Data Protection and Mobile Payments. Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security
|
|
- Ethel Small
- 8 years ago
- Views:
Transcription
1 Data Protection and Mobile Payments Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security
2 2 Today s reality It s a data-centric world. And the data is getting More valuable... More regulated More accessible More vulnerable. The IT security landscape is changing - Your data is getting More valuable... More regulated More accessible More vulnerable.
3 3 These vulnerabilities are being exploited by all sides
4 4 Verizon Data Breach Report
5 5 Victim industry Source: Verizon 2013 Data Breach Investigations Report
6 6 Compromised data Source: Verizon 2013 Data Breach Investigations Report
7 7 Mobile threats global overview 5.6 million potentially malicious files reported on Android, of which 1.3 million are confirmed malicious by multiple AV vendors Source: APWG White Paper: Mobile Fraud, May 2013
8 8 Does anybody care? Source: Advanced Payments Report 2013 Edgar, Dunn & Company, Sponsored by First Data
9 9 Overview of PCI DSS What? Measures to protect card data Mandatory Created by card schemes Enforced via contract Why? Manage risk Reduce likelihood Reduce impact Reduce fraud Who? All entities which: Store cardholder data Process cardholder data Transmit cardholder data
10 PCI Point-to-Point Encryption
11 11 Scope reduction using P2PE PCI Point-to-Point Encryption Solution Requirements Defines requirements for P2PE solutions, with goal of reducing scope of PCI DSS assessment for merchants using such solutions Encrypted data is out of scope if, and only if, it has been validated that the entity that possesses encrypted cardholder data does not have the means to decrypt it.
12 12 Implementing P2PE Acquirer Domain Payments network POI (at the Merchant) Payment Gateway / P2PE Solution Provider Acquirer Switch Issuer P2PE Secure Link Data protected by payments network Reduces pain of audit compliance for merchant Eliminates card data from merchant environment Protects data from POS device to Gateway or Acquirer
13 13 Data breach the latest one Massive data breach exposed personal and financial information on more than 110 million customers 40 million cards, 70 million customer contact records Target CEO Gregg Steinhafel confirmed that the attackers stole card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores In the wake of breach, Steinhafel has urged retailers and banks to deploy EMV chip-based cards to thwart data breaches at the point of sale This time around, Target is not alone. Visa, MasterCard, American Express and Discover have all set timelines for most merchants to accept EMV cards by October 2015 Target announced a $5 million investment in a new cybersecurity coalition to help educate consumers and organizations about digital crimes and how to protect payment and personal data Krebson Security January 14, 2014 Bank Technology News January 21, 2014
14 14 Costs of breach, what is known so far Card Reissue US banks have re-issued 17.2 million cards following Target data breach Cost to US banks? Over $172 million according to figures from the Consumer Bankers' Association Includes: the card itself, informing consumers of a card reissuement, shipping and activating the card, supplemental communication via call centres and the internet Could also be liable for up to $3.6 billion in fines $90 fine for each cardholder s data compromised Finextra - Feb 7, 2014 TechCrunch Dec 23, 2013
15 15 Fact or fiction? EMV Cards would have prevented the breach The EMV-chip card is not really pertinent to how the breach occurred. The attacker's malware would have penetrated the payment system regardless of what type of cards the consumers were using The use of EMV chip cards would have helped from the standpoint of making it difficult for fraudsters to make duplicate cards Bank Technology News Jan 21, 2014
16 16 The merchant (Target) environment Merchant Acquirer / Store Switch Card Issuer Swipe or Swipe and Sign CVV/CVC EMV Cryptogram Data Decryption (PCI P2PE)
17 Tokenization in Data Protection
18 19 What is tokenization? Replaces original data with a Token Not necessarily mathematically related to the data Enable look-up of the PAN in a mapping system Token Database stores original data in encrypted form Segregate environment Protect the mapping system Systems handling tokens alone are out of scope Original Data Token Database Encrypted Original Data Encrypted Original Data Token Token Tokenized Data Encrypted Original Data Token Token mapping via a lookup table
19 20 Tokenization across an Enterprise CRM Global Credit Bank Global Credit Bank Global Credit Bank EXP 07/14 Tape Backups EXP 07/14 EXP 07/14 Global Credit Bank Customer Payments Loyalty Records EXP 07/14 DR Sites Global Credit Bank EXP 07/14 Global Credit Bank EXP 07/14 Global Credit Bank EXP 07/14 Dev & QA Environments Credit Card Data Warehouse Global Credit Bank Bookings Transaction Database Global Credit Bank EXP 07/14 Logs & Reports Global Credit Bank EXP 07/14 EXP 07/14 Token Database
20 21 Card scheme s press release on tokenization MasterCard, Visa and American Express Propose New Global Standard to Make Online and Mobile Shopping Simpler and Safer October 1, 2013 PURCHASE, N.Y., FOSTER CITY, Calif. and NEW YORK October 1, 2013 Visa (NYSE: V), MasterCard (NYSE: MA) and American Express (NYSE: AXP) today introduced a proposed framework for a new global standard to enhance the security of digital payments and simplify the purchasing experience when shopping on a mobile phone, tablet, personal computer or other smart device. Aligned with these initiatives, the proposed standard would meet this consumer demand and allow the traditional account number to be replaced with a digital payment token for online and mobile transactions. With a token, consumers will no longer be required to enter an actual account number when shopping online or on a smart device. Tokens provide an additional layer of security and eliminate the need for merchants, digital wallet operators or others to store account numbers.
21 22
22 23
23 24 Fun fact First 6 digits of a credit card number are known as: Issuer Identification Number (IIN) More commonly known as bank identification number (BIN) Issued under the ISO/IEC 7812 standard American Express : Card numbers beginning with 34 or 37. Japan Credit Bureau (JCB): Card numbers begin with 35. Diners Club: Card numbers begin with 36 or 38. Visa: Card numbers start with a 4. MasterCard: Card numbers start with the numbers 51 through 55. Discover: Card numbers begin with 6011 or 65.
24 26
25 27
26 Mobile Payments
27 30 Mobile banking Mobile Banking Mobile Payments It is a direct relationship between you and your bank You can view your account balances You can pay bills but: Mostly, these are only to accounts you registered to pay directly (electric, phone, etc.) You can transfer money between your accounts You may be able to make a deposit by taking a picture of a check you want to deposit You cannot walk into a store and pay for purchases with a mobile banking application
28 31 The future trend for payments Source: RSR research, March 2013
29 32 Who is leading the way? retailers are taking their leads from innovators PayPal and Google, whose success is driven not by service providers, but by consumers themselves Source: RSR research, March 2013
30 35 Mobile acceptance (mpos) Traditional POS Merchant Payment Service Provider Trusted devices, applications and networks Mobile POS Payment Gateway Untrusted devices, applications and networks
31 37 PCI s view on mobile payments
32 38 What about mobile acceptance (mpos) and P2PE? Smart Phone Or Tablet Acquirer Domain Payments network PCI-approved Secure Card Reader POI (at the Merchant) Payment Gateway / P2PE Solution Provider Acquirer Switch Issuer P2PE Secure Link Data protected by payments network Enables transaction data security for mpos Eliminates card data from mobile device and merchant environment P2PE used to protect the data An important component for mpos transactions!
33 39 Paying with mobile brings new challenges Traditional Four Corner Model defines a tightly controlled ecosystem Consumer s Cards Merchant s Systems Everything stays the same - but Phones are insecure They are consumer controlled Network They can t be read in stores Consumer s Bank Merchant s Bank
34 40 Expanded ecosystem several cooks in the kitchen Trusted Service Managers Mobile Wallet (TSM) Providers Mobile App Developers Handset Manufacturers Mobile Network Operators (MNO) The payments industry is no longer a private club Merchant s Systems Mobile Technology Providers Network Consumer s Bank Merchant s Bank
35 41 Secure element in the cloud - Host Card Emulation (HCE) 1. Realtime and/or batchfile import of card and personalization data 2. EMV command and cryptogram generation (key management / HSM) 3. Secure connection 4. Connection to client API with integrated cloud secure element support Courtesy of Bell ID
36 46 Introducing Thales
37 47 Thales Group GROUND AEROSPACE SPACE TRANSPORTATION DEFENSE SECURITY TRUSTED PARTNER FOR A SAFER WORLD Wherever safety and security are critical, Thales delivers. Together, we innovate with our customers to build smarter solutions. Everywhere.
38 48 Global leadership # 1 worldwide Payloads for telecom satellites Air Traffic Management Sonars Security for payment transactions # 2 worldwide 14 bn Revenues Rail signalling systems In-flight entertainment Military tactical radio 63,000 Employees # 3 worldwide 56 Countries Avionics Civil satellites Surface radars
39 49 Thales Hardware Security Modules Hardware Security Modules Tamper resistant, certified security Secure cryptographic operations High assurance key management nshield Multi-purpose HSM family payshield Payments HSM family
40 50 HSMs: trust platform for application security What are HSMs? What do HSMs do? Hardware Security Module Secure cryptographic operations Hardened, tamper-resistant devices isolated from host environment Protect critical cryptographic key material Alternative to software crypto libraries Enforce policy over use of key material Business Application Application Data HSM security boundary Data to be signed, encrypted/decrypted Encrypted/decrypted or signed data HSM Application Keys inside security boundary Secure crypto processing engine
41 51 Strongest protection for keys and critical applications Security Controls Strong isolation of key material and crypto processes from host environment Anti-tamper techniques for physical protection Typical Application Platforms HSM Based Trust Platforms Strong authentication for administrators Strongly segregated administration domains Strongly enforced dual controls for mutual supervision High integrity random number generation Processing offload to boost capacity
42 52 keyauthority centralized key management What does it do? Centralized control and automated lifecycle management for cryptographic keys Secure key generation, key vaulting and delivery Robust segregation of keys, users and applications Scalability to support millions of keys, thousands of devices Security hardening, tamperresistance - FIPS level 3 certification keyauthority What can it manage? Any KMIP compliant application or device Pre-validated interoperability with leading storage encryption products - IBM, HDS, Quantum, Sepaton, Brocade and more Cloud encryption solutions KMIP = Key Management Interoperability Protocol
43 53 Why Thales e-security? Our track record. Over 40 years of leadership delivering data protection solutions around the world Our customers. We secure some of the world s most valuable information and > 80% of payment transactions Our commitment. Hundreds of R&D staff dedicated to excellence in applied cryptography Our certifications. All our offerings are independently security certified - more than anyone else! Our support services. Our Advanced Solutions Group (ASG) provides world-class consulting, training, and deployment assistance Hardware Security Modules Key management systems Network encryption Signing and time stamping Banking Government Utilities High Tech Mobile
44 54 Any Questions?
45 54 Contact Information Ted Heiman Key Account Manager Thales e-security 2365 Bering Drive San Jose, California (cell) (office) Jose Diaz Business Development & Technical Alliances Thales e-security 900 South Pine Island Road, Suite 710 Plantation, Florida (office)
Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security
www.thales-esecurity.com Mobile Payments Applications and Challenges Jose Diaz Director, Business Development & Technical Alliances Thales e-security 2 / Verizon Data Breach Report 3 / Victim Industry
More informationMPOS: RISK AND SECURITY
MPOS: RISK AND SECURITY 2 Evolution of Payment Acceptance Consumers want to get the best deal with the minimum pain Sellers want to ensure they never turn down a sale and maximise consumer loyalty 3 Evolution
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationBuilding Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.
Building Trust in a Digital World Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd. 2 Global incidents Equivalent of 117,339 incoming attacks per day, everyday Total number
More informationEfficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules
Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g
More informationCreating a trust infrastructure to support mobile payments
www.thales-esecurity.com Thales e-security Creating a trust infrastructure to support mobile payments Hardening cryptographic security for HCE, SE, P2P and more White Paper October 2014 Contents Scope
More informationStrong data protection. Strategic business value. www.thales-esecurity.com
Someone is stalking your sensitive data. Coveting your intellectual property. Waiting for the slightest crack in the window of opportunity to hack it, misuse it, and run. How can you best protect and control
More informationHow To Protect Your Restaurant From A Data Security Breach
NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationAre You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014
Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319
More informationINFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW
Summary Purpose Business Value Product Type Technical function/certifications Product Family Name 1 General purpose Hardware Security Modules (HSMs) To securely protect cryptographic keys wherever they
More informationWhite Paper PCI-Validated Point-to-Point Encryption
White Paper PCI-Validated Point-to-Point Encryption By Christopher Kronenthal, Chief Technology Officer Contributors Executive Summary Merchants are navigating a payments landscape that continues to evolve,
More informationThe Relationship Between PCI, Encryption and Tokenization: What you need to know
October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,
More informationIS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper
IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper A data breach has the potential to cost retailers millions in lost customers and sales. In this paper we discuss a number of possible
More informationTHE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP
THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit
More informationTransitions in Payments: PCI Compliance, EMV & True Transactions Security
Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just
More informationMeet The Family. Payment Security Standards
Meet The Family Payment Security Standards Meet The Family Payment Security Standards Payment Processing Electronic payments are increasingly becoming part of our everyday lives. For most people, it can
More informationVisa Inc. PIN Entry Device Requirements
Visa Inc. PIN Entry Device Requirements The following information is applicable for Visa Inc. regions. Visa Inc. regions include Asia-Pacific (AP); Central and Eastern Europe, Middle East and Africa (CEMEA);
More informationMaking Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER
Making Cloud-Based Mobile Payments a Reality with Digital Issuance, Tokenization, and HCE WHITE PAPER Why Cloud-Based Mobile Payments? The promise of mobile payments has captured the imagination of banks,
More informationHeartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development
A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names
More informationACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD
DELIVERS PEACE OF MIND PRODUCT FLYER ACI TOKEN MANAGER FOR MOBILE: TOKEN SERVICE PROVISION, HCE AND EMBEDDED SECURE ELEMENT IN THE CLOUD ENABLE FULL SUPPORT OF THE MOBILE PAYMENTS PROCESS FOR EMBEDDED
More informationBecoming PCI Compliant
Becoming PCI Compliant Jason Brown - brownj52@michigan.gov Enterprise Security Architect Enterprise Architecture Department of Technology, Management and Budget State of Michigan @jasonbrown17 History
More informationCorbin Del Carlo Director, National Leader PCI Services. October 5, 2015
PCI compliance: v3.1 Key Considerations Corbin Del Carlo Director, National Leader PCI Services October 5, 2015 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice
More informationFighting Today s Cybercrime
SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.
More informationWhite Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer
White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure By Christopher Kronenthal, Chief Technology Officer Advanced Commerce Platform Foreword 2015 will bring incredible change and innovation
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationE2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA
E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5
More informationWhite Paper Solutions For Hospitality
White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,
More informationVoltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review
Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review Prepared for: Coalfire Systems, Inc. March 2, 2012 Table of Contents EXECUTIVE SUMMARY... 3 DETAILED PROJECT OVERVIEW...
More informationEMV and Small Merchants:
September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service
More informationAndroid pay. Frequently asked questions
Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and
More informationSimplifying Payment Card Industry Compliance
Simplifying Payment Card Industry Compliance 2014 Globalscape, Inc. All Rights Reserved. 1 Simplifying Payment Card Industry Compliance Agenda: What is PCI? Why do I need to worry about this? What changed
More informationThoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director
Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationsafe and sound processing online card payments securely
safe and sound processing online card payments securely Executive summary The following information and guidance is intended to provide key payment security advice to new or existing merchants who trade
More informationHealthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016
Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare
More informationThoughts on PCI DSS 3.0. September, 2014
Thoughts on PCI DSS 3.0 September, 2014 Speaker Today Jeff Sanchez is a Managing Director in Protiviti s Los Angeles office. He joined Protiviti in 2002 after spending 10 years with Arthur Andersen s Technology
More informationWhat s New in PCI DSS 2.0. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1
What s New in PCI DSS 2.0 2010 Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1 Agenda PCI Overview PCI 2.0 Changes PCI Advanced Technology Update PCI Solutions 2010 Cisco and/or
More informationData Security Basics for Small Merchants
Data Security Basics for Small Merchants 28 October 2015 Stan Hui Director, Merchant Risk Lester Chan Director, Merchant Risk Disclaimer The information or recommendations contained herein are provided
More informationTokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism
Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationmpos Secure Mobile Card Acceptance
www.thales-esecurity.com Thales e-security mpos Secure Mobile Card Acceptance More cards, more volume, less cash White Paper November 2013 mpos: Secure Mobile Card Acceptance Contents Scope and Target
More informationmobile payment acceptance Solutions Visa security best practices version 3.0
mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid
More informationEMV and Chip Cards Key Information On What This Is, How It Works and What It Means
EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved
More informationTokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?
FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their
More informationFive PCI Security Deficiencies of Restaurants
Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074
More informationPCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES
PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationTarget Security Breach
Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected
More informationPCI PA-DSS Requirements. For hardware vendors
PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationHow To Comply With The New Credit Card Chip And Pin Card Standards
My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationEESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.
EESTEL White Paper October 29, 2014 Apple iphone 6, Apple Pay, What else? On 2014, September 9 th, Apple has launched three major products: iphone 6, Apple Watch and Apple Pay. On October 17 th, Apple
More informationData-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security
Title Data-Centric security and HP NonStop-centric ecosystems A breakthrough strategy for neutralizing sensitive data against advanced threats and attacks Andrew Price, XYPRO Technology Corporation Mark
More informationEMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems
October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks
More informationEMV Delivery of Mobile, Parking and Unattended Payments. Elavon
EMV Delivery of Mobile, Parking and Unattended Payments Elavon Elavon-At-A-Glance Elavon s primary business model is growth through partnerships; more than 1,500 Financial Institution partners serving
More informationPoint-to-Point Encryption
Payment Card Industry (PCI) Point-to-Point Encryption Solution Requirements: Encryption, Decryption, and Key Management within Secure Cryptographic Devices (Hardware/Hardware) Initial Release: Version
More informationSELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS
SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS A RESELLER S GUIDE CONTENTS New Sales Opportunities : EMV Mandate Means New Business... 3 New POS Will Need Both EMV and PCI... 3 Growing Demand for NFC Transactions...
More informationEMV-TT. Now available on Android. White Paper by
EMV-TT A virtualised payment system with the following benefits: MNO and TSM independence Full EMV terminal and backend compliance Scheme agnostic (MasterCard and VISA supported) Supports transactions
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationAccelerating PCI Compliance
Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationCredit Card Processing Overview
CardControl 3.0 Credit Card Processing Overview Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new
More informationCoalfire Systems Inc.
Security Review Web with Page-Integrated Encryption (PIE) Technology Prepared for HP Security Voltage by: Coalfire Systems Inc. March 2, 2012 Table of contents 3 Executive Summary 4 Detailed Project Overview
More informationEnhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011
Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic
More informationEmerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER
Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options
More informationA HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY. 2016, Vantiv, LLC. All rights reserved.
A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY WHY DEALERS AND ACQUIRERS ARE PIVOTAL TO SECURING THE MERCHANT PAYMENT ENVIRONMENT. For the past fifteen
More informationContinuous compliance through good governance
PCI DSS Compliance: A step into the payment ecosystem and Nets compliance program Continuous compliance through good governance Who are the PCI SSC? The Payment Card Industry Security Standard Council
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) What is PCI SSC? A 12 year old independent industry standards body providing oversight of the development and management of Payment Card Industry
More informationNFC Application Mobile Payments
NFC Application Mobile Payments Public MobileKnowledge June 2014 Agenda Introduction to payments Card based payments Mobile based payments NFC based payments mpos solutions NXP Product portfolio Successful
More informationSecure SSL, Fast SSL
Citrix NetScaler and Thales nshield work together to protect encryption keys and accelerate SSL traffic With growing use of cloud-based, virtual, and multi-tenant services, customers want to utilize virtual
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationSection 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015
Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationPREVENTING PAYMENT CARD DATA BREACHES
NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction
More informationYour Customers Want Secure Access
FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers
More informationrguest Pay Gateway: A Solution Review
rguest Pay Gateway: A Solution Review TABLE OF CONTENTS Introduction...3 Why P2PE?...4 PCI P2PE Standards...4 Buyer Beware...6 PCI DSS Scope Reduction...6 P2PE Payment Terminals...7 The Payment Information
More informationPCI Compliance. Top 10 Questions & Answers
PCI Compliance Top 10 Questions & Answers 1. What is PCI Compliance and PCI DSS? 2. Who needs to follow the PCI Data Security Standard? 3. What happens if I don t comply? 4. What are the basic requirements
More informationPuzzled about PCI compliance? Proactive ways to navigate through the standard for compliance
Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com
More informationEncryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013
Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of
More informationPCI Compliance. What is New in Payment Card Industry Compliance Standards. October 2015. cliftonlarsonallen.com. 2015 CliftonLarsonAllen LLP
cliftonlarsonallen.com PCI Compliance What is New in Payment Card Industry Compliance Standards October 2015 Overview PCI DSS In the beginning Each major card brand had its own separate criteria for implementing
More informationFive PCI Security Deficiencies of Restaurants
WHITE PAPER Five PCI Security Deficiencies of Restaurants Five PCI Security Deficiencies of Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus - Chief
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationThales e-security Key Isolation for Enterprises and Managed Service Providers
Thales e-security Key Isolation for Enterprises and Managed Service Providers Technical White Paper May 2015 Contents 1. Introduction 1. Introduction... 2 2. Business Models.... 3 3. Security World...
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCross-channel payment solutions ABI CARTE 2015, ROMA, 5 NOVEMBRE 2015 VINCENZO ROMEO EASTERN EUROPE & AFRICA INNOVATION DIRECTOR
Cross-channel payment solutions ABI CARTE 2015, ROMA, 5 NOVEMBRE 2015 VINCENZO ROMEO EASTERN EUROPE & AFRICA INNOVATION DIRECTOR 1 The need for cross-channel payment solutions 3 mpos Solutions Challenges
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationCardControl. Credit Card Processing 101. Overview. Contents
CardControl Credit Card Processing 101 Overview Credit card processing is a very complex and important system for anyone that sells goods. This guide will hopefully help educate and inform new and old
More informationPCI and EMV Compliance Checkup
PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations
More informationPCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.
PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information
More informationThe future of contactless mobile payment: with or without Secure Element?
The future of contactless mobile payment: with or without Secure Element? By Sylvain Godbert, mobile payment and security expert at Nextendis By Jean-Philippe Amiel, director of Nextendis February, 2015
More informationPCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015
PCI P2PE 2.0 What Does it Mean for Merchants and Processors? September 10, 2015 Agenda Housekeeping Presenters About Conexxus Presentation Q& A 2015 Conexxus Webinar Schedule* Month/Date Webinar Title
More informationPayment Card Industry Data Security Standards
Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This
More informationInitial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance
Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version
More informationAdyen PCI DSS 3.0 Compliance Guide
Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants
More informationVersion 7.4 & higher is Critical for all Customers Processing Credit Cards!
Version 7.4 & higher is Critical for all Customers Processing Credit Cards! Data Pro Accounting Software has met the latest credit card processing requirements with its release of Version 7.4 due to the
More informationStronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"
!!!! Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement" Here$is$a$simple,$cost$effective$way$to$achieve$transaction$security$for$ mobile$payments$that$allows$easy$and$secure$provisioning$of$cards.$
More informationPayment Security Update
Payment Security Update Rick Dakin, CEO & Cofounder October 2, 2014 Agenda Coalfire Introduction Changing Environment Threats Technology Compliance Mobile Security Recent Data Breaches Risk Management
More informationIs the PCI Data Security Standard Enough?
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
More information