WHITE PAPER SECURE PAYMENTS: A MULTI-PRONGED APPROACH

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "WHITE PAPER SECURE PAYMENTS: A MULTI-PRONGED APPROACH"

Transcription

1 SECURE PAYMENTS: A MULTI-PRONGED APPROACH EMV, ENCRYPTION, TOKENIZATION & SECURE COMMERCE ARCHITECTURE

2 With the pressure being put upon merchants these days to become EMVcompliant, it may be confusing for many as to why they must do so and, indeed, what EMV actually is. There is also the misconception that EMV alone guarantees payment security when, in fact, EMV is simply one component of a secure solution. Along with EMV, encryption and tokenization are equally important for protecting merchants and cardholders alike against payment fraud, while Verifone s Secure Commerce Architecture (SCA) puts additional security measures in place for an optimal solution. WHAT IS EMV? In 1994, Europay International, MasterCard and Visa created EMV, a worldwide standard for the interaction of chip-based smart cards and approved payment devices. An EMV chip card is a standard credit or debit card with a microprocessor chip inset into the plastic. The authentication of this chip card prevents counterfeiting and adds cardholder PIN verification methods for card-present situations, offering both online and offline authorizations. By itself, EMV exposes data in transit and at rest. Sensitive data remains in the clear, susceptible to data breaches. While other countries have seen substantial counterfeit card fraud reductions up to 56% in the UK, for example the US market has resisted implementing EMV due to the expense of reissuing cards and updating payment systems. Now, however, with American card brands desire to accelerate EMV chip card adoption in the US, a liability shift is going into effect in October 2015 (or 2017 for fuel pumps). Once the shift takes place, if fraud occurs on an EMV chip-capable card and the merchant is not EMV-capable, the acquirer or merchant, rather than the issuer, will be held liable for the counterfeit transaction. EMV certification typically takes several months. Despite the attention EMV is getting, which may lead merchants to believe that EMV is the end-all, be-all of payment security, it does not actually guarantee secure transactions on its own. Chip cards do not protect against theft of the primary account number (PAN) or expiration date; this means that the theft of chip transaction details has the potential to result in cross-channel fraud in card-not-present (CNP) environments, such as online or over the phone. Case in point: In every country that has migrated to EMV, online fraud has grown. EMV alone is not enough to be a secure solution because it is intended to authenticate the issued cards only, preventing counterfeit card usage at the point of sale (POS). By itself, EMV exposes data in transit and at rest. It does not fulfill PCI DSS requirements, nor does it protect the confidentiality of cardholder and sensitive authentication data. Sensitive data remains in the clear, susceptible to data breaches. In short, EMV is card authentication, not data protection. 2

3 THE IMPORTANCE OF ENCRYPTION AND TOKENIZATION Encryption Encryption is used to protect data from malware and other threats while it is in transit, whether within the merchant s internal systems or during transmission to payment processors. At its most basic level, the encryption process obscures the account data, encoding it so that it cannot be understood without the corresponding decryption system. End-to-end encryption (E2EE) means that the credit card number is encrypted at the first point of interaction swipe, insert, tap or manual entry of the card number and stays encrypted through the entire authorization process until it is decrypted at the acquirer. Verifone currently offers two of the most prevalent types of encryption in the payments market today: 1. VeriShield Total Protect AES 128-bit encryption, supported by nine of the top 11 payments processors in the US; and 2. ADE Triple DES encryption with DUKPT key management. Verifone also works with clients to support other types of encryption, such as: RSA Public/Private Key (PKI); and SecureData identity-based encryption from Voltage. Each of these methods employs a different encryption algorithm and uses different encryption key management. Implementations vary widely, as some are complete packages, while others are more do-it-yourself. Each encryption method also requires a back-end infrastructure for decryption of the payment data, which can take place at a merchant-based or gateway switch, or at the merchant s payment processor. Tokens Merchants cannot use encrypted PANs within their own back-end systems or with chargeback and retrieval systems because the encryption for each transaction is unique. In this case, tokens replace the PAN with a unique surrogate value and protect data at rest. The token has no direct relationship with the data it replaces and cannot be reversed by the merchant or any thief. Tokens are typically card-based, meaning each one has a one-to-one relationship with an account number; the same token will always be returned for a specific PAN. Merchants use tokens to replace previously stored PANs for any post-authorization activities, eliminating the storage of cardholder data. There are various types of tokens, generated by a bank or payment switch vendor, and these can be used even in CNP transactions, usually coupled with encryption. Token implementation is often done in tandem with encryption start-up. 3

4 Payment Security: Solution Summary Security Threats Security Measures Counterfeit cards Lost/stolen cards* In-store sales Online sales EMV Encryption Tokenization EMV Encryption Tokenization P P Breach (data at rest) P P P P Breach (data in flight) P P P P Reuse of breached data P P P P *When used with a PIN SECURE COMMERCE ARCHITECTURE Over and above encryption and tokenization, Verifone s Secure Commerce Architecture (SCA) eliminates the potential for card data breaches by removing the POS system from the payment transaction flow. As such, SCA also removes the POS from the scope of card brand and acquirer-specific EMV certifications; using the SCA agent, Verifone devices become semi-integrated to the payment processor or Verifone gateway. 4

5 In the semi-integrated model, the terminal is securely connected to the merchant acquirer. The POS does not participate in the payment message, which means it is not part of the EMV certification process. Transaction data is not vulnerable to hacking on the merchant s POS. SCA provides a variety of benefits: In the semi-integrated model, the POS does not participate in the payment message, and transaction data is not vulnerable to hacking. Best-in-class security. The SCA payment app is PA DSS-validated and listed for Verifone s MX and VX devices. Verifone is working toward full PCI P2PE 2.0 component validation for SCA against the new 2.0 standard released in July EMV in a box. SCA supports EMV via an authorization message that Verifone certifies via a gateway service or processor/acquirer direct. Verifone manages certification. Simple POS integration. POS integration typically takes two to four weeks. A single integration supports all of Verifone s latest device offerings. Speeding up adoption of new payment technologies. Abstracting the POS from payment complexity allows merchants to innovate with payments moving forward, including wallets, offers, beacons and beyond. Ongoing support. Verifone is committed to the ongoing development, evolution and compliance of the SCA app well into the future. SCA solution Verifone s SCA solution is called Point, which includes Verifone Estate Manager. Point is a comprehensive payment solution designed to help merchants simplify payments, speed payment innovation, improve payment security and reduce PCI scope in the face of increasing cost, complexity and compliance requirements for payment-related technologies. Point is payment complexity made simple. Verifone Estate Manager is a next-generation estate management tool that is an integral part of Point, though it does not require SCA for its functionality. Merchants can remotely manage, monitor and update their entire estate of terminals and payment devices. SUMMARY For the strongest possible protection from fraud, Verifone recommends that merchants use all of the above technologies jointly. To summarize, EMV cannot stand alone in providing payment security; it needs encryption and tokenization to shield cardholder data from predators at all points of the payment process. Merchants can further benefit from Secure Commerce Architecture, reducing 5

6 EMV compliance scope and removing sensitive information from the point of sale system. EMV chip technology only validates that the card is authentic and prevents counterfeiting; it supports cardholder verification and allows authorization of the transaction using the cardholder s signature. EMV is most effective with card-present transactions. Meanwhile, E2EE protects cardholder data from the point of entry to the payment card processor, shielding against malware that sniffs and captures sensitive data. It uses one-way encryption at the PIN pad, making cardholder data unusable, and reduces the merchant s applicable controls required for PCI DSS validation. To select the encryption method that best fits one s business, merchants should begin by talking to their POS device provider and their payment processor or gateway. Tokenization further reduces risk and eases PCI certification by replacing cardholder data (including the PAN) with surrogate values (tokens), eliminating the storage of cardholder data for post-transaction capture. Lastly, SCA removes the POS from payment data transmission, facilitating a secure, direct connection from the terminal to the acquirer or gateway and simplifying EMV certification. 6

7 ABOUT VERIFONE About Verifone Systems, Inc. ( Verifone Systems, Inc. ( Verifone ) (NYSE: PAY) is a global leader in secure electronic payment solutions. Verifone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and selfservice payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. Verifone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide Verifone, Inc. All rights reserved. Verifone and the Verifone logo are either trademarks or registered trademarks of Verifone in the United States and/or other countries. All other trademarks or brand names are the properties of their respective holders. All features and specifications are subject to change without notice. Product display image for representation purposes only. Actual product display may vary. Reproduction or posting of this document without prior Verifone approval is prohibited. 7

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization?

Tokenization: FAQs & General Information. www.tsys.com BACKGROUND. GENERAL INFORMATION What is Tokenization? FAQ Tokenization: FAQs & General Information BACKGROUND As technology evolves, consumers are increasingly making their purchases online or through mobile devices and digital wallet applications and their

More information

PAYMENT SECURITY. Best Practices

PAYMENT SECURITY. Best Practices PAYMENT SECURITY Best Practices At VeriFone, the protection of cardholder information is a top priority. To ensure merchants have secure payment solutions for their customers, and to help protect merchants

More information

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014 E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y February 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER SHAZAM, Senior Vice President Agenda The Ugly Fraud The Bad EMV? The Good Tokenization and Other Emerging Payment Options

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

Payments simplified. 1

Payments simplified. 1 1 Payments simplified. T H E PAY M E N T I N D U S T RY A I N T W H AT I T U S E D T O B E 2 Complexity is increasing, More change in next 5, than last 50 Emerging payments / loyalty / rewards / coupons

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase

More information

True Protection To The Core

True Protection To The Core True Protection To The Core Intelligent Security Solutions from VeriFone Every Day. In Everything We Do. VeriFone Builds Absolutely The Highest Transaction Data Security Into Our Business. And Yours. We

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

Apple Pay. Frequently Asked Questions UK Launch

Apple Pay. Frequently Asked Questions UK Launch Apple Pay Frequently Asked Questions UK Launch Version 1.0 2015 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of

More information

RETAIL BANKING SOLUTIONS. Enhancing Your Customer s Branch Experience. Comprehensive Services Tailored for Retail Banks. Vault-Like Security

RETAIL BANKING SOLUTIONS. Enhancing Your Customer s Branch Experience. Comprehensive Services Tailored for Retail Banks. Vault-Like Security lightly-attended, self-service kiosks equipped with the MX 800 Series to further cut costs and increase revenues by more efficiently serving customers with routine transactions. DRIVE-THRU SELF-SERVICE

More information

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA E2EE and PCI Compliancy Martin Holloway VSP Sales Director VeriFone NEMEA Security Breaches In The News 2 Security Breaches In The News 3 Security Breaches In The News 4 Security Breaches In The News 5

More information

EMV FAQs for developers

EMV FAQs for developers EMV FAQs for developers You accept the Information presented herein as is, without any representation as to its accuracy or completeness. What are the three levels of EMV certification? There are three

More information

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE

DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE DATA SECURITY, FRAUD PREVENTION AND COMPLIANCE December 2015 English_General This presentation was prepared exclusively for the benefit and internal use of the J.P. Morgan client or potential client to

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

WHITE PAPER U.S. JOINING WORLDWIDE EMV MOVEMENT

WHITE PAPER U.S. JOINING WORLDWIDE EMV MOVEMENT U.S. JOINING WORLDWIDE EMV MOVEMENT EXECUTIVE SUMMARY The U.S. payments industry has relied on magnetic stripe-based card technology for decades, but most countries have or are in the process of transitioning

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE

NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that

More information

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the

More information

Fighting Today s Cybercrime

Fighting Today s Cybercrime SECURELY ENABLING BUSINESS Fighting Today s Cybercrime Ongoing PCI Compliance Using Data-Centric Security Technologies HOUSEKEEPING ITEMS All phone lines have been muted for the duration of the webinar.

More information

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY

GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY GLOSSARY OF MOST COMMONLY USED TERMS IN THE MERCHANT SERVICES INDUSTRY Acquiring Bank The bank or financial institution that accepts credit and/or debit card payments for products or services on behalf

More information

How Secure are Contactless Payment Systems?

How Secure are Contactless Payment Systems? SESSION ID: HT-W01 How Secure are Contactless Payment Systems? Matthew Ngu Engineering Manager RSA, The Security Division of EMC Chris Scott Senior Software Engineer RSA, The Security Division of EMC 2

More information

EMV GATHERS STEAM AS U.S. MOVES TOWARD LIABILITY SHIFT

EMV GATHERS STEAM AS U.S. MOVES TOWARD LIABILITY SHIFT W H I T E P A P E R EMV GATHERS STEAM AS U.S. MOVES TOWARD LIABILITY SHIFT Approaching deadlines will shift liability of card-present counterfeit fraud from issuers to acquirers and merchants. That combined

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Development, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 developers@openedgepay.com openedgepay.com 2015: Development, Merchant Table of Contents

More information

Digital Payment Solutions TSYS Enterprise Tokenization:

Digital Payment Solutions TSYS Enterprise Tokenization: Digital Payment Solutions TSYS Enterprise : FAQs & General Information FAQ TSYS DIGITAL DIGITAL PAYMENT PAYMENTS SOLUTIONS SOLUTIONS Account Holder Experience Apple Pay 1 Android Pay 2 Samsung Pay 2 Issuer

More information

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance Allegiance Merchant Services is committed to assisting you in navigating through the various considerations that you may face

More information

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2 Network Updates Summer 2013 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your

More information

Apple Pay. Frequently Asked Questions UK

Apple Pay. Frequently Asked Questions UK Apple Pay Frequently Asked Questions UK Version 1.0 (July 2015) First Data Merchant Solutions is a trading name of First Data Europe Limited, a private limited company incorporated in England (company

More information

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide

More information

The Merchant and EMV: What You Need to Know to Prepare for the Magstripe to EMV Transition

The Merchant and EMV: What You Need to Know to Prepare for the Magstripe to EMV Transition Research Brief The Merchant and EMV: What You Need to Know to Prepare for the Magstripe to EMV Transition Glenbrook Partners 2014 1 Table of Contents Executive Summary 3 Why, and How, Now? 4 The Pace is

More information

EMV HANDBOOK EMV: A MERCHANT S PRIMER WHO, WHAT, WHERE & WHY

EMV HANDBOOK EMV: A MERCHANT S PRIMER WHO, WHAT, WHERE & WHY EMV HANDBOOK EMV: A MERCHANT S PRIMER October 1, 2015 marks a major milestone in the U.S. payments landscape. As of that date, liability for fraudulent, counterfeit credit and debit card transactions shifts

More information

Secure Payments Framework Workgroup

Secure Payments Framework Workgroup Secure Payments Framework Workgroup EMV for the US Hospitality Industry Version 1.0 About HTNG Hotel Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration

More information

Guideline on Debit or Credit Cards Usage

Guideline on Debit or Credit Cards Usage CMSGu2012-04 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Debit or Credit Cards Usage National Computer Board Mauritius

More information

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba

Newtek, The Small Business Authority 855-2thesba www.thesba.com. thesba.com 855-2thesba thesba.com 855-2thesba EMV Chip Technology, Secure Electronic Payments The world of payments is evolving. We are starting to see an evolution from typical static magnetic strip cards to more intelligent

More information

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

CPIM Academy. Cash 257 Merchant Services and Revenue Collection CPIM Academy Cash 257 Merchant Services and Revenue Collection 2015 Objectives Feel prepared to discuss/understand basics of merchant processing Understand Service Fees Difference between credit and debit

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants 2012 First Data Corporation. All trademarks, service marks and trade names referenced in this material

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions PAYMENTS IN-STORE PAYMENTS ON-THE-GO PAYMENTS ONLINE Accept

More information

Guide to Data Field Encryption

Guide to Data Field Encryption Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations

More information

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand

More information

PCI Security Standards Council

PCI Security Standards Council PCI Security Standards Council Jeremy King, European Director 2013 Why PCI Matters Applying PCI How You Can Participate Agenda 2 Why PCI Matters Applying PCI How You Can Participate Agenda About the PCI

More information

PAYMENTS AS A SERVICE. Fully managed multi-channel card acceptance for all business environments. www.verifone.co.uk

PAYMENTS AS A SERVICE. Fully managed multi-channel card acceptance for all business environments. www.verifone.co.uk PAYMENTS AS A SERVICE Fully managed multi-channel card acceptance for all business environments www.verifone.co.uk Whether small or large, PAYware Ocius s multi-channel flexibility can transform your s

More information

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015 PCI P2PE 2.0 What Does it Mean for Merchants and Processors? September 10, 2015 Agenda Housekeeping Presenters About Conexxus Presentation Q& A 2015 Conexxus Webinar Schedule* Month/Date Webinar Title

More information

PREVENTING PAYMENT CARD DATA BREACHES

PREVENTING PAYMENT CARD DATA BREACHES NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction

More information

PAYWARE MERCHANT MANAGED SERVICE

PAYWARE MERCHANT MANAGED SERVICE PAYWARE MERCHANT MANAGED SERVICE PAYware MerchanT Managed Service We focus on payments, so you can drive sales Whether you re selling goods or services, managing your own internal high volume payments

More information

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Are You Ready For PCI v 3.0 Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014 Today s Presenter Corbin Del Carlo QSA, PA QSA Director, National Leader PCI Services Practice 847.413.6319

More information

INTEGRATED, SMART, AND SECURE

INTEGRATED, SMART, AND SECURE INTEGRATED, SMART, AND SECURE SMART FUEL SOLUTIONS SECURE PUMPPAY Integrated, Retrofit Solution VeriFone s Secure PumpPAY is a powerful solution for petroleum retailers that need to upgrade their existing

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

EMV: Background and Implications for Credit Unions

EMV: Background and Implications for Credit Unions 900 Elkridge Landing Road Suite 400 Linthicum, Maryland 21090 410-855-8500 FAX 410-855-8599 www.firstannapolis.com EMV: Background and Implications for Credit Unions November 2012 TABLE OF CONTENTS EXECUTIVE

More information

PREPARING FOR THE MIGRATION TO EMV IN

PREPARING FOR THE MIGRATION TO EMV IN PREPARING FOR THE MIGRATION TO EMV IN THE U.S. A Mercator Advisory Group Research Brief Sponsored by Merchant Warehouse 2010 Mercator Advisory Group, Inc. 8 Clock Tower Place, Suite 420 Maynard, MA 01754

More information

Mitigating Fraud Risk Through Card Data Verification

Mitigating Fraud Risk Through Card Data Verification Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

How to Help Prevent Fraud

How to Help Prevent Fraud TD Canada Trust How to Help Prevent Fraud Merchant Services tips to help protect your business Fraud Awareness All credit cards issued in Canada are designed with special security features to help deter

More information

mobile payment acceptance Solutions Visa security best practices version 3.0

mobile payment acceptance Solutions Visa security best practices version 3.0 mobile payment acceptance Visa security best practices version 3.0 Visa Security Best Practices for, Version 3.0 Since Visa s first release of this best practices document in 2011, we have seen a rapid

More information

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015 Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies Fiscal Service / Vantiv July 27, 2015 Disclaimer: This communication, including any content herein and/or

More information

Payment Card Industry Data Security Standards

Payment Card Industry Data Security Standards Payment Card Industry Data Security Standards Discussion Objectives Agenda Introduction PCI Overview and History The Protiviti Difference Questions and Discussion 2 2014 Protiviti Inc. CONFIDENTIAL: This

More information

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01

PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 PLACE GROUP UK LONDON STUDENT HOUSING GROUP PAYMENT CARD INDUSTRY DATA SECURITY STANDARD COMPLIANCE STATEMENT PCI DSS (09) VERSION: 2009PCIDSSP4S01 Information updated: 21 October 2012 SAFEGUARDING CARDHOLDER

More information

Department PCI Self-Assessment Questionnaire Version 1.1

Department PCI Self-Assessment Questionnaire Version 1.1 Department PCI Self-Assessment Questionnaire Version 1.1 2009 Attestation of Compliance Instructions for Submission This Department PCI Self-Assessment Questionnaire has been developed as an assessment

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

NCR CONNECTED PAYMENTS

NCR CONNECTED PAYMENTS NCR CONNECTED PAYMENTS For more information visit ncr.com or contact us at retail@ncr.com A winning combination of payment security and payment innovation Evolving payment industry regulations and the

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

An Overview of Payments for the Bikeshare Market

An Overview of Payments for the Bikeshare Market An Overview of Payments for the Bikeshare Market Provided by North American Bikeshare Association Presented by Mantrana Partners Boulder B-cycle February 18, 2015 1 Presenters Lora Vigil brings over 15

More information

CITGO CHIP & MOBILE TM. Quick-Start Guide YOUR CUSTOMERS. are

CITGO CHIP & MOBILE TM. Quick-Start Guide YOUR CUSTOMERS. are CITGO CHIP & MOBILE TM Quick-Start Guide are YOUR CUSTOMERS EMV CHIP CARD This... plus this... MOBILE PAYMENTS 1 Equals Success GET AHEAD FOR YOUR CUSTOMERS STAY AHEAD FOR YOUR BUSINESS. Fast Convenient

More information

Where Security Fits in the Payments Processing Chain

Where Security Fits in the Payments Processing Chain With over 20 billion credit card purchase transactions in the US in 2009 and a highly complex system for processing those transactions, it s not surprising that credit card information is a key target

More information

How to Prepare. Point of sale requirements are changing. Get ready now.

How to Prepare. Point of sale requirements are changing. Get ready now. How to Prepare for EMV Point of sale requirements are changing. Get ready now. The EMV mandate is fast approaching. Now is the time to plan a strategy to prepare for this change. 2 EMV: The Backstory 3

More information

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013 Encryption and Tokenization: Protecting Customer Data Your Payments Universally Amplified Tia D. Ilori Sue Zloth September 18, 2013 Agenda Global Threat Landscape Real Cost of a Data Breach Evolution of

More information

First Data s Program on EMV

First Data s Program on EMV First Data s Program on EMV Independent Software Vendors November 2014 Copyright 2013 First Data Corporation 1 Agenda EMV Overview & Background Processing Certification EMV Complementary Products Rapid

More information

Securing the card payments infrastructure Where are we headed?

Securing the card payments infrastructure Where are we headed? www.pwc.com/cybersecurity Securing the card payments infrastructure Where are we headed? July 2014 Not too long ago, theft of a consumer s credit or debit card would require physical robbery. It was a

More information

Visa global Compromised Account

Visa global Compromised Account Visa global Compromised Account RECOVERY PROGRAM WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT EVERY MERCHANT SHOULD KNOW ABOUT GCAR WHAT The Visa Global Compromised Account Recovery (GCAR) program offers

More information

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Transitions in Payments: PCI Compliance, EMV & True Transactions Security Transitions in Payments: PCI Compliance, EMV & True Transactions Security There have been more than 600 million records compromised from approximately 4,000 data breaches since 2005 and those are just

More information

VeriFone VeriShield Total Protect Technical Assessment White Paper

VeriFone VeriShield Total Protect Technical Assessment White Paper VeriFone VeriShield Total Protect Technical Assessment White Paper Prepared for: September 4 th, 2013 Dan Fritsche, CISSP, QSA (P2PE), PA-QSA (P2PE) dfritsche@coalfiresystems.com Table of Contents EXECUTIVE

More information

Adyen PCI DSS 3.0 Compliance Guide

Adyen PCI DSS 3.0 Compliance Guide Adyen PCI DSS 3.0 Compliance Guide February 2015 Page 1 2015 Adyen BV www.adyen.com Disclaimer: This document is for guidance purposes only. Adyen does not accept responsibility for any inaccuracies. Merchants

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating Given recent payment data breaches, clients are increasingly demanding robust security and fraud solutions; and Financial institutions continue to outsource and leverage technology providers given their

More information

Strong data protection. Strategic business value. www.thales-esecurity.com

Strong data protection. Strategic business value. www.thales-esecurity.com Someone is stalking your sensitive data. Coveting your intellectual property. Waiting for the slightest crack in the window of opportunity to hack it, misuse it, and run. How can you best protect and control

More information

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION

FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION FOR A BARRIER-FREE PAYMENT PROCESSING SOLUTION MAKE THE SWITCH TO MONEXgroup ecommerce I Mobile I Wireless I Integrated I Countertop Solutions PAYMENTS IN-STORE PAYMENTS ON-THE-GO PAYMENTS ONLINE Accept

More information

Euronet s Contactless Solution

Euronet s Contactless Solution Serving millions of people worldwide with electronic payment convenience. Euronet s Contactless Solution Fast, Secure and Convenient Transactions with No Swiping, PIN or Signature Copyright 2011 Euronet

More information

M/Chip Functional Architecture for Debit and Credit

M/Chip Functional Architecture for Debit and Credit M/Chip Functional Architecture for Debit and Credit Christian Delporte, Vice President, Chip Centre of Excellence, New Products Engineering Suggested routing: Authorization, Chargeback, Chip Technology,

More information

The Cost of Compliance

The Cost of Compliance The Cost of Compliance The Payment Card Industry Data Security Standard (PCI DSS) aims to protect sensitive cardholder data throughout the life cycle of ecommerce transactions. The standard puts heavy

More information

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps

More information

White Paper: Are there Payment Threats Lurking in Your Hospital?

White Paper: Are there Payment Threats Lurking in Your Hospital? White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Time to get off the fence?

Time to get off the fence? WHITE PAPER Thought leadership for the retail sector Time to get off the fence? Defining a cost-effective way to get and retain PCI DSS certification Author: Kevin Burns, PCI and Payments Consultant, BT

More information

Josiah Wilkinson Internal Security Assessor. Nationwide

Josiah Wilkinson Internal Security Assessor. Nationwide Josiah Wilkinson Internal Security Assessor Nationwide Payment Card Industry Overview PCI Governance/Enforcement Agenda PCI Data Security Standard Penalties for Non-Compliance Keys to Compliance Challenges

More information

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch

FUTURE PROOF TERMINAL QUICK REFERENCE GUIDE. Review this Quick Reference Guide to. learn how to run a sale, settle your batch QUICK REFERENCE GUIDE FUTURE PROOF TERMINAL Review this Quick Reference Guide to learn how to run a sale, settle your batch and troubleshoot terminal responses. INDUSTRY Retail and Restaurant APPLICATION

More information

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Thoughts on PCI DSS 3.0 D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director Agenda 1 2 3 Global Payment Card Statistics and Trends PCI DSS Overview PCI DSS Version 3.0: Important Timelines

More information

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM tokenex.com OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM A TokenEx Case Study Case Study OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM TABLE OF CONTENTS Understanding Data Security

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

Payment Technology Deep Dive. October 13, 2015 8:00 am 8:50 am

Payment Technology Deep Dive. October 13, 2015 8:00 am 8:50 am Payment Technology Deep Dive October 13, 2015 8:00 am 8:50 am Objectives Navigate the differences between loyalty and payment apps as well as consumer perceptions of both Familiarize with EMV compatible

More information

Mobile Payment Solutions: Best Practices and Guidelines

Mobile Payment Solutions: Best Practices and Guidelines Presented by the Mobile Payments Committee of the Electronic Transactions Association Mobile Payment Solutions: Best Practices and Guidelines ETA s Best Practices and Guidelines for Mobile Payment Solutions

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Attestation of Compliance for Onsite Assessments Service Providers Version 3.0 February 2014 Section 1: Assessment Information Instructions for Submission

More information

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions

Visa U.S. Merchant EMV Chip Acceptance Readiness Guide. 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps to Planning Chip Implementation for Contact and Contactless Transactions Visa U.S. Merchant EMV Chip Acceptance Readiness Guide 10 Steps

More information

Chip Terms Explained A Guide to Smart Card Terminology

Chip Terms Explained A Guide to Smart Card Terminology Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response

More information