Secure Payments Solution

Transcription

1 PAR Springer-Miller Systems Secure Payments Solution Solution Overview PAR Springer-Miller Systems has partnered with industry leaders Shift4 and Global Payments to introduce a unique end-to-end payment solution that encrypts all data at the point of entry so that sensitive information is never exposed to your PMS or POS environment. This solution delivers security through obscurity and serves to protect your organization from data breach all while safe-guarding your guest s financial identity. PSMS and our partners believe this product / service offering represents the most secure processing environment available to the hospitality industry today. Shift4 and PSMS have worked together for many years to deliver integrated payment processing to our mutual clients. They are a pioneer in the payment gateway space and their solutions consistently deliver compelling features that drive security, cost savings and reliability. In 2005 Shift4 unveiled the concept of tokenization which has fundamentally changed the approach to cardholder data (CHD) protection. Other features such as 4Go, 4Res and P2PE have since followed adding to their stable of security-based solutions. Global Payments Inc is a Fortune 1000 company and leading provider of payment processing services. They process in over one million locations worldwide across a broad spectrum of Merchant types. Their diversified client base includes retailers, restaurateurs, hoteliers, health care providers and more. Global Payments Inc processed $350B in 2012 in over 30 countries worldwide. Business Benefits Lessened financial liability for merchants Lowered PCI-related compliance costs as CHD is no longer stored or transmitted in a readable state Simplified PCI compliance through Card Data Environment (CDE) scope reduction. When implemented properly, Secure Payments Solution removes the entire PSMS application environment from scope as there is no exposure to CHD Peace of mind that your guest s data is protected from point-of-entry straight through to your acquiring bank Assurance that your payments are handled securely, efficiently and by world-class providers that collectively drive billions of financial transactions through our systems per year Security Features Secure Payments Solution drives improved data security within the PSMS application framework by: Securing CHD data entry via Point-to-Point Encryption (P2PE) technologies Utilizing Shift4 s TrueTokenization functionality and eliminating CHD storage within the PSMS application environment Cleansing inbound web-service submissions via Shift4 s 4Res Service, includes data received from CRS Providers, Web Booking Engines, Mobile and Kiosk solutions Using only PCI PTS certified card entry devices for each application workstation and mobile products Supporting Canadian EMV (Chip & PIN) and readying clients for US EMV Validating the interface through a comprehensive PSMS and Shift4 certification process Confirming through a PA-QSA assessment that all PCI and PA-DSS compliancy standards are met and/or exceeded

2 PAR Springer-Miller Systems Secure Payments Solution Fig 1. Flow of cardholder data through PAR Springer-Miller s Secure Payment Solution. Functional Features Real-time automation of authorization and settlement requests Void and Reverse Authorization (when applicable) support Support for multiple industry types lodging, MOTO, Retail, F&B and ecommerce Transaction composition positioned to drive the lowest possible Interchange rates and fees Systematically secure logging of all transactional data Utilization of Shift4 s It s Your Card gift card program including the following functions: Redemptions Creation (sales) Financial Reloading Balance Inquiries

3 PAR Springer-Miller Systems Secure Payments Solution Software Requirements PSMS Secure Payment s Solution requires the following versions of our software: SMS Host & SMS Retail POS v20.0 and above SMS Diplomat v5.0 and above SMS Touch v8.0 and above SpaSoft v4.0 and above Hardware Requirements PAR Springer-Miller Systems and Shift4 have verified compatibility with the following P2PE card-entry devices: Device SMS Host SMS Retail POS SMS Touch SpaSoft Mobile Ingenico isc250 Ingenico ipp320 IDTech SREDKey IDTech SecureKey M130 IDTech imag Pro II For More Information To learn more about PAR Springer-Miller Systems and our SMS Host Hospitality Management System, please visit our web site at or call To learn more about Ingenico, ID Tech, Shift4 and Global Payments please review the attached documents. PAR Springer-Miller Systems, Inc. World Headquarters 782 Mountain Rd PO Box 1547 Stowe VT USA P F [email protected] Support Office 2485 Village View Drive Henderson NV USA P Springer-Miller International European Headquarters Twickenham, UK P +44(0) Asia Headquarters Kuala Lumpur, Malaysia P +60 (3) PAR Springer-Miller Systems, Inc. SMS Host is the registered trademark of PAR Springer-Miller Systems, Inc. in the United States and foreign countries. All rights reserved.

4 ipp320 isc250 Ingenico Product Offering i P P 32 0 Payment Card Industry (PCI PTS 3.x) compliant device Monochrome display, white backlit 2.7" Supports EMV, Magnetic Stripe, and Contactless payments including Apple Pay USB (Default), RS232, or Ethernet Connectivity 1 Year Manufacturer Warranty i SC 2 50 Payment Card Industry (PCI PTS 4.x) compliant device 4.3 color touch display Supports Signature Capture, EMV, Magnetic Stripe, and Contactless payments including Apple Pay USB (Default), RS232, or Ethernet Connectivity 1 Year Manufacturer Warranty

5 Interested in these products? POSDATA will be the supplier for both the Ingenico isc250 and ipp320. Please use the Sales contacts below to initiate the purchase for your property. Product Ordering Part Number Description isc250 ISC250-USCOS09A Includes payment terminal, configuration, power supply and USB cabling. ipp320 IPP320-USCOS02A Includes payment terminal, configuration, power supply and USB cabling. Points of Contact P o i n t s Sales Inquiries Dick Bloom POSDATA [email protected] of Contact Technical Support Bryan Jackson POSDATA [email protected] Manufacturer Support Kelsey Carlisle Ingenico Inc. [email protected]

6 SecureDataEntrySolutions SREDKey -PCI3.xSREDcertified -SuportsTDESandAESencryptionalgorithms -DUKPTkeymanagement -Readsupto3tracksofinformation -PoweredthroughUSBportnoexternalpowersuplyrequired -Encryptsmanualyenteredcreditcardnumbersand expirationdates -Certifiedkeyinjectionserviceavailable SecureKeyM130 -SuportsTDESandAESencryptionalgorithms -DUKPTkeymanagement -Readsupto3tracksofinformation -PoweredthroughUSBportnoexternalpowersuplyrequired -Encryptsmanualyenteredcreditcardnumbersand expirationdates -Certifiedkeyinjectionserviceavailable

7 AboutIDTECH RegionalSalesManager: KyleJohnson Phone:(714) ext.17 Fax:(714) CorporateHeadquarters: 10721WalkerStret Cypres,California90630 (714) (UnitedStates) TechnicalSuport InternationalTechnologies&SystemsCorporation.IDTECHandVIVOpayisaregisteredtrademarkofInternationalTechnologies&SystemsCorporation. ValuethroughInnovationisthetrademarkofInternationalTechnologies&SystemsCorporation.Alspecificationssubjecttochangewithoutnotice R07/14

8 D O L L A R S O N T H E N E T Card Data Security for All Merchant Environments They can t steal what you don t have While running a hotel, retail shop, or any business, there are always decisions to make and issues to address. Card data security shouldn t be one of them. Let Shift4 s DOLLARS ON THE NET payment gateway reduce your card data environment (CDE) and PCI scope all within one user-friendly payment processing solution that features the latest in security technologies. Shift4 s layered approach to card data security means we worry about securing your card data while you are free to dedicate more time and resources to building your business and taking care of your customers. As an added bonus, we can take everything but your encrypted swipe devices out of scope of your annual PCI assessments. That means PCI no longer applies to your network, POS/PMS, Web servers, back-end systems, etc. Best of all, our industry-leading security technologies are included with DOLLARS ON THE NET at no additional charge.

9 Secure Points of Entry Card data security starts the moment you accept payment data. Whether it comes from your website, is keyed in by your clerk from a phone call, or is swiped into a payment device, Shift4 has methods to secure this data and to prevent it from ever entering your CDE. 4Go is a virtual card data firewall that intercepts cardholder data (CHD) at the Windows driver level (before it reaches a merchant s POS/PMS) and immediately replaces it with secure stand-in data (either false cardholder data or a TrueToken, depending on the merchant s setup). Because no CHD is then stored, processed, or transmitted by the POS, 4Go removes it from the scope of Shift4 4GO FLOW PCI assessments UNSECURED CHD SECURED CHD TRUETOKEN Point-to-Point Encryption (P2PE) adds an additional layer to the security provided by 4Go by encrypting the CHD as it is swiped so that it never even enters the merchant s system in exposed form. This means there is never sensitive data on your system, so there is nothing for hackers to steal. We call that reducing your breach profile. Also, so long as the merchant does not have the ability to decrypt this data onsite, P2PE can remove the whole environment (minus the device itself) from PCI scope. Mobile P2PE, PIN debit P2PE devices, and MSRs are all supported and bring the best blend of security and convenience for you and your customers. i4go is a virtual card data firewall for traditional e-commerce and browser-based applications (kiosk, Software as a Service, etc.). If your business uses an Internet browser-based POS system, such as a kiosk or website, then this is the payment processing solution to use. i4go prevents actual CHD from being inputted or stored in your environment (including your networks and Web servers) similar to what our 4Go technology does for brick and mortar, non-browser-based systems.

10 Secure Processing and Storage Processing CHD, maintaining transaction archives, and securely storing card data can be expensive and complicated to do yourself. Reduce your costs and breach profile with our industry-leading tokenization technology. TrueTokenization is the technology of using a non-decryptable piece of data a TrueToken to represent (by reference) sensitive card data. A TrueToken is a randomized, alphanumeric, 16-character value that does not have a mathematical relationship with the original data. Since it cannot be reversed, a TrueToken is of no value to hackers or thieves. Because you are not processing or storing actual CHD when using tokenization, your card data environment is protected from fraud and loss. As we here at Shift4 like to say, They can t steal what you don t have. Specialty Solutions Hoteliers have a unique card-data environment and require an additional layer of security to protect CHD coming in from third-party reservation and distribution systems. 4Res is a CHD firewall designed to sit between a Central Reservation System (CRS) and a hotel s PMS that allows the CHD in reservation data to be tokenized before it enters the hotel s CDE. For properties using DOLLARS ON THE NET and the full suite of CHD security solutions (including TrueTokenization, P2PE, and 4Go), 4Res is the last yard in the 1,000 mile journey toward complete payment transaction processing security. Thanks to Shift4 s tokenization technology, we are able to assure our hospitality clients that their guests critical credit card information is maintained with absolute maximum security. Wayne Johnson, CEO Execu/Tech Systems, Inc.

11 Sometimes sharing is necessary. We ve found a way for your concierge or other guest-driven service to do that without bringing your no-card-data merchant environment back into scope. 4Word allows a third-party merchant to securely obtain a credit card number from a Shift4 merchant customer using DOLLARS ON THE NET. For example, 4Word would allow a Shift4 merchant hotel to release a guest s card number to an authorized florist or caterer whose services had been requested, without the card number ever entering the hotel s system. 4Word provides the payment flexibility you want with the security you need Layered Security Approach for All Merchant Needs No matter how complex your merchant environment is or what level of card data protection you want, Shift4 has the answer. When you let Shift4 process, transmit, and store CHD, you can focus on your business and your customers, knowing your card payment transactions are in the most secure hands. About Shift4 Shift4 is dedicated to maintaining the trust of more than 24,000 merchants who rely on their DOLLARS ON THE NET payment gateway to process upwards of half a billion credit, debit, and gift card transactions each year. Shift4 s commitment to innovation keeps them at the forefront of emerging technologies including P2PE, mobile, EMV, and tokenization. Shift4 helps businesses secure the lowest possible payment processing rates and protect their brands by securing their customers card data. For more detailed information on how these technologies work, please [email protected] or visit Center Crossing Road, Las Vegas, NV [email protected] Copyright 2014 Shift4 Corporation. All rights reserved. Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by one or more of the following U.S. Pat. Nos.: ; ; ; ; ;

12 PARTNERSHIPS DELIVERING PAYMENTS SECURITY With the availability of Secure Payment Solutions (SPS), a secure payment processing solution for the hospitality industry, hoteliers now have a simplified payment processing option that reduces liability and costs. This payment processing framework is designed to remove cardholder data from the property management system (PMS) and point-of-sale system (POS) and utilizes point-to-point encryption and tokenization to remove cardholder data at the point of entry. Secure Payment Solutions relies on its integration with Global Payments, one of the largest worldwide providers of payment technology services, to enable hoteliers to accept credit and debit card payments easily, resulting in a better customer experience and higher revenues. Secure Payment Solutions Delivers Benefits Uniquely Designed for the Hospitality Business The most secure payment processing technology, point-to-point encryption, to the hospitality industry World class partnership with the most trusted names in payment processing, Shift4 and Global Payments A framework designed to remove cardholder data from all PAR Springer-Miller PMS and POS solutions Technology that may further reduce costs related to PCI Security Standard compliance Learn more about Global Payments and Secure Payment Solutions at or [email protected]. globalpaymentsinc.com SERVICE. DRIVEN. COMMERCE 2014 Global Payments, Inc. ALL RIGHTS RESERVED. All other trademarks, product names, and logos identified or mentioned herein are the property of their respective owners.