Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE"

Transcription

1 Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

2 Complete Campus Coverage With the complexity of a college campus ecosystem as varied as the development office to the campus hotel, to the football stadium and the food trucks, university Treasury and IT departments are looking for solutions that are more secure, more centralized and easier to manage. The challenge of maintaining PCI DSS compliance is intensified because in many cases, disparate groups around the campus are managing multiple service providers and technologies. This can lead to siloed payments solutions and a maze of providers and compliance requirements. College campuses, like any large enterprise with highly diversified payments use cases, require a comprehensive set of solutions that can accommodate online, offline and emerging payment technologies. FreedomPay s Validated P2PE solution offers PCI scope-reducing benefits across entire college campus. The secure transaction framework applies to all payments methodologies, including credit, debit, EMV, NFC and online. PCI Scope Reduction With Validated P2PE The PCI Security Standards Council codified a gold standard for payment encryption practices, or Validated Point-to-Point Encryption (P2PE). The Validated P2PE standard dictates that the payment data is encrypted at the point-of-interaction and decrypted entirely outside of the merchant s environment.this ensures that no sensitive cardholder data passes through the merchant s POS in an unencrypted state. Because card data is completely segmented from the merchant s POS and network, Validated P2PE offers merchants a reduction in scope for their annual PCI DSS compliance, with substantially fewer controls to manage and document. However, the PCI scope-reducing benefits of a Validated P2PE solution are contingent on eliminating all unencrypted cardholder data from the merchant s environment, which, for the diverse requirements of college campuses, demands a robust set of payment capabilities and integrations for online and offline transactions 2014 FreedomPay, Inc. 1

3 Advanced Commerce Platform EMV Certification 2015 is an inflection point for payments, with the U.S. set to adopt the EMV (chip-and-pin, chipand-signature) standard that is prevalent around the world. The major card brands have aligned around the EMV standard and are mandating that merchants and card issuers upgrade to the new technology or they face liability for fraud and chargebacks. When the liability shift occurs, if there is an incidence of card fraud, whichever party in the value chain has the lesser technology will bear the liability. The EMV card offers additional security protections against card fraud, but does not actually encrypt the payment data in the merchant s environment. In fact, Stephen Orfei, the General Manager of the PCI Security Standards Council, stated that EMV chip technology does not protect against malware attacks like those we have been reading about in the news, nor does it prevent card-not-present attacks. It is the combination of EMV and security solutions like PCI P2PE that can truly secure payment data and mitigate the merchant s risk of fraud and compromise. NFC Mobile Wallets The emergence of Apple Pay has re-ignited the NFC mobile wallet space. Apple, Google, Samsung, Microsoft and PayPal, among others, are competing to provide the most convenience and most value-added services for their customers to leverage mobile wallet technology. For many merchants, who have been holding off on accepting NFC payments since their introduction several years ago, are now facing pressure from consumers to accept mobile payments. With smartphones ubiquitous on college campuses and mobile payments gaining rapid adoption, NFC acceptance is becoming an increasingly important factor in the payments landscape. Online Payments Online payments through a virtual terminal or e-commerce website can expose card data to the network, keeping it within the scope of PCI compliance. Credit card data is often processed as a card not-present transaction, even when the customer is able to present their card in person. Finding new ways to process payments online can increase security, reduce scope, lower interchange fees and add new functionality FreedomPay, Inc.

4 Use Case 1: The Dining Hall Campus dining facilities and convenience stores typically accept both student ID cards and Reduce PCI Scope Across Campus credit cards for payment, exposing them to PCI compliance scrutiny. FreedomPay s integration toolkit enables rapid integration of POS systems into the Validated P2PE framework, thereby reducing PCI scope and solving for EMV. Leading systems such as MICROS, Agilysys, Revel Systems and Digital Dining are already certified to the P2PE platform, with additional POS providers joining the solution regularly. For many campuses, the food service operation is self-managed, and the IT department or Treasury is responsible for the merchant ID and compliance. For others, dining operations are managed through a third party service provider that owns the merchant IDs and potentially even the POS equipment. Many universities have implemented stand-alone payment terminals that are not on the network in an effort to eliminate card data from their systems. FreedomPay has experience working with the major U.S. contract food service providers and can work with campus administrators to implement a scope-reducing Validated P2PE solution even with the presence of a third party service provider. Use Case 2: The Food Trucks Small merchants around campus like the food trucks, event and festival vendors and pop-up retail partners need to be on the cutting edge of technology, traveling light and fast with tablets and mobile card swipe devices. The PCI challenge for these small but popular merchants is the amount of payment data they generate and where it goes. FreedomPay s P2PE framework and PCI Validated mobile devices enables these mobile merchants to accept secure payments and transport the data through the network in a P2PE Validated environment. All of the mobile devices certified in the FreedomPay framework accept EMV, NFC and magstripe payments, with Bluetooth, Wi-Fi or cellular connectivity. The mobile devices and integrated POS systems will even support offline payments FreedomPay, Inc. 3

5 Advanced Commerce Platform Use Case 3: The Development Office Accepting payments through a call center or e-commerce website can expose card data into the university network. For a university development office or other business office that is collecting donations and selling tickets to events, many of the technologies used today can expose sensitive payment information to the university s network, keeping them in scope for compliance. For an e-commerce website transaction, FreedomPay s Hosted Payment Page integrates with e-commerce website platforms to remove all payment data from the merchant s online environment. This takes all PCI data out of scope and wraps it within PCI s highest standard for security. For in-person payments at events, or for payments over the phone, FreedomPay s Merchant Portal functions as a web-based POS running through a browser. The P2PE Validated payment terminal or secure keypad connects via USB to a computer to accept payments. For in-person events, the merchant can accept EMV and NFC payments, and pay card-present interchange rates compared to the standard online payments rates typically handled by virtual terminals. PAY Use Case 4: The Campus Hotel Hotels are complex payment environments with retail, restaurant, e-commerce and lodging all within the same merchant footprint. FreedomPay is uniquely positioned to solve for all hospitality use cases with a comprehensive, PCI Validated solution. FreedomPay is integrated with Property Management Systems (PMS) solutions from MICROS and Agilysys, as well as leading retail and restaurant POS systems from Revel, Digital Dining and other platforms. In 2015 FreedomPay will enable Pay at Table with EMV, enabling full service restaurants to deliver a payment device to the table with the bill for consumers to conduct the transaction. Many universities receive foreign travelers, and offering Dynamic Currency Conversion (DCC) at check-in enables the consumer to pay a favorable exchange rate. Online, the FreedomPay Payment Information Proxy tokenizes reservation data and removes it from scope when the consumer books a room on a third-party system like Expedia or Travelocity. www FreedomPay, Inc.

6 Use Case 5: The Football Stadium Stadiums and arenas are major revenue generators for campuses, and the PCI data exposure in those facilities needs to be secured. FreedomPay has been working with service providers to many campus stadiums to implement P2PE, and the implications can be sizable from a compliance perspective. Payment terminals in the fast paced world of concessions have to be durable and dependable. And in the event of a failure, procedures need to exist to hot-swap the device on the fly without crippling the lines. FreedomPay provides a PCI Validated process on managing and implementing backup devices securely or requesting an RMA and a replacement. Consumers are rapidly expecting the ability to pay by mobile, and particularly at stadiums, speeding up checkout is critical. In suites and boxes, a mobile payment terminal helps attendants serve customers without them missing a play. Even before the fans get to the game, they may be buying tickets on the university s website, or at Ticketmaster. With Ticketing Tokenization technology, FreedomPay truly removes all PCI data from the campus infrastructure. Use Case 6: The Police Station The business of a police station, even municipal court functions, involves paying fines and fees. Despite the presence of the police, the payment data on the network is typically not as secure as it could be. The unlikely culprit of a PCI data exposure on the network may be the campus police. FreedomPay can provide stand-alone terminals that are not tied to a POS system, or secure payment terminals connected to the merchant portal to handle card-present payments FreedomPay, Inc. 5

7 Advanced Commerce Platform The Difference PCI Validation Makes In 2012 and 2013, the PCI Security Standards Council released the PCI P2PE Standard: a set of controls that aimed to provide some clarity and definition around point-to-point encryption. The PCI P2PE standard contains detailed security requirements and testing procedures for application vendors and providers of P2PE solutions to ensure that their solutions can meet the necessary requirements for the protection of payment card data. As stated on the PCI Security Standards Council s listing of Validated P2PE Solutions, When correctly implemented, these P2PE solutions may simplify merchants PCI compliance programs by eliminating clear-text cardholder data from their environment and reducing the scope of PCI DSS requirements. There are three core principles underlying PCI-Validated solutions: Hardware to hardware encryption and decryption with a POI (point-of-interaction) device that has SRED (Secure Reading and Exchange of Data) listed as a function and is enabled. Certified to have a validated secure distribution channel. This means that the entire chain of custody of the POI devices follow strict controls regarding shipping, receiving, tamper-evident packaging and installation. P2PE Instruction Manual (PIM) that guides the merchant on POI device use, storage, return for repairs and regular PCI reporting. To earn validation, P2PE solution providers have the responsibility for ensuring that their P2PE solutions satisfy all requirements of the P2PE standard. As a requirement for the P2PE solution assessment, the P2PE solution provider must provide the P2PE assessor with all required documentation, software, access to facilities and access to third-party service providers used in connection with the P2PE solution. The PCI P2PE standard encompasses close to a thousand individual controls governing encryption and decryption methodologies, software applications, device management and operations related to distribution and cryptographic key injection facilities. FreedomPay s P2PE solution, which earned PCI validation in August 2014, offers merchants this unparalleled payments security and functionality FreedomPay, Inc.

8 P2PE Payment Terminals Core to the PCI-Validated P2PE solution is the Secure Reading and Exchange of Data (SRED) module, designed to encrypt data at the Point-of-Interaction. The SRED module applies the security and cryptographic protection of PIN data to the reading of card data presented by magnetic stripe, EMV, contactless/nfc, and manual entry. In order for P2PE to be in the SRED module, the encryption key management and encryption of the cardholder data must be done in the device s security processor. This and other P2PE program aspects must be in firmware, as opposed to being in the application. The firmware is reviewed and certified as meeting the SRED requirements by a PCI approved laboratory. FreedomPay s P2PE solution utilizes SRED-enabled payment terminals from Ingenico Group that offer choice and flexibility to solve for a variety of use cases. All of the devices that FreedomPay provides support traditional magnetic stripe payments, and also alternative and emerging payment methodologies such as EMV and NFC. Devices Devices supported by the FreedomPay PCI Validated P2PE Solution Include: iwl Series ipp350 isc FreedomPay, Inc. 7

9 Advanced Commerce Platform PCI Compliance It is incumbent on merchants to work with their QSA on vetting fact from fiction. Only PCI Validated P2PE solutions have been thoroughly audited and evaluated, and can deliver the merchant benefits of security assurance and true scope reduction. As security and integrity are critical to maintaining a University or College s reputation and the trust of faculty, students, and alumni, it is of prime importance to pro-actively protect all sensitive information that is entrusted to the University or College. Coalfire has worked with many large universities and colleges around the country. The firm understands the unique requirements of Student Information Systems, sports programs, parking systems, bookstores, and more. Coalfire s experience is that higher education institutions typically have complex governance, multiple payment mechanisms, and the need to constantly adapt to the needs of their diverse communities. This often results in significant effort during assessments ensuring that all payment channels are identified, even before assessing PCI DSS compliance of each channel. This situation also results in the risk that a department may create a new payment channel without being aware of the need for PCI compliance. These unintentionally non-compliant channels are a risk to the institution. Adopting a uniform, adaptable P2PE solution, like FreedomPay, enables institutions to continue to use installed Point-of-Sale (POS) systems and implement new POS systems with the security assurances of P2PE and without the need for applying all PCI DSS controls to any of the POS systems or networks. Uniform use of a PCI P2PE solution, like FreedomPay, provides our PCI Qualified Security Assessors (QSA) with a greater confidence that an institution has appropriate controls for credit card data and streamlines assessments. For more information about PCI Validated P2PE and FreedomPay s solutions for higher education, please contact a payment security expert at FreedomPay, Inc.

10 FreedomPay Inc. Five Radnor Corporate Center 100 Matsonford Road, Suite 100 Radnor, Pennsylvania USA Toll Free: Tel: Fax: FreedomPay, Inc.

White Paper Solutions For Hospitality

White Paper Solutions For Hospitality White Paper Solutions For Hospitality Foreword Addressing the complexity of a hospitality ecosystem as varied as the front desk to the parking garage, to the restaurant, the website, and the call center,

More information

White Paper PCI-Validated Point-to-Point Encryption

White Paper PCI-Validated Point-to-Point Encryption White Paper PCI-Validated Point-to-Point Encryption By Christopher Kronenthal, Chief Technology Officer Contributors Executive Summary Merchants are navigating a payments landscape that continues to evolve,

More information

rguest Pay Gateway: A Solution Review

rguest Pay Gateway: A Solution Review rguest Pay Gateway: A Solution Review TABLE OF CONTENTS Introduction...3 Why P2PE?...4 PCI P2PE Standards...4 Buyer Beware...6 PCI DSS Scope Reduction...6 P2PE Payment Terminals...7 The Payment Information

More information

White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer

White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure By Christopher Kronenthal, Chief Technology Officer Advanced Commerce Platform Foreword 2015 will bring incredible change and innovation

More information

Secure Payments Framework Workgroup

Secure Payments Framework Workgroup Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration

More information

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Transitions in Payments: PCI Compliance, EMV & True Transactions Security Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just

More information

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com Flexible and secure payment solution acceo tender retail payment solution tender-retail.acceo.com Take control of your payment transactions ACCEO Tender Retail is a specialized middleware that handles

More information

PCI Point To Point Encryption (P2PE) An Overview

PCI Point To Point Encryption (P2PE) An Overview PCI Point To Point Encryption (P2PE) An Overview Moderator Name: Erik Winkler Panelists Names: Sonjay Shepherd HiTouch Business Services, Adam Sommer MasterCard Definition of consists of cardholder data

More information

Adyen PCI DSS 3.0 Compliance Guide

Adyen PCI DSS 3.0 Compliance Guide Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants

More information

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI

More information

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS A RESELLER S GUIDE CONTENTS New Sales Opportunities : EMV Mandate Means New Business... 3 New POS Will Need Both EMV and PCI... 3 Growing Demand for NFC Transactions...

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

Point-to-Point Encryption (P2PE)

Point-to-Point Encryption (P2PE) Payment Card Industry (PCI) Point-to-Point Encryption (P2PE) Frequently Asked Questions for PCI Point-to- Point Encryption (P2PE) August 2012 Frequently Asked Questions (FAQs) For PCI Point-to-Point Encryption

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Best practices for choosing and integrating a mobile payments platform. A GlobalOnePay White Paper

Best practices for choosing and integrating a mobile payments platform. A GlobalOnePay White Paper Best practices for choosing and integrating a mobile payments platform A GlobalOnePay White Paper Mobile commerce (mcommerce) purchases and in-app payments made on mobile devices are rapidly becoming just

More information

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016 PRESENTER BIOS Michael Fidler Vice President Elavon Healthcare Payment Solutions Michael D. Fidler is Vice President, Healthcare

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY. 2016, Vantiv, LLC. All rights reserved.

A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY. 2016, Vantiv, LLC. All rights reserved. A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY A HOLISTIC APPROACH TO MERCHANT PAYMENT SECURITY WHY DEALERS AND ACQUIRERS ARE PIVOTAL TO SECURING THE MERCHANT PAYMENT ENVIRONMENT. For the past fifteen

More information

Grow with our omni-channel payment processing technologies and merchant services.

Grow with our omni-channel payment processing technologies and merchant services. Grow with our omni-channel payment processing technologies and merchant services. Get ready for growth Payment processing solutions ecommerce mcommerce In-app payments Virtual terminal Card present EMV

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

Making Sense of the PCI Puzzle

Making Sense of the PCI Puzzle Making Sense of the PCI Puzzle Sponsored By: A guide to organizing your merchant accounts on campus Contributors from Coalfire Systems, Inc. Joseph Tinucci Justin Orcutt Eva Araya 1 The Big Picture Navigating

More information

Revenue Security and Efficiency

Revenue Security and Efficiency Revenue Security and Efficiency Discussion with the Mid-Atlantic Oracle Applications Users Group CardConnect Solution Oracle EBS Validated Application Oracle EBS Validated Application Securing Payment

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard

PCI Compliance. Crissy Sampier, Longwood University Edward Ko, CampusGuard PCI Compliance Crissy Sampier, Longwood University Edward Ko, CampusGuard Agenda Introductions PCI DSS 101 Chip Cards (EMV) Longwood s PCI DSS Journey Breach Statistics Shortcuts to PCI DSS Compliance

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire Instructions and Guidelines Version 3.2 May 2016 Document Changes Date Version Description October 1, 2008 1.2 October 28,

More information

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation www.nccusa.com

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation www.nccusa.com The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses Making the customer payment process convenient,

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

Increase Efficiency, Maximize Profits, and Secure Guest Confidence.

Increase Efficiency, Maximize Profits, and Secure Guest Confidence. Increase Efficiency, Maximize Profits, and Secure Guest Confidence. Agilysys InfoGenesis POS technology innovation solutions Grow Your Business with POS Functionality that Never Quits If you ve ever struggled

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

global leader in seamless payment

global leader in seamless payment global leader in seamless payment ingenico group / welcome ingenico group / discover the global leader in seamless payment ingenico group / empowering in-store, online and mobile commerce Philippe Lazare

More information

Apple Pay. Frequently Asked Questions UK Launch

Apple Pay. Frequently Asked Questions UK Launch Apple Pay Frequently Asked Questions UK Launch Version 1.0 2015 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of

More information

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material

More information

Mobile Payment Solutions: Best Practices and Guidelines

Mobile Payment Solutions: Best Practices and Guidelines Presented by the Mobile Payments Committee of the Electronic Transactions Association Mobile Payment Solutions: Best Practices and Guidelines ETA s Best Practices and Guidelines for Mobile Payment Solutions

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES CUTTING THROUGH THE COMPLEXITY AND CONFUSION Over the years, South African retailers have come under increased pressure to gain PCI DSS (Payment Card Industry

More information

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options

More information

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc. PCI 3.1 Changes Jon Bonham, CISA Coalfire System, Inc. Agenda Introduction of Coalfire What does this have to do with the business office Changes to version 3.1 EMV P2PE Questions and Answers Contact Information

More information

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance March 29, 2012 1:00 p.m. ET If you experience any technical difficulties, please contact 888.228.0988 or support@learnlive.com

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

PCI DSS v3.0 SAQ Eligibility

PCI DSS v3.0 SAQ Eligibility http://www.ambersail.com Disclaimer: The information in this document is provided "as is" without warranties of any kind, either express or implied, including, without limitation, implied warranties of

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT Understanding PCI DSS Version 3.0 Key Changes and New Requirements November 8, 2013 On November 7, 2013, the PCI Security Standards Council (PCI SSC) announced the release

More information

OKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE

OKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE OKLAHOMA STATE UNIVERSITY STUDENT UNION HOW IT SERVES OTHERS THROUGH PCI COMPLIANCE TRACIE BROWN ASSOCIATE DIRECTOR OF ADMINISTRATIVE SERVICES MIKE PEASTER INFORMATION TECHNOLOGY MANAGER THE QUESTIONS

More information

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide

More information

WIRELESS - GPRS iwl250 POS SOLUTION

WIRELESS - GPRS iwl250 POS SOLUTION WIRELESS - GPRS iwl250 POS SOLUTION In this report, MONEXgroup presents the iwl250 Wireless POS Solution designed for mobility and accessibility of service. For businesses on-the-move, the iwl250 delivers

More information

Apple Pay. Frequently Asked Questions UK

Apple Pay. Frequently Asked Questions UK Apple Pay Frequently Asked Questions UK Version 1.0 (July 2015) First Data Merchant Solutions is a trading name of First Data Europe Limited, a private limited company incorporated in England (company

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information

Plotting a Course for EMV Compliance

Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance Plotting a Course for EMV Compliance PCI compliance...emv compliance by now, you ve heard repeatedly that your store or restaurant must be EMV-compliant by the recently

More information

PCI Risks and Compliance Considerations

PCI Risks and Compliance Considerations PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction

More information

The Relationship Between PCI, Encryption and Tokenization: What you need to know

The Relationship Between PCI, Encryption and Tokenization: What you need to know October 2014 The Relationship Between PCI, Encryption and Tokenization: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems,

More information

NCR Secure Pay FAQ Updated June 12, 2014

NCR Secure Pay FAQ Updated June 12, 2014 NCR Secure Pay FAQ Updated June 12, 2014 Contents What is NCR Secure Pay?... 1 What is the value of NCR Secure Pay?... 2 Host-based Settlement... 2 Token Replacement... 2 Point-to-Point Encryption (P2PE)...

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors.

To ensure independence, PSC does not represent, resell or receive commissions from any third party hardware, software or solutions vendors. About PSC With offices in the USA, Canada, UK and Australia, PSC is a leading PCI, PA DSS, and P2PE assessor, PCI Forensics Company and Approved Scanning Vendor. PSC is one of an elite few companies qualified

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

EMV Defined. Near Field Communications (NFC) Card brand mandates and incentives for EMV Allegiance s EMV plans

EMV Defined. Near Field Communications (NFC) Card brand mandates and incentives for EMV Allegiance s EMV plans EMV Defined Near Field Communications (NFC) Card brand mandates and incentives for EMV Allegiance s EMV plans 2 2 EMV Defined 4 EMVCo s primary purpose since 1994 is to define a global standard for credit

More information

Practically Thinking: What Small Merchants Should Know about EMV

Practically Thinking: What Small Merchants Should Know about EMV Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper

Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper Security & Encryption in Healthcare Payments PCI DSS Technical Assessment White Paper June 05 White Paper Author: Andrey Sazonov CISA, QSA, PA-QSA asazonov@coalfire.com Nick Trenc QSA, PA-QSA nick.trenc@coalfiresystems.com

More information

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015 PCI P2PE 2.0 What Does it Mean for Merchants and Processors? September 10, 2015 Agenda Housekeeping Presenters About Conexxus Presentation Q& A 2015 Conexxus Webinar Schedule* Month/Date Webinar Title

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Bob Russo, General Manager 2013 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI Council Open, global forum Founded 2006 Guiding open standards for

More information

Payments simplified. 1

Payments simplified. 1 1 Payments simplified. T H E PAY M E N T I N D U S T RY A I N T W H AT I T U S E D T O B E 2 Complexity is increasing, More change in next 5, than last 50 Emerging payments / loyalty / rewards / coupons

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions IN-STORE ON-THE-GO ONLINE Accept secure debit and credit card

More information

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.

1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches. Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown

More information

Spotlight on Product & Service: Worldpay - End-to-End Payments Secure Platform at Most Cost-Effective Rates. Accept payments. Anywhere. Anytime.

Spotlight on Product & Service: Worldpay - End-to-End Payments Secure Platform at Most Cost-Effective Rates. Accept payments. Anywhere. Anytime. Newsletter Vol. 87 - Introduction Softengine News is dedicated to keeping you up to date with the latest information regarding SAP Business One systems, Softengine solutions and Best Business Practices.

More information

First Data ISO Reseller Program. Build an independently operated business with outstanding long term income potential.

First Data ISO Reseller Program. Build an independently operated business with outstanding long term income potential. First Data ISO Reseller Program Build an independently operated business with outstanding long term income potential. First Data is an industry leader in providing payment solutions, working closely with

More information

Mobile Near-Field Communications (NFC) Payments

Mobile Near-Field Communications (NFC) Payments Mobile Near-Field Communications (NFC) Payments OCTOBER 2013 GENERAL INFORMATION American Express continues to develop its infrastructure and capabilities to support growing market interest in mobile payments

More information

EMV FAQs for developers

EMV FAQs for developers EMV FAQs for developers You accept the Information presented herein as is, without any representation as to its accuracy or completeness. What are the three levels of EMV certification? There are three

More information

PCI PA-DSS Requirements. For hardware vendors

PCI PA-DSS Requirements. For hardware vendors PCI PA-DSS Requirements For hardware vendors PCI security services UL's streamlined PCI PA-DSS certification services get your product to market faster. UL is world leader in advancing safety. Through

More information

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance Emerging Technology Whitepaper Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance For Transmissions of Cardholder Data and Sensitive Authentication Data Program Guide Version

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock

PCI DSS 3.0 Overview. OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock PCI DSS 3.0 Overview OSU Business Affairs Business Affairs PIT Crew - Project, Improvement, & Technology Robin Whitlock 01/16/2015 Purpose of Today s Presentation To provide an overview of PCI 3.0 based

More information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History

More information

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions. www.monexgroup.com E-Commerce SOLUTIONS In this report, MONEXgroup examines various types of online payment processing and E-Commerce Solutions. The tremendous transition towards online shopping stores in Canada has opened

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

End-to-end Encryption for E-Commerce Payments using Voltage SecureData Web

End-to-end Encryption for E-Commerce Payments using Voltage SecureData Web Technical Brief using Voltage SecureData Web Introduction Today, merchants accepting card-not-present payments on the web are concerned about three major issues affecting their business with respect to

More information

Payment terminals for your point of sale

Payment terminals for your point of sale Payment Services Payment terminals for your point of sale SIX Payment Services offers nationally and internationally active customers tailored solutions in both the presence and distance businesses. 2

More information

The Comprehensive, Yet Concise Guide to Credit Card Processing

The Comprehensive, Yet Concise Guide to Credit Card Processing The Comprehensive, Yet Concise Guide to Credit Card Processing Written by David Rodwell CreditCardProcessing.net Terms of Use This ebook was created to provide educational information regarding payment

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

Integrated Payment Solutions

Integrated Payment Solutions Payment Services Integrated Payment Solutions for hospitality, parking and web Tailor-made payment solutions for your business. 2 SIX Payment Services The right choice SIX Payment Services provides financial

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon

EMV Delivery of Mobile, Parking and Unattended Payments. Elavon EMV Delivery of Mobile, Parking and Unattended Payments Elavon Elavon-At-A-Glance Elavon s primary business model is growth through partnerships; more than 1,500 Financial Institution partners serving

More information

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

ACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods.

ACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods. PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce

More information

ACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods.

ACFS PRODUCT FLYER. Its modular architecture allows a tailored integration, with a short time-to-market for different payment methods. PRODUCT FLYER Internet Gateway Financial Systems is a modular software suite designed to support financial institutions and enterprises, providing a single interface for the optimized management of e-commerce

More information

Attestation of Compliance for Onsite Assessments Service Providers

Attestation of Compliance for Onsite Assessments Service Providers Attestation of Compliance Service Providers Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 2.0 October 2010 Instructions for

More information

ACFS PRODUCT FLYER MTFS

ACFS PRODUCT FLYER MTFS PRODUCT FLYER Mail Telephone Order Financial Systems is a fully-featured, modular software suite designed to support financial institutions and enterprises in the management and optimization of recurring

More information

Android pay. Frequently asked questions

Android pay. Frequently asked questions Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and

More information

A RE T HE U.S. CHIP RULES ENOUGH?

A RE T HE U.S. CHIP RULES ENOUGH? August 2015 A RE T HE U.S. CHIP RULES ENOUGH? A longer term view of security and the payments landscape is needed. Abstract: The United States is finally modernizing its card payment systems and confronting

More information

NCR CONNECTED PAYMENTS The vision for payment acceptance in restaurants

NCR CONNECTED PAYMENTS The vision for payment acceptance in restaurants NCR CONNECTED PAYMENTS The vision for payment acceptance in restaurants For more information visit ncr.com or contact us at hospitality.information@ncr.com A winning combination of payment security and

More information