END-OF-LIFE LIST FOR NON-COMPLIANT PIN-ENTRY DEVICE (PED) AND VULNERABLE DEVICES



Similar documents
Service compatibility and Help issues for Application Entry

The Petroleum Marketer s PCI compliance Reference Guide

Terminal End of Life Notes

PCI Compliance Workshop. NACS PEI October 21, :45 a.m. 11:45 a.m.

End to End Encryption, Tokenization & EMV in the U.S. Vendor Analysis of Emerging Technologies and Best Hybrid Solutions

How To Program A Credit Card Terminal To Be A Pca Compliant (Cpo) Or Not (Pca) Compliant (Dns) (Cisp) (Dhs) (Pci) (Susu) (Usu/

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

Addendum #2. Procurement and Contracting Services. Request for Proposals for Credit and Debit Card Services

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Webinar - Skimming and Fraud Protection for Petroleum Merchants. November 14 th 2013

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Defeating Credit Card Fraud What Retailers Need to Know

2.1.2 CARDHOLDER DATA SECURITY

Visa Inc. PIN Entry Device Requirements

Langara College PCI Awareness Training

International Payment Services. Credit & Debit Card Processing

PIN Pad Security Best Practices v2. PIN Pad Security Best Practices

WE ENABLE OUR CUSTOMERS TO MAKE THE SALE

PRODUCTS & SERVICES FOR BANKS

Visa MasterCard Registration Procedures

Failure to follow the following procedures may subject the state to significant losses, including:

PCI Compliance 101: Payment Card. Your Presenter: 7/19/2011. Data Security Standards Compliance. Wednesday, July 20, :00 pm 3:00 pm EDT

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Accept Credit Cards at Your Business

How To Control Credit Card And Debit Card Payments In Wisconsin

Need to be PCI DSS compliant and reduce the risk of fraud?

Technical Team. FLY ON. Casio $79 Annual Warranty

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Introduction to PCI DSS Compliance. May 18, :15 p.m. 2:15 p.m.

POS NEWS UPDATE 2011

What is EMV? What is different?

Integrated Point-of-Sale Systems

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Visa PIN Security Program Webinar May Alan Low PIN Risk Representative AP and CEMEA. Visa Public

Sales Rep Frequently Asked Questions

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

PAYMENT EXPRESS EFTPOS GETTING STARTED GUIDE. Version 0.1

A Compliance Overview for the Payment Card Industry (PCI)

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Payment Processing Equipment Terminal Solutions

MERCHANT NEWS. This Edition of Merchant News NOW INCLUDING RETAIL SPECIFIC NEWS. Our Name is Changing. Fraud Prevention. Card Scheme Compliance

How To Become A Pca Compliant Organization

University Policy Accepting Credit Cards to Conduct University Business

Payments simplified. 1

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

Newtek, The Small Business Authority 855-2thesba thesba.com 855-2thesba

Eagle POS Procedure Guide For Epicor Bankcard Processing

Introduction to. May 18, :15 p.m. 2:15 p.m.

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Information Technology

Target Security Breach

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Frequently Asked Questions

FREE TERMINAL PROGRAM AGREEMENT FREE Verifone VX570 Terminal or VX570 w/ CR1000i Check Imager. Imager

PCI DSS Security Awareness Training for University of Tennessee Credit Card Merchants. UT System Administration Information Security Office

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

How To Protect Visa Account Information

PCI DSS Payment Card Industry Data Security Standard. Merchant compliance guidelines for level 4 merchants

Plotting a Course for EMV Compliance

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Project Title slide Project: PCI. Are You At Risk?

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Payment Card Industry Compliance Overview

PCI DSS. CollectorSolutions, Incorporated

Instruction Guide. Creating / Changing / Deleting Terminal Passwords & Clerk ID s. All Terminals. Dec 15,

Credit Card Processing Overview

Payment Gateways: Value and Security

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

A Retailer Guide to Bank Accreditation

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

FAQ s. SaferPayments. Be smart. Be compliant. Be protected. The benefits of compliance SaferPayments Non-compliance fees

CREDIT CARD POLICY DRAFT

PAYMENT CARD INDUSTRY (PCI) SECURITY STANDARDS COUNCIL

EMV in Hotels Observations and Considerations

Understanding Payment Card Industry (PCI) Data Security

Merchant guide to PCI DSS

Payment Card Industry Data Security Standards

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

Providing Total Check Solutions

UCSD Credit Card Processing Policy & Procedure

CardControl. Credit Card Processing 101. Overview. Contents

Cal Poly PCI DSS Compliance Training and Information. Information Security 1

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Payment Painkillers: How to secure customer payment data in a complex world

Dates VISA MasterCard Discover American Express. support EMV. International ATM liability shift 2

P R O G R E S S I V E S O L U T I O N S

PAYWARE MERCHANT MANAGED SERVICE

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Achieving Certified PCI Compliance? Tuesday, May 6, 2008

. Merchant Accounts are special bank accounts issued by a merchant. . Merchant Level: This classification is based on transaction volume.

Visa global Compromised Account

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

U.S. House Small Business Committee. On Behalf of the National Grocers Association. October 6, 2015

PAYMENT SECURITY. Best Practices

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Transcription:

END-OF-LIFE LIST F NON-COMPLIANT PIN-ENTRY DEVICE (PED) AND VULNERABLE DEVICES Current Card Association mandates require that all merchant acquirers and acquiring processors begin retirement of PIN pads and terminal devices with internal PIN pads that are not compliant or that are on Visa s known-compromised devices list. In compliance with these mandates, RBS WorldPay will no longer support boarding, rewrites or exchanges of these types of devices. NON-PED COMPLIANT DEVICES: Are typically referred to as non-approved devices Typically only support Single DES DUKPT encryption Were previously subject to the manufacturers tamper prevention and detection standards. Before 2004, only minimal standards governed the manufacture of PEDs - and primarily, all that was required was protection of the master keys, key encryption schemes and proper software operation of the device. Validation of software requirements as well as tamper prevention and detection were left to the individual manufacturer. KNOWN-COMPROMISED DEVICES: Are a subset of non-compliant devices Appear on Visa s known-compromised list Pose an elevated risk of breach of cardholder information Can subject merchants to a risk of f nes up to $500,000 per incident from Visa, MasterCard, or other Card Associations if cardholder information is compromised in any way 1

Current Card Association regulations require that non-compliant PED devices be removed from service by July 1, 2010. Merchants who continue to use this equipment past the July 1st deadline will be subject to fines from the Card Associations. WorldPay is urging retailers to consider replacing these devices quickly to avoid the risk of being non-compliant. Our goal is to notify our merchants well ahead of the July 2010 mandate regarding PED-compliant replacements and upgrades. For your convenience, a list of both known-compromised and non-ped-compliant devices and their suggested replacements are included below. We ve also included a section on how your merchants can determine if their 1000SE or SC 5000 PIN pads are compliant. KNOWN-COMPROMISED Hypercom S8 PIN Pad Hypercom S9 PCI-PED VeriFone Everest PIN Pad VeriFone Mx830 or Mx850 (If Everest is connected to a POS system)* VeriFone 1000SE PCI-PED PIN Pad (If Everest is connected to a POS terminal) No VeriFone PIN Pad 101 VeriFone 1000SE PCI-PED PIN Pad No VeriFone PIN Pad 201 VeriFone SC 5000 PCI-PED PIN Pad No VeriFone PIN Pad 2000 VeriFone SC 5000 PCI-PED PIN Pad No 2

Hypercom ICE 5500 Terminal Ingenico en-crypt 100 PIN Pad VeriFone PP1000SE PCI-PED If terminal replacement is needed: IVI Sentinel PIN Pad VeriFone 1000SE PCI-PED PIN Pad If terminal replacement is needed: Lipman Nurit 2085/2085+ Terminal These terminals are allowed for credit rewrites, but the merchant must have a VeriFone 1000SE if he or she processes debit transactions. Lipman Nurit 3000 Terminal 3

Lipman Nurit 3010 Terminal (dial only) NCR 5945 PIN Pad* VeriFone Mx830 or Mx850 No NCR 5991 PIN Pad* VeriFone Mx830 or Mx850 No NCR 5992 PIN Pad* VeriFone Mx830 or Mx850 No Thales T-Pad PIN Pad Thales Talento T-IPP Terminal Thales Talento T-IPPS Terminal VeriFone Omni 470 VeriFone Omni 490* VeriFone Mx830 or Mx850 No VeriFone Omni 3210 VeriFone Pin Pad 1000 VeriFone 1000SE PCI-PED PIN Pad No 4

VeriFone PIN Pad 1000 SE (160 Firmware) See notes below the table on how to determine if this PIN pad is compliant. VeriFone SC 5000 PIN Pad NOTE: We can sell and support the PCI-PED version of the SC 5000 PIN pad, which is also known as the M5 model (the part numbers start with M108-43Y). Only the Pulsar (non-ped) and Stardust (Visa-PED) models are being discontinued. VeriFone 1000SE PCI-PED PIN Pad No VeriFone SC 5000 PCI-PED PIN Pad No See notes below the table on how to locate the SC 5000 PIN pad part numbers. HOW TO DETERMINE IF THE VERIFONE 1000SE PIN PAD IS PCI-PED COMPLIANT: 1. Check the part number: The part number for the 1000SE PIN pad (PCI-PED) is P003-180-02-US. This is compliant. The part number for the 1000SE PIN pad (Visa-PED) is P003-170-02. This is compliant. The part number for the 1000SE PIN pad (Non-PED) is P003-160-02. Check the firmware. 2. If the part number is P003-160-02, check the firmware: The non-ped f rmware could have been upgraded to the Visa-PED f rmware at some point. To determine the current f rmware, power-up the PIN pad. If PP1000 TDES 4E300VV MM/YY is displayed, the PIN pad is loaded with the non-ped f rmware. This means your PIN pad is not compliant. If PP1000SE TDES PED CERTIFIED 4E300VV MM/YY is displayed, the PIN pad is loaded with the Visa-PED f rmware. The VV = Firmware Version. The MM/YY = Month and Year of Firmware. This means your PIN pad is compliant. HOW TO DETERMINE IF THE VERIFONE SC 5000 PIN PAD IS PCI-PED COMPLIANT: Turn the terminal over and look for the VeriFone sticker. The sticker will contain a f eld that begins with P/N. The characters that follow the P/N are the part numbers: The part number for the M5 model will begin with M108-43Y. This is compliant. The part number for the Pulsar (non-compliant) model begins with M108-0xx through 4xx. Replace. The part number for the Stardust (Visa-PED) begins with M108-43k. Replace. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information