Transaction Security. Only Magensa can authenticate the card. Stopping the use of counterfeit cards. PERIOD.

Transcription

1 Transaction Security Only Magensa can authenticate the card. Stopping the use of counterfeit cards. PERIOD. 1

2 Magensa is a security investment with guaranteed returns Whether you shop, bank, vote, play games, work, study, or collaborate online, Magensa protects your identity, your privacy, and your assets with strong, effective security. Magensa uses the MagneSafe Security Architecture to safeguard consumers and their information. Magensa s services provide data encryption/decryption, authentication and registration and enterprise device management that provide custom solutions that meet your unique needs. Our Vision A world free of counterfeit, tampered, or fraudulent online transactions. Our Mission We will provide an open and shared registry of fraud information to responsible parties conducting safe online transactions, by providing services in the payment and identification domains for data protection and dynamic authentication of users, cards, tokens, devices, hosts and intermediaries, to prevent, detect and stop fraud in realtime, while radically reducing the incentive to steal static, sensitive information. 2

3 Transaction Security Solutions Magensa Magensa is a transaction authentication system using a method whereby the user, the card, the cardholder data, the reader and the recipient may all be authenticated to each other. Magensa Payment Protection Gateway The MPPG is the most secure rail for transaction processing. MagneSafe Security Architecture MagneSafe is a digital identification and authentication architecture that safeguards personal data. Industries and Applications Authentication & Registration Only Magensa can authenticate the actual card and prevent fraud in real-time. Data Protection Secure your data while using open platform systems that afford you the flexibility you need. Device Management The MagneSafe Security Architecture is built inside, and the layered security can be switched on remotely with true device authentication. ecommerce Electronic commerce security in more places, using the most secure transaction solution. Retail Point of Sale Magensa provides the entire retail environment secure transactions. Finance Banks, credit unions, trading sites, small business services, money transfer services and foreign exchanges can use one solution to secure their data. Enterprise Only Magensa can secure data both logically and physically with one simple solution. QwickPAY QwickPAY is a complete mobile POS payment solution that delivers unmatched convenience without sacrificing security. QwicKey QwicKey delivers superior online password management, password generation, auto-form completion, express payment and one-click log in. Qwick Codes Qwick Codes mobile wallet converts your static card data to secure, one-time use Qwick Codes which can be redeemed for actual card swipe data. Government Keep your most valued identification and access data safe with layered security. 3

4 Magensa Magensa is your partner, not just a service provider. Magensa is a service that maintains PCI compliance at all times. We do more than just protect cardholder track data at our geographically separated and redundant data processing facilities. You don t need to wait for anyone else in the transaction process to take advantage of the benefits that Magensa and the MagneSafe Security Architecture (MSA). The MSA delivers security and a return on investment where it matters most to you with guaranteed returns. Tested and Proven Magensa delivers solutions for data protection, tokenization, encryption, authentication with registration, and enterprise device management services to secure today s traditional applications with tomorrow s advanced security requirements using tested and proven technologies. These secure services protect sensitive data at every point of the transaction, increase brand value, counter skimming solutions and limit fraud and theft with minimal improvements to the payment infrastructure. Return on Investment Magensa gives you the ability to fight fraud and earn rewards by ensuring the card, the cardholder, and the transaction are legitimate. Magensa provides Code 10 fraud alerts for counterfeit cards with the forensic evidence to stand up in court. Magensa and You Magensa s Technical Support Team works with you to assess your current environment and will develop implementation and deployment strategies for your unique organization. Your representative will work with you to determine the critical path to success. Best in Design and Operational Practices We take transaction security seriously and understand that your security system extends beyond the purchase and extends into a lasting relationship. You require business continuity, agility and a team working for you. Around-the-Clock Customer Support We work around the clock to ensure constant, consistent and reliable service. We understand that time is money and excel to provide a synergistic solution that brings your services to the next level. Once a customer, you will be provided with a dedicated support number you can contact 24/7/365 for software support and online diagnostic capabilities. Excellence in Functionality Save time and resources while receiving around the clock, reliable 99.99% uptime and guaranteed service. Our Secure Data Center operates 24/7/365 with full staff management and technical support. We offer a layered defense with automatic fail-over, load balancing, device and location independence, automatic back-ups and redundant data processing facilities. Complete Scalability and Integration Magensa offers scalability of services and of resources. Depending on your individual custom needs we will work with you to provide a custom turnkey solution so you don t have to build additional extraneous support. We deliver scalability via dynamic provisioning of resources, secure multi-tenancy and around the clock performance monitoring. 4

5 MPPG Magensa s Payment Protection Gateway (MPPG) makes PCI compliance easier, safer and faster with a flexible and safe way to conduct payment transactions. The Magensa Payment Protection Gateway can work as your secure rail to send data onto processors, gateways and acquirers. Data is sent through an open and secure platform from all MSA enabled terminals making it the most secure gateway in the industry today. The Global MagnePrint Exchange Magensa s shared, accessible fraud information database - The Global MagnePrint Exchange Service - manages and authenticates cards, users, tokens, keys, hosts and devices. The combination of authentication from dynamic card data with encryption and tokenization prevents fraud that occurs from skimmed cards anywhere you make card present transactions, e.g. unattended gas pumps, false front ATMs, and at the point of sale. PCI Compliant and Reduce PA DSS Scope Magensa simplifies PCI compliance, reduces your PCI scope* and decreases costs by as much as 50-75%. The use of MagTek s MagneSafe Security Architecture (MSA), in combination with our certified Magensa Payment Protection Gateway (MPPG), may allow customers employing these systems together, to reduce or entirely remove their application from the scope of PA-DSS compliance. * 2. compliance. Focus on good security and compliance will follow. It has always been part of MagTek s mission to lead the way in terms of card data security and by providing additional card security features; now the MagneSafe Security Architecture can help future proof your application in an ever-changing environment. Software developers that do not want to go through PA-DSS should exclude the collection of Payment data in their applications. Instead, they should use Secure Card Reader Authenticators (SCRAs) and a virtual terminal like that provided by Magensa to collect and process cardholder data. If their application collects cardholder data, even if encrypted, according to PCI they must comply with PA-DSS. By encrypting the card data at the earliest possible point (inside the read head and at the moment of swipe), using an industry standard encryption method (3DES), dynamic encryption keys (DUKPT), and not providing the encryption key to the application vendor, MagTek and Magensa are following the best practices accepted in the industry regarding Point to Point Encryption. 1. Encryption - the SCRA reads, encrypts, and transmits the cardholder data to MPPG 2. Authentication - MPPG verifies cardholder information as either authentic or fraudulent 3. Authorization - the processor verifies funds are available at the customer s issuing bank 4. Settlement - the process of collecting funds from the customer s account. Issuing Bank Processor 3. MagTek and Magensa go beyond this level of encryption security however, by providing token services, and card authentication services (MagnePrint ) based on dynamic payment card data. This additional protection is important and valuable based on the comments of Bob Russo, General Manager of PCI DSS, who stated; We believe the PCI Security Standards provide a solid foundation for a security strategy to look after your payment and other types of data, but security does not start and end with 1. Merchant Cardholder Acquiring Bank 4. * See complete statement in doc PN

6 MagneSafe Security Architecture The MagneSafe Security Architecture is the foundation that Magensa is built on. The MagneSafe Security Architecture (MSA) has evolved exponentially from its inception in 2006 when it delivered the industry s first Secure Card Reader Authenticators (SCRAs) for secure electronic transactions. The MSA is a digital identification and authentication architecture that safeguards consumers and their personal data. Designed to exceed PCI regulations, MSA leverages strong encryption, secure tokenization, counterfeit detection, tamper recognition, data relevance and integrity, and dynamic digital transaction signatures, which together validate and protect the entire transaction and each of its components. A key feature of the MSA is MagnePrint card authentication, a patented, proven technology which reliably identifies counterfeit credit cards, debit cards, gift cards, ATM cards and ID cards at the point of swipe, before fraud occurs. MSA s multi-layer security provides unmatched protection and flexibility for safer online transactions. Industry experts agree that a layered approach is the best approach for security and MagneSafe provides the layers necessary in one easy to implement, scalable solution. SCRAs provide true end-to-end encryption with the encryption occurring within the reader, along with tokenization formatting capabilities. Encryption and tokenization are preventive measures that help to protect cardholder data, at rest and in transit, and at various points through the payment infrastructure. Encryption and Tokenization however, do not protect cardholder data that exists outside of the network. Here data is widely available from other data capture venues such as pocket skimmers, unattended gas pumps, phishing and pharming sites, and telephone scams. The multi-layer security of MagneSafe adds the unmatched protection both cardholders and relying parties require through sophisticated card, device and data authentication methods that assure a valid transaction. SCRAs deliver dynamic payment card data (digital identifiers of ID), and magnetic card stripe fingerprinting (MagnePrint) which provides counterfeit detection, counters skimming attempts and stops fraudulent transactions in real-time. No other security device in the market today is able to do everything that MagneSafe does in one easy to implement, scalable, cost-effective solution. MagneSafe SCRAs transform the existing magnetic stripe card into a highly secured payment and identification token with proven ability to identify counterfeit cards and prevent card fraud. The MagneSafe Security Architecture works with the 5.5 billion magnetic stripe cards already in circulation including those coupled with EMV and contactless NFC EMV. Look for the MagneSafe logo at the point of swipe. There is no stronger, more practical solution available today for consumer protection. 6

7 Dynamic Data Authentication Encryption Tokenization 7

8 Data Protection Secure your sensitive data, increase customer confidence, exceed current PCI DSS requirements and expand your market while maintaining a return on your investment using Magensa s Data Protection services. Magensa provides the best in data security. Leveraging strong encryption and secure tokenization, Magensa s Data Protection services combine a layered approach to securing sensitive data, so it is protected at all times, whether at rest or in motion from the earliest point of the transaction. The use of encryption and tokenization when combined with dynamic authentication, protects cardholder data while at rest or in transit throughout the payment infrastructure. Encryption and Decryption Services Magensa s encryption and decryption services deliver practical solutions for data protection that exceed current PCI DSS regulations. Magensa utilizes open standard and industry proven Triple DES encryption and DUKPT (derived unique key per transaction) key management to provide a comprehensive security solution that protects cardholder data while at rest and in motion from the earliest point of the transaction. Its open-platform does not require you to invest in costly, un-tested, proprietary solutions that can limit your long-term flexibility and options. Magensa can have you up and running in a matter of hours. Using devices secured by the MagneSafe Security Architecture, encryption occurs directly in the read head at the point of swipe, protecting the data instantly and exceeding PCI requirements since data is never in the clear. Once the encrypted data is securely delivered to Magensa, transactions can be securely decrypted and then delivered to the appropriate payment gateway or processor. Tokenization and Masking Magensa s secure tokenization and masking services provide you with the next level of a layered defense. In today s world, storing clear text cardholder data opens the door to fraud, brand damage and the potential for massive fines. Magensa provides secure Tokenization so merchants and retailers do not have to store the actual PAN data on their host. During the transaction, the cardholder data is encrypted and is assigned a unique Token generated by a one way encryption algorithm. The token could be used for settlement purposes or to retrieve info for charge-backs without having to obtain or store PAN info in the clear. Secure Data Storage Magensa does not store clear text cardholder data. All data is encrypted using industry proven Triple DES encryption and DUKPT (derived unique key per transaction) key management and it uses a unique token to identify all cardholder sensitive data. 8

9 Cryptography Token Generation Key Injection OTP Generation 9

10 Device Management Magensa provides authentication for personal electronic devices including, smartphones, PCs, payment terminals, PIN encrypting devices, card and check readers, servers, and card issuing units. Legitimate devices, including mobile on-the-go POS devices (including Android smartphones, iphone 4S, iphone 4, iphone 3GS, iphone 3G, ipad 2, ipad, and ipod 2nd, 3rd, and 4th generation) using a connected secure card reader authenticator, can be identified and authorized for use while rogue devices can be identified and stopped before they are used to commit fraud. Device Authentication Know that the devices you are communicating with are legitimate. Device Management goes beyond merchant IDs and terminal IDs and makes it impossible for rogue and tampered devices to communicate with your network. Using a proven mutual authentication technique, secured devices are programmed to generate an encrypted challenge and communicate directly to Magensa using an SSL connection. Magensa in turn responds with a unique, one-time response to arm the device for operation. This mutual authentication allows both the user and the host to validate their identities. If one does not recognize the other as legitimate, the authentication will fail and the device will be disabled. Digital Signatures Protect your data from redirection. Session IDs Guard against in transit data attacks and prevent man-in-themiddle attacks using Session IDs. Key Injection and Life Cycle Management Magensa delivers protection against third party and rogue devices by providing secure initial key injection and life-cycle management. Device Enablement/Disablement Remotely enable a device for operation. Magensa can be programmed to remotely enable and configure your device for operation. Once the device and Magensa have been mutually authenticated, a digital certificate is transmitted to the device, enabling the machine to operate for a predetermined period of time which can be defined by the user. Remotely disable a device and remove it from operation. Magensa can use the same infrastructure described above to configure and disable your device for operation. If you choose to disable a device, then it will remain non-operational until such time it is re-enabled by Magensa. This service mitigates your liability and allows you to remotely control any device connected to the network. Digital Device Solutions Magensa supports an array of electronic devices including POS terminals, PCs, ECRs, card readers, PIN encrypting devices, credential personalization and issuing devices, secure card reader authenticators, small document scanners, and most any electronic transaction device connected to the internet (including smartphones and PCs). Remote Key Injection Save time and resources with secure remote key injection and key management by Magensa. 10

11 Card Issuance Devices PIN Encrypting Devices Secure Card Reader Authenticators (SCRAs) Small Document Scanners 11

12 Authentication & Registration Magensa s Authentication and Registration services prevent fraud using MagnePrint as a risk management tool. This layer of protection, when properly implemented, will detect skimmed or magnetically altered counterfeit cards in real-time and stop transactions before fraud occurs. Our real-time fraud alerts protect you from charge backs, tampering, illegal (rogue) devices, unauthorized devices, replays, expired sessions, counterfeit cards, illegal and out of pattern usage preventing fraud, and providing a true return on investment. Magensa also provides the best in custom analytical reporting so you get the information you need, when you need it, saving time and resources. Global MagnePrint Exchange Service Magensa operates the world s largest open and shared registry of magnetic fingerprints for ATM, credit, debit, gift and loyalty cards, allowing financial institutions and merchants around the world to immediately distinguish between an original and a counterfeit card. When payment cards are used, a magnetic fingerprint (MagnePrint) is captured and sent to Magensa for comparison and scoring. Since each MagnePrint is unique, even if card data has been stolen or skimmed, the counterfeit card will never match the original reference print. MagnePrint Risk Management Services Maintain security and prevent fraud while increasing consumer confidence with solutions that go beyond current PCI DSS compliance measures. Card Credential Registration Services Registration is the backbone to authentication and can be implemented easily without the need to re-issue cards. Card credentials can be registered with Magensa at the point of issuance or in the field. MagneSafe technology makes in the field registration possible by transmitting the authentication data at every point of swipe. The database becomes populated over the course of time during normal use, eliminating the need to re-issue cards. The database then provides the basis for authentication. Card Credential Authentication Services Card authentication allows any participant in the payment process to affirm the physical card is genuine and has not been cloned or altered. Magensa uses the MSA to safeguard consumers and their personal data. Authentication Scoring Services Once card credentials are registered, transactions can be scored based on the authentication data created at the point of swipe and can be assessed and scored against the intrinsic characteristics that correlate to the registered card. Dynamic Digital Identifiers MagnePrint transforms cardholder data each time a card is swiped based on the MagnePrint. No two are ever repeated, and they can never be fabricated due to its natural, unique characteristics, providing the best in counter skimming solutions. Two-factor Authentication Two-factor Authentication provides a more secure vehicle for data access protection and is recommended by the FFIEC. This layer of security is made possible by combining dynamic card authentication (something you have which cannot be duplicated) with a password (something you know). 12

13 Open and Shared Prevention Detection Forensic 13

14 ecommerce Security Electronic commerce requires an additional level of convenience and security that only Magensa can provide. Magensa uses the cards that consumers are already familiar with for secure online transaction processing. Magensa s unique ability to track transactions in real-time, per transaction and per device, makes it an ideal companion to the buying and selling of goods and services online. It delivers the tools you need for the development, marketing, selling, and delivery of online goods and services, retail services, marketplace services, mobile commerce, and e-procurement. Using the same card present payment architecture for online transactions that you use in a brick-n-mortar POS setting reduces operating costs and infrastructure expenses. MagneSafe Security Architecture Protected Magensa online security utilizes the MagneSafe Security Architecture which combines dynamic card authentication, website authentication, tokenization and 3DES DUKPT data encryption. The Magensa solution exceeds the FFIEC and PCI- DSS recommendations for strong multi-factor authentication and encryption of cardholder data. Secure Login SCRAs provide consumers with a fast and convenient means to securely log-in to their online bank accounts and other retail accounts. Site Authentication With a blink of its LED the SCRA informs a consumer when they are connected to a trusted Internet website, guards against fraud and keeps consumers identities intact while sending the standard transaction data along for processing across the payment rail. Enhance User Experience Magensa services simplify and speed data entry for ecommerce and online banking transactions. The Magensa solution turns any Internet connected PC into a virtual POS system with real-time authentication, and a unique authentication operation per swipe. Simplified checkout and automatic data population delivers faster checkout with less cart abandonment, leading to more sales and enhancing the value of the cards consumers already carry in their wallets. Increase consumer confidence, enhance the user experience and maintain security with solutions that go beyond current PCI-DSS compliance. Reduce PCI Scope The use of MagTek SCRAs and the Magensa Payment Protection Gateway, when properly implemented, will dramatically reduce the scope of PCI requirements.* Guard Against Fraud Secure card reader authenticators (SCRAs) protect consumers from the threats of Internet phishing, spyware, and identity theft. Magensa services deliver the real-time forensics that stand up in court. A secure check-out and login experience creates happy returning customers and grows trust. Reduce Chargebacks Reduce the risk of chargeback activity with real-time, forensic details regarding the authenticity of the card and the device. Once a card has been registered, and cards are required to be swiped in SCRAs for online transactions, fraudulent cards will not be accepted, and skimmed data cannot be used. * See complete statement in document

15 Faster Check Out Less Cart Abandonment Better Conversion Enhanced User Experience 15

16 Retail Transaction Security Encryption and secure tokenization of cardholder data has become an important component in the retail environment to provide protection and meet compliance measures such as those issued by the PCI SCC. When strong encryption and secure tokenization are used in conjunction with dynamic card authentication, it provides a solution that can protect cardholder data while at rest or in transit. It further secures payment systems with real-time information to prevent, detect and alert to the presence of fraudulent transactions and rogue devices. The MSA comprehensive approach to transaction security makes stolen cardholder data useless to criminals and ultimately reduces the incentive to steal it. Magensa allows you to implement risk mitigation and fraud prevention at the POS, store controller, merchant host, processor/ gateway, acquirer, brand switch, or issuer, providing greater transaction control and easier integration based on your unique needs. Magensa s real-time forensics prevent fraud, making it substantially easier for law enforcement to track and find fraudsters. Brick and mortar POS Exceeds current PCI requirements Combats thievery of unencrypted data Uses triple DES encryption Provides an open solution Encrypted contactless Exceeds PCI DSS requirements for securing cardholder data Guards against RFID skimming Makes stolen card data useless to thieves Gas pumps and unattended kiosks Deters card skimming, rogue devices and fraudulent cards Provides card authentication Stops fraudulent transactions in real-time Card present Internet payment Delivers secure online transactions Authenticates device/host Guards against phishing and other forms of cyber attacks Secures data with strong encryption Legacy POS terminal Provides a fast track to PCI compliance Simplifies the upgrade process Extends the value of current terminals Mobile POS Provides a pocket sized reader for on-the-go mobile merchants desiring PCI DSS secure card present transactions Securely upload the encrypted transactions at a later time for payment processing Private label and gift card issuance Delivers personalized cards that earn top of wallet Captures dynamic digital identifiers for card authentication Secures operations with remote activate/deactivate feature Remote key injection Provides secure remote key management Authenticates devices Minimizes risks Enhances operations Saves time and resources Remote device configuration Eases deployment and device management Authenticates devices Minimizes risks Enhances operations Virtual terminal (PC POS) Transforms any browser into a secure POS application Adds dynamic data to each transaction Makes cardholder data useless to criminals Wireless POS Communicates with a PC or mobile phone using a secured wireless USB interface or Bluetooth interface Provides secure, card present data for pay-at-the-table and mobile users 16

17 Exceed PCI DSS Reduce PCI Scope Use Dynamic Data Reduce Chargebacks 17

18 Financial Security Create a finance environment that enhances brand reputation and depositors experience. Leveraging the power of the MagneSafe Security Architecture, you can exceed current FFIEC recommendations for two-factor authentication and secure the in-branch and remote electronic banking environments with cost effective solutions that leverage cards already in circulation. Banks, credit unions, trading sites, small business services, money transfer services and foreign exchanges can use one solution to secure their data and deliver card authentication with dynamic digital identification for the ultimate counter-measure to prevent cardholder data breaches and ultimately stop the trafficking of stolen cardholder data. Magensa allows you to implement risk mitigation and fraud prevention in ATMs, online, mobile, remote deposit capture and in-branch services including teller windows, card personalization and card issuance, providing greater transaction control and easier integration based on your unique needs. Magensa s realtime forensics prevent fraud, making it substantially easier for law enforcement to track and find fraudsters. ATMs Prevents fraudulent ATM transactions involving cloned cards Stops the payout of cash in real-time Card personalization and issuance Delivers personalized cards that earn top of wallet Captures dynamic digital identifiers for card authentication Secures operations with remote activate/deactivate feature Internet banking Creates a more secure online experience with strong twofactor authentication per the FFIEC directive Guards against many forms of cyber attacks and malware Reinforces the financial institutions brand Mobile banking Communicates with a PC or mobile phone using a secured wireless or Bluetooth interface Provides secure, authentic card present data for strong twofactor authentication security MarketPlace Services Authenticates mobile devices and PCs Utilizes two-factor authentication for secure login Remote deposit capture Meets the FFIEC guidance for strong two-factor authentication Uses the branded cards already issued by financial institutions as secure tokens for Internet-based deposits Remote device configuration Eases deployment and device management Authenticates devices Minimizes risks Enhances operations Remote key injection Provides secure remote key management Authenticates devices Minimizes risks Enhances operations Saves time and resources Teller window Know your customer Provides strong two-factor authentication using existing cards Speeds teller transactions Reinforces your branded card as a secure token 18

19 Reinforce Brand Secure Mobile Access Reduce Fraud FFIEC Recommendations 19

20 Enterprise Identity Security Using The MagneSafe Security Architecture you can protect data from the point of swipe, authenticate the card and secure the data at all points in the transaction. The MSA delivers secure solutions for access management and identification requirements with real-time, strong authentication, and authentic card present transactions for a versatile security solution. This speeds log-in and access control transactions for secure enterprise and eliminates security concerns related to counterfeit and altered card credentials. Magensa provides a shared, accessible fraud information database that manages cards, users, tokens, keys, hosts and devices. Magensa allows you to implement risk mitigation and fraud prevention for IT content and delivery management, facilities access control, forms management, intellectual property management, new hire ID verification, user identities and remote user and employee access, providing greater transaction control and easier integration based on your unique needs. Magensa s real-time authentication makes it substantially easier for IT departments to manage their users and resources. Content management & delivery Secures your content and information with an easy to use access control system. Delivers the best in security with simple deployment and a format users already know. Provides strong multifactor authentication for secure single sign-on applications. Facilities access control Ensures that access is securely managed and easy to track while providing employees/card holders with a portable and secure log-in device wherever they go. Keeps out fraudulent ID handlers and tracks users in real-time. Provides secure, strong multifactor authentication for access for secure enterprise. Forms management Delivers secure logon for forms management and single signon applications. Extends the value of cards already in circulation and limits your expenses. Intellectual property protection & management Secures access control by authenticating the credentials used to access the information and the devices themselves. New hire ID Validates your employee s identification with multifactor authentication. Secures their details with instant encryption. Simplifies the integration of data decryption and token authentication services. QwicKey enterprise Extends the value of our consumer based password manager and online form fill manager. Utilizes fast and secure single sign-on, Windows login, online access, building/physical access, remote administrative management, secure document access and ID management in an easy to use, portable and simple deployment format. User identity management Provides solutions that allow you to directly and remotely manage all of your users. Add, remove, edit and secure cards and devices as necessary. Speeds log-in and access control transactions and provide host/website authentication to enhance confidence. 20

21 Government Security The MagneSafe Security Architecture delivers secure solutions for access management and identification requirements with real-time, strong authentication, and authentic card present transactions for a versatile security solution. Using the MSA you can protect data from the point of swipe, authenticate the card and secure the data at all points in the transaction. This speeds login and access control transactions for secure enterprise and eliminates security concerns related to counterfeit and altered card credentials. Magensa allows you to implement risk mitigation and fraud prevention for ATF, DMV, elections, legislative regulations, social security, TSA and remote employee/user access, providing greater transaction control and easier integration based on your unique needs. Magensa provides a shared, accessible fraud information database that manages cards, users, tokens, keys, hosts and devices. Magensa s real-time forensics prevent fraud and combat new criminal innovations. Alcohol, tobacco and firearm purchases Provides an easy to use method to guard against false IDs. Extends value, security, and versatility to the card tokens they already carry. Department of motor vehicles Leverages licenses in many states already using magnetic stripes. Provides authentication and eliminates fraudulent identification. Election Makes certain your electoral pool is valid by utilizing magnetic stripe cards for verification. Assures fraudulent cards or other forms of ID cannot be used. Legislative regulations Meets new regulations to know your customer. Protects you and your investments by showing proof of identification and card present transactions. Simplifies compliance with services that meet or exceed current FFIEC, PCI DSS, and Sarbanes Oxley regulations. Logical access control Provides secure, strong multifactor authentication for logical access. Physical access control Ensures that access is securely managed and easy to track. Keeps out fraudulent ID handlers and tracks users in real-time. Provides secure, strong multifactor authentication for secure access. Social security Reduces time and resources from fraudulent claims and identify theft. Transportation security administration Provides security for flights with the best in watch list screening and inspection of valid credentials. Authenticates information for real-time forensics and flag fraudulent cards. 21

22 Consumer Applications Magensa supports the following cloud applications providing secure solutions directly to the consumer allowing them to create a Mobile Wallet using Qwick Codes and Password Manager and Auto Form filler with QwicKey. Qwick Codes Mobile Wallet QwicKey Online Password Manager The Qwick Codes Mobile Wallet allows you to use your smartphone to create dynamic, onetime use, account numbers (tokens) that replace your ATM, credit and debit card information. Instead of handing over your plastic cards, you can scan* or type Qwick Codes from your smartphone at ATMs, ecommerce sites and for in-person transactions. This dynamic information is used to enable mobile payment convenience without sacrificing security and reducing the risk of your card data being captured or cloned. You can securely link your ATM, credit or debit cards to Qwick Codes by launching the application and swiping your cards using the connected SCRA. You choose the cards to link, you create and manage the Qwick Codes, and you control your card data. Simply type or optionally scan* Qwick Codes into the POS system making checkout even faster. Merchants can process your Qwick Codes just like regular ATM, credit and debit cards without access to your real card data. *A standard barcode scanner can be used by the merchant to automate the capture of Qwick Codes. QwicKey is a convenient online password manager and automatic form filler that makes online browsing, shopping and banking easier, faster and safer. QwicKey logs in easily with a Master Password you create and a single swipe of a standard magnetic stripe card. With one-click of your mouse, QwicKey automatically directs your browser to any URL and logs you in to any account. QwicKey has unlimited, remote memory that allows you to add as many log ins and favorites as you like. All you need to do is add it to your QwicK Vault once, and QwicKey will remember your information on an encrypted remote server. This allows you and only you, to access your information from any computer, anywhere. QwicKey also completes repetitive forms and works as a fast and secure home checkout using its secure card reader authenticator (SCRA). The SCRA gives you the ability to swipe your card information in, instead of typing, saving countless time at online checkouts and guarding against malicious keystroke logging attempts and prevents typographical errors. Made for ipod and Made for iphone and Made for ipad mean that an electronic accessory has been designed to connect specifically to ipod or iphone or ipad respectively, and has been certified by the developer to meet Apple performance standards. Apple is not responsible for the operation of this device or its compliance with safety and regulatory standards. iphone, ipod touch and ipad are trademarks of Apple Inc., registered in the U.S. and other countries. iphone, ipod and ipad are not included. Made for ios Products 3.2 or greater ipad 3 ipad 2 ipad iphone 4S iphone 4 iphone 3GS iphone 3G ipod touch 2nd, 3rd, and 4th generation 22

23 Mobile POS Applications QwickPAY is a complete mobile payment solution that uses the most reliable and safest secure card reader authenticators (SCRAs). SCRAs connect to a wide variety of devices including smart phones and tablets via the headphone jack or Bluetooth technology; USB interface for connection with Windows or Mac PCs; and 30-pin or Lightning connection for most iphone, ipod and ipad devices. SCRAs use the MagneSafe Security Architecture to protect cardholder data through instant dynamic encryption, tokenization and authentication. With the QwickPAY App, a merchant account, and SCRA, merchants can easily accept Visa, MasterCard, Amex, Discover and QwickCode payments from almost anywhere. QwickPAY delivers a broad range of compatibility, allowing your browser-based, ios, and Android devices to evolve into a highly secure payment system. QwickPAY provides a payment processing platform, an account management system, a virtual terminal, reporting, encryption, card and device authentication, counterfeit card detection and card tokenization brought to you by MagTek, an industry leader in credit card and POS peripherals. SCRAs are more than just readers THE SAFEST WAY SCRAs are reliable, bi-directional readers that read various card formats (e.g. ANSI, ISO, AAMVA) and provide a smooth swipe path. The SCRAs use the MagneSafe Security Architecture to deliver instant encryption so your customers sensitive card details never enter your phone and are sent securely over SSL connections for decryption, authentication and processing. This lowers the scope and cost of PCI audits, saving you more time and money. SCRAs encrypt the card data within the read head and are the ONLY readers that can perform real-time counterfeit card detection. Made for ipod and Made for iphone and Made for ipad mean that an electronic accessory has been designed to connect specifically to ipod or iphone or ipad respectively, and has been certified by the developer to meet Apple performance standards. Apple is not responsible for the operation of this device or its compliance with safety and regulatory standards. iphone, ipod touch and ipad are trademarks of Apple Inc., registered in the U.S. and other countries. COMPATIBILITY AND VERSATILITY ios idynamo and idynamo 5 have stabilizing adapters, making one reader that can attach to a variety of devices easily. Made For ipad Air* ipad with Retina Display* ipad mini with Retina Display* ipad mini* ipad (3rd generation) ipad 2 ipad iphone 5c* iphone 5s* iphone 5* iphone 4s iphone 4 iphone 3GS ipod touch (3rd, 4th and 5th* generation) idynamo 30-pin connection *idynamo 5 Lightning connection ios 4.3 or greater devices ANDROID QwickPAY for Android, combined with MagTek s BulleT or udynamo secure card reader authenticator, allows users to transform their Android device into a highly secure POS payment terminal. Android OS or greater BROWSER-BASED QwickPAY s browser-based virtual terminal allows you to manage your account and still take card-present and card-not-present payment transactions. See the User Guide for a complete listing of operating systems, browser revisions and device compatibility. iphone, ipod and ipad are not included. 23

24 About Magensa Magensa is a fraud prevention, detection and advisory service. It maintains a globally accessible registry of authentication information so that consumers, financial institutions, retailers, businesses and governments can assess the validity and trustworthiness of the credentials and products they rely upon in the course of online identification, payment, and other important transactions. Additionally, Magensa provides token management and cryptographic services, vital to the protection of cardholder data, the payment system, and personal or sensitive information. Magensa is a subsidiary of MagTek, Inc. Magensa, LLC 1710 Apollo Court, Seal Beach, CA p 877-MAGENSA info@magensa.net 24 Copyright 2014 Magensa, LLC. All rights reserved. PN rev /14