Verifone Enhanced Zone Router

Transcription

1 Verifone Enhanced Zone Router July, 2015

2 The Necessity of an Enhanced Zone Router FUNDAMENTAL PART OF PCI-DSS COMPLIANCE, ENSURING CONSISTENT SUPPORT OF VASC, HELPDESK, & SERVICES POS Environment Needs Multiple POS components interface with many in-store customer applications (e.g. Inventory, Analytics, Loss Prevention, etc.) Multiple security zones required to maintain system performance and integrity Routing functions needed to establish network and security controls over instore systems

3 The Necessity of an Enhanced Zone Router FUNDAMENTAL PART OF PCI-DSS COMPLIANCE, ENSURING CONSISTENT SUPPORT OF VASC, HELPDESK, & SERVICES Management of Complex Solution Needs Differing customer security & routing standards creates variability in implementations Enhanced Zone Router establishes consistent method of interfacing with varying environments Enhanced Zone Router also provides consistent method of securely supporting POS systems Enhanced Zone Router provides local logging for required for PCI Compliance

4 The Necessity of an Enhanced Zone Router FUNDAMENTAL PART OF PCI-DSS COMPLIANCE, ENSURING CONSISTENT SUPPORT OF VASC, HELPDESK, & SERVICES Addresses Security & PCI Compliance Needs Properly segments POS systems with customer LAN Defines Verifone s involvement within the CDE Enhanced Zone Router utilizes secure PCI 3.0 Compliant remote helpdesk connections

5 Current POS Zone Router Solution Partitions Verifone Devices From Other In-Store Systems Use of a Cisco ASA Segmentation can reduce scope of devices assessed for PCI-DSS Compliance Requires On-Site VASC Technician to configure Dispatched Upon Every Change Substantial Time Involved Customer Provided Phone Line in Order to Receive Verifone s Remote Support via Dialup connection Customer Must Switch Line to POS Software Updates Performed Through CD s, Often Requiring an On-Site Technician Limits Value Added Functionality Slows Service Response

6 Enhanced Zone Router Solution Reduced Complexity In partnership with Cybera, leveraging security appliance and cloud Limited VASC Configuration Requirements Automatic Configuration Upload & Storage Seamless Configuration Restoration Centrally Enforced Security Policies End-Point Complexity Reduction Helpdesk Remote Access using customer Broadband connection Token Based MFA with Verifone managed RSA server Certificate Based MFA with Cybera Hosted Secure Cloud Unique Credentials Per Helpdesk Technician Supports the enablement of point-to-point encryption (P2PE) within a network

7 Frequently Asked Questions About the New Verifone Enhanced Zone Router Is there a cost difference using the new Enhanced Zone Router? No, while the new platform allows Verifone to perform more value added services, there is no additional cost to what our customers pay today Does the new Enhanced Zone Router limit customers from performing any tasks they could do with the ASA? No. The new zone router uses Cybera s SCA appliance and is purpose built to meet Verifone s needs which mirror the ASA capabilities at a minimum Does the new Enhanced Zone Router enable PCI 3.0 P2PE requirements? Yes. The enhanced VZR meets or exceeds PCI 3.0 compliance enabling P2PE communication Does the new Enhanced Zone Router meet PCI 3.0 Multi-Factor Authentication requirements? Yes. The Verifone EZR provides multi-factor authentication and logging of technician sessions and network connections Since the new Enhanced Zone Router can leverage customer s broadband for remote access, does it interfere with other customer applications or services No. The new zone router will not intrude on customer applications or limit customer vendors from performing tasks they typically need to accomplish