon, Southern DataComm (SDC), and Global Card Services (GCS) bring together more than 20 years of experience in
CREDIT CARD PROCESSING POLICY AND PROCEDURES Note: For purposes of this document, debit cards are treated the same as credit cards. Any reference to credit cards includes credit and debit card transactions.
Benefits of Integrated Credit Card Processing Within Microsoft Dynamics GP White Paper May 2011 Copyright Copyright 2011 k-ecommerce. All rights reserved. Complying with all applicable copyright laws is
POS NEWS UPDATE 2011 In 2006, Visa International, MasterCard Worldwide, Discover Financial Services and JCB jointly announced the formation of an independent council designed to manage the ongoing evolution
CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt
Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008 What is the PCI DSS? And what do the acronyms CISP, SDP, DSOP and DISC stand for? The PCI DSS is a set of comprehensive requirements
Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission
PAYMENT GATEWAY Document Version 1304301 Copyright 2013 epaymentamerica, Inc. All Rights Reserved Table of Contents Introduction... 4 Overview... 5 Ch 1: Beginning to Use EPA Gateway.. 6 Logon as a Merchant...6
1. Introduction 1.1. Purpose and Background 1.2. Central Coordinator Contact 1.3. Payment Card Industry Data Security Standards (PCI-DSS) High Level Overview 2. PCI-DSS Guidelines - Division of Responsibilities
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
Configuring Keystroke with KeyPay Please read the PA-DSS Implementation Guide for Keystroke POS from our website before proceeding. It is also installed in the \KEYSTROK\DOC subdirectory on your computer.
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce
PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce
E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5
Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than
PRODUCT FLYER General Routing Financial System is modular software suite designed to support enterprises providing a MOTO Gateway (Mail Order Telephone Order), complete with tokenization, multi-acquiring
University of Virginia Credit Card Requirements The University of Virginia recognizes that e-commerce is critical for the efficient operation of the University, and in particular for collecting revenue.
Brochure More information from http://www.researchandmarkets.com/reports/1206263/ End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions
Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by Universal Transaction one or Gateway more of (UTG ), the 4Go, following and i4go U.S. are covered Pat. by Nos.: one or more 7770789, of
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
PAR Springer-Miller Systems Secure Payments Solution Solution Overview PAR Springer-Miller Systems has partnered with industry leaders Shift4 and Global Payments to introduce a unique end-to-end payment
Payment Cardholder Data Handling Procedures (required to accept any credit card payments) Introduction: The Procedures that follow will allow the University to be in compliance with the Payment Card Industry
VeriFone VeriShield Total Protect Technical Assessment White Paper Prepared for: September 4 th, 2013 Dan Fritsche, CISSP, QSA (P2PE), PA-QSA (P2PE) email@example.com Table of Contents EXECUTIVE
How Secure is Your Payment Card Data? Complying with PCI DSS SLIDE 1 PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security Practice PCI Practice Leader Francis has
PCI Point To Point Encryption (P2PE) An Overview Moderator Name: Erik Winkler Panelists Names: Sonjay Shepherd HiTouch Business Services, Adam Sommer MasterCard Definition of consists of cardholder data
SUBJECT: Policy and Procedures PAGE: 1 of 5 INTRODUCTION During fiscal year 2014, State of Wisconsin agencies accepted approximately 6 million credit/debit card payments through the following payment channels:
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE Complete Campus Coverage With the complexity of a college campus ecosystem as varied as the development office
Enterprise Payments for Table of Contents I. Introducing CardConnect II. III. IV. Gartner Tokenization Reporting Featuring CardConnect PCI Compliance, EMV & True Payment Security CardConnect for SAP V.
MARYLAND STATE TREASURER S OFFICE Louis L. Goldstein Treasury Building 80 Calvert Street, Room 109 Annapolis, Maryland 21401 QUESTIONS AND ANSWERS FOR REQUEST FOR PROPOSALS FOR MERCHANT SERVICES RFP #MCARD-07292015
Secure Card Reader Authenticators When it comes to card reading security and reliability Merchants, retailers and financial institutions rely on MagTek. Secure card reader authenticators (SCRAs) capture
Newsletter Vol. 87 - Introduction Softengine News is dedicated to keeping you up to date with the latest information regarding SAP Business One systems, Softengine solutions and Best Business Practices.
05.118 Credit Card Acceptance Policy Authority: Vice Chancellor of Business Affairs History: Effective July 1, 2011 Updated February 2013 Source of Authority: Office of State Controller (OSC); Office of
JCharge White Paper A company using an IBM iseries (AS/400) has several methods from which to choose in taking credit card payments. Whether the payments are for retail, mail order, phone order, or Internet
Debit and Credit Cards Save Time by Accepting Debit and Credit Cards with MDsuite! How it works: 1. Click the Credit Card button available in Quick Pay and Post Patient Payments. 2. Swipe the debit/credit
Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration