SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS

Transcription

1 SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS A RESELLER S GUIDE

2 CONTENTS New Sales Opportunities : EMV Mandate Means New Business... 3 New POS Will Need Both EMV and PCI... 3 Growing Demand for NFC Transactions... 4 Emerging Payment Systems... 4 Chip-Based Scanners for EMV...5 Digital Currency Systems... 5 Professional & Training Services... 6 PCI Payment Compliance... 6 Risk Assessments... 7 PCI Onsite Reviews & Assessments... 7 Vulnerability Scanning Services... 7 PCI Compliance Scanning... 7 Design Services... 8 Payment Key Injection Process... 8 Shipping & Fullfillment... 8 Deployment Services... 8 Disposal Services... 8 Training Services... 8 Ingram Micro Can Help

3 NEW SALES OPPORTUNITIES EMV MANDATE MEANS NEW BUSINESS Retail and restaurant payment systems in the United States are undergoing a dramatic change in the coming year because of mandated smart credit card adoption and the need for new payment systems. Walmart has already started to accept EMV cards, and Search, Target, and CVS Caremark are rolling out their own EMV systems, but other retailers have been slower to make the change. As with the frenzy to accommodate Y2K, the October 2015 deadline for EMV card adoption has retailers and restaurateurs struggling to upgrade their point of sale systems or they will have to start assuming liability for fraudulent credit card purchases. NEW POS WILL NEED BOTH EMV AND PCI Even with the new mandate for EMV compliance, stores and restaurants are not relying on EMV alone to protect them against credit card fraud. The payment Card Industry (PCI) has issued a new Data Security Standard (DSS) for the secure processing, transmission, and storage of credit card data. EMV and PCI work well together to secure ensure secure handling of credit card transactions. The PCI DSS standard is required for all merchants who handle credit card transactions and is supported by American Express, Discover, JCB, MasterCard, or Visa International. Any vendor using a non-pci DSS compliant credit card system can incur fines up to $100,000 per month. There are multiple aspects of PCI DSS compliance, including secure point of sale transactions and secure storage of credit card data. The rules are extremely complex so merchants often rely on third-parties, such as integrators and VARs, to help them stay compliant. For example, PCI DSS requires that consumer credit card data has to adhere to a standard of secure storage protection against data theft, including a quarterly network scan by a PCI-approved scanning vendor. Security-savvy VARs can work with merchants to ensure credit card data is secure and PCI compliance is never an issue....3

4 GROWING DEMAND FOR NFC TRANSACTIONS As part of growing EMV card adoption, more retailers will start adopting contactless card readers. Near field communication (NFC) is a technology that has been waiting in the wings for a problem like EMV cards. As retailers upgrade from their current magstripe readers to EMV readers, many also will be migrating to card readers that are NFC-ready. This is in anticipation of the growing number of mobile transactions being made using smartphones. Google Wallet is one of the first examples of transactions using NFC payments and Apple pay and other systems are sure to follow. A research report from Berg Insights predicts that 86 percent of POS terminals installed in North America will accept NFC payments by That represents an in-store mobile wallet volume of $44 billion. Retailers will need assistance making sure they can handle NFC transactions. EMERGING PAYMENT SYSTEMS There are new payment technologies and systems emerging all the time, and the challenge for retailers is deciding which of the latest payment system fads are necessary for their business. Consider the growing popularity of e-payment platforms such as PayPal, Google Wallet, and now Apple Pay. Consumers like these services for their convenience as well as the cool factor ; just think how cool and easy is to leave your wallet home and make purchases with your smartphone. Retailers watch these new payment systems with trepidation since they have to decide whether they need to invest to support these new payment platforms to better serve customers. There are other payment systems that are here to stay, and retailers are struggling with how to best support them. As you develop your POS/data capture sales strategy, consider how these new payment systems fit into your strategy. 4...

5 CHIP-BASED SCANNERS FOR EMV Europay, MasterCard, and Visa (EMV) banded together to develop a global standard for the interaction of integrated circuit cards, also known as IC cards or chip cards. Deemed as more secure than current credit card technology, U.S. credit card companies are migrating to chip cards in an effort to reduce credit card fraud and counterfeit credit cards. EMV cards are ushering in new liability rules and new payment processes. So what EMV adoption means for U.S. merchants is adding new in-store, pointof-sale and internal processing systems that can handle EMV credit cards. Like magnetic strip card readers, EMV readers use a two-step authentication process: card reading and transfer verification. However, unlike swiping a card the authentication system takes longer. And unlike magnetic stripe cards, EMV cards can be updated or changed, which makes them harder to counterfeit. It also means more personal information can be included that could be valuable to retailers, assuming the EMV scanners can capture that data. The first round of EMV cards will be equipped with both a magnetic stripe and a smart chip but eventually cards will migrate to all EMV. Retailers need to keep pace with these changes and migrate to EMV data capture systems that integrate with their back end systems before the EMV conversion deadline of October DIGITAL CURRENCY SYSTEMS Digital transaction systems are gaining popularity with consumers. Starbucks and other merchants have been using prepaid debit cards that can be preloaded by customers and used like vendorspecific ATM or gift cards. Starbucks has even gone further to provide a smartphone barcode system where the barista scans the phone screen. Bitcoin, Ripple, Litecoin, and Quark are some of the new currencies that are being adopted that use cryptography for secure transactions. Bitcoin is probably the best known and more merchants are installing Bitcoin readers to handle transactions, especially in Europe and Asia. In North America the latest digital currency announced by the Royal Canadian Mint. The Mint Chip is backed by the Canadian treasury and tied directly to the Canadian dollar. It is starting to take hold rapidly in Canada, partly because Ingenico, one of the world s largest point-of-sale terminal manufacturers, has developed software for its new terminals that will accept payments via Mint Chip. The challenge for retailers is determining which forms of digital currency they support. There is no dominant e-currency at present, and there are no industry standards for e-payments. It s impractical to adopt systems to embrace all the emerging currency options so merchants will need assistance and guidance in navigating e-payment and digital currency systems....5

6 PROFESSIONAL & TRAINING SERVICES INCREASE PROFITS & EXPAND VALUE Ingram Micro goes beyond hardware and software to offer a full portfolio of Professional and Training Services that you can leverage to plan, implement, manage and support your payment solutions. Experienced technicians, engineers, and project managers are focused on identifying, configuring, and deploying your chosen solutions like PCI compliance assessments to deployment and disposal services. PCI PAYMENT COMPLIANCE The Payment Card Industry (PCI) has issued a Data Security Standard (DSS) to ensure that all companies process, transmit, and store credit card information in a secure environment. Administered by the PCI Security Standards Council (SSC), compliance with the PCI DSS is now required of all merchants and banks who handle credit card transactions. Any organization that accepts credit or debit card transactions backed by American Express, Discover, JCB, MasterCard, or Visa International have to have PCI DSS-compliant transaction systems, regardless of their size or how they accept payment. Failure to comply can result fines up to $100,000 per month. Needless to say merchants are anxious to demonstrate that they conform to PCI DSS. There are various components to PCI DSS compliance, including rules to protect credit card transactions stored in the merchant s network. The rules can be complex, so merchants often rely on vendors to help them stay compliant. For example, PCI DSS requires merchants to protect consumer credit card data from hackers. To ensure compliance the PCI SSC can conduct a network security scan using an automated tool that looks for online vulnerabilities. PCI requires a quarterly network scan by a PCI SSC Approved Scanning Vendor. VARs that are well-versed in PCI DSS can prove to be a real asset to merchants concerned with compliance and credit card security. 6...

7 RISK ASSESSMENTS Understanding and assessing risk is one of the most fundamental ways to develop a well-founded information security strategy which helps fulfill both compliance objectives (such as GLBA, HIPPA and PCI DSS) and broader security goals. Our risk assessments help identify the risks faced and identify: Systems used to store, process or transmit sensitive information Threats to systems from attackers, automated attacks (i.e., computer viruses), environmental factors and human mistakes Vulnerabilities that could make systems susceptible to the threats Impact if an attacker was able to successfully exploit the vulnerability PCI ONSITE REVIEWS & ASSESSMENTS For customers required to undergo a full compliance assessment, a Qualified Security Assessor (QSA) will assist with a three-phase process for the PCI DSS compliance assessment: A Pre-Assessment identifies and analyzes the compliance scope as well as any gaps. The Assessment tests security of the system as well as provides advice to remediate the gaps. Post-Assessments include quarterly follow-ups to address compliance maintenance checkups, changes in the environment and future plans which may affect the scope. VULNERABILITY SCANNING SERVICES Vulnerability scanning examines networks for security holes and misconfigurations. Regular scanning is a critical component of information security programs and a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in the ever-changing network environment. PCI COMPLIANCE SCANNING Any organization that stores, processes or transmits payment card data is required to be PCI DSS-compliant by the payment brands and the merchant bank. And, depending on the organization s role and transaction volume, they will need to complete either a full compliance assessment performed by a Qualified Security Assessor (QSA) or a Self- Assessment Questionnaire (SAQ). Most organizations find that they need at least some level of guidance while going through the SAQ process. Our experts will help determine which SQA route is appropriate and give assistance understanding the requirements. Through our secure web portal, the customer is able to set up, manage and review their scans. And in the event a scan fails, meaning a security vulnerability is found, the report will contain detailed recommendations to address any issues. Once the organization is able to make the appropriate changes to address the discovered vulnerabilities, a rescan can be done to see if the changes were effective....7

8 DESIGN SERVICES Network security professionals can assist in developing a simple, sustainable and operationally efficient network architecture for both wired and wireless deployments. PAYMENT KEY INJECTION PROCESS Avoid the cost and time of taking terminals offline and shipping them to secure facilities for key injections. Ingram Micro can download security keys to payment terminals on behalf of our channel partners. SHIPPING & FULFILLMENT Our Advanced Logistic Centers (ALCs) are positioned to ensure compressed order fulfillment lead times and optimize inventory distribution from end to end. DEPLOYMENT SERVICES Leverage local, rapidly-deployable technicians across the country for deployments including payment terminals, cameras, wireless access points, cabling, network/pos upgrades, and more. Our Project Management Office will schedule each site and staff technicians as well as manage the entire project including site escalations and reviewing/archiving all documentation. DISPOSAL SERVICES Address the end-of-life information security as well as environmentally compliant disposal concerns for old electronic equipment. We offer a full service portfolio of services including: De-Installation & Asset Removal Onsite Data Erasure & Destruction Packaging & Palletizing Asset Processing Refurbishment, Repair & Re-marketing De-manufacturing & Recycling Issuance of Certificate of Destruction TRAINING SERVICES Whether exploring EMV chip card issues for the first time or an experience issuer, staff needs to be educated on how to identify suspicious activity, to follow the appropriate escalation procedures and to respond to a potential security incident. Training helps in understanding common mistakes that my lead to data breaches, EMV security, the importance of PCI DSS compliance and the advantages/disadvantages of Point-to-Point Encryption (P2PE) solutions. Contact Us Today! ext proservices@ingrammicro.com 8...

9 INGRAM MICRO CAN HELP The mandatory move to support EMV smartcards opens a unique opportunity for resellers. Restaurants, retailers, and other merchants that accept credit card and debit payments have to adopt a new point-of-sale payment system to accommodate EMV cards, whether they like it or not. They have to rely on the expertise of experienced resellers to help them make the right choice and integrate those new payment systems into their merchandising systems. Ingram Micro is here to help. The migration to EMV opens up the possibility for additional conversations about hardware and software, scanners and data capture devices, wireless networking, storage, backup, power, security, cloud computing, big data, and more. Ingram Micro Professional and Training Services has experts that can help you build your business from end-to-end. Our experienced professionals can provide guidance beyond the hardware and software. From risk assessments and PCI-compliance scanning to solution design and deployment and even staff training and equipment disposal, our experts can help you during the entire project lifecycle. We understand how to bring new technologies together to promote greater profits for you and your customers. Contact us to learn more! Steve Bochniarz ext stephen.bochniarz@ingrammicro.com...9

10 To learn more about our comprehensive payments program and solutions, please contact us.