Revenue Security and Efficiency

Similar documents
Enterprise Payments for

We Got Hacked.. But We re Not Worried & Our Credit Cards & Personal Information Are Safe!!!

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

What is Payment Processing?

Optimizing the Payment Process in SAP

Understanding (and Optimizing) Credit Card Fees

Credit Card Processing Overview

CardControl. Credit Card Processing 101. Overview. Contents

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

Payment Card Industry Data Security Standard (PCI DSS)

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

E-Commerce SOLUTIONS. Generate Online Revenue with E-Commerce Solutions.

PCI Compliance in Oracle E-Business Suite

RFP#15-20 EXHIBIT E MERCHANT SERVICES INFORMATION SHEET

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

White Paper Solutions For Hospitality

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Payment Card Industry (PCI) Data Security Standard

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

PayLeap Guide. One Stop

Presented by: Sam Campisi, Business Relationship Manager, OECM Bruce Averill, Account Executive Sales, Chase Paymentech Kevin Brock, National Sales

EMV in Hotels Observations and Considerations

11/24/2014. PCI Compliance: Major Changes in e-quantum/quantum Net

PCI Compliance in Oracle E-Business Suite

Implementing Payments in SAP:

Office of Finance and Treasury

Volume PLANETAUTHORIZE PAYMENT GATEWAY. vtiger CRM Payment Module. User Guide

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Secure Payments Framework Workgroup

How To Comply With The Pci Ds.S.A.S

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

NCR Secure Pay FAQ Updated June 12, 2014

Spotlight on Product & Service: Worldpay - End-to-End Payments Secure Platform at Most Cost-Effective Rates. Accept payments. Anywhere. Anytime.

Becoming PCI Compliant

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Payment Card Industry (PCI) Data Security Standard

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Why Is Compliance with PCI DSS Important?

Josiah Wilkinson Internal Security Assessor. Nationwide

How To Control Credit Card And Debit Card Payments In Wisconsin

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

SecurityMetrics Introduction to PCI Compliance

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Data Security Basics for Small Merchants

So you want to take Credit Cards!

What is EMV? What is different?

Electronic Payments Part 1

Failure to follow the following procedures may subject the state to significant losses, including:

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

Payment Card Industry (PCI) Data Security Standard

The Value of a Payment Gateway. White Paper

XA Card_Connect Secure Credit Card Processing for Infor ERP XA

ACFS PRODUCT FLYER MTFS

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM

Frequently Asked Questions

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

PCI Compliance Overview

Merchant guide to PCI DSS

Payment Card Industry (PCI) Data Security Standard

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by

Payment Card Industry (PCI) Data Security Standard

Credit Card Processing, Point of Sale, ecommerce

Questions and Answers PCI Compliance (Updated May 23, 2014)

Merchant Card Processing Best Practices

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

UCSB Credit Card Processing and PCI Compliance

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

PCI Security Standards Council

North Carolina Office of the State Controller Technology Meeting

10 Steps to Secure & PCI Compliant Credit Card Processing in Oracle Receivables

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

What Merchants Need to Know About EMV

Spokane Airport Board (Spokane International Airport, Airport Business Park, Felts Field) Addendum #1 - Q&A

Payment Card Industry (PCI) Data Security Standard. Attestation of Compliance for Self-Assessment Questionnaire C-VT. Version 2.0

ACQUIRER OR ACQUIRING BANK A financial institution (often a bank) where a merchant has an account to process transactions and card payments

University Policy Accepting Credit Cards to Conduct University Business

UCSB Credit Card Merchant Handbook

Transcription:

Revenue Security and Efficiency Discussion with the Mid-Atlantic Oracle Applications Users Group

CardConnect Solution

Oracle EBS Validated Application

Oracle EBS Validated Application

Securing Payment Card Data PCI P2PE & EMV

Payment Security Standards PCI-DSS 3.0 New procedures for malware, passwords, access and POS device security Required by December 31, 2014 PCI 3.0 graphic here (from Transitions in Payments presentation, slide 4, PCI Compliant image) EMV / Chip-and-PIN Protects card-present transactions Merchant Liability Shift : October 1, 2015 EMV graphic here (from Transitions in Payments presentation, slide 7, Magnetic Stripe vs. Chip image) Is this enough?

Major Security Breaches

The Rise of POS RAM Scraper Malware

Learning From The Past

CardSecure Scope of Work On Going Encryption and Tokenization With CardSecure all sensitive data is encrypted and stored in CardConnect's PCI compliant hosting center. Intelligent tokens are returned to Oracle E-Business Suite. These tokens will pass the data integrity checks performed by Oracle and are in recognizable formats. (9418-1623-9275-1111)

Remove your website from PCI scope CardConnect iframe

Web Tokenizer Use Case Introducing New Card For the first transaction of a given card, business users will enter the credit card information into the CardSecure Web Application and click Register. This requires no software be installed on the workstation. The CardSecure Web Application returns the token directly into the Credit Card Num field of the Oracle Order form.

PANPad Features IDTech SREDKey Used for Card-Not-Present Environments PCI 3.0 Point-to-Point Encryption certified device Key specific to customer and CardConnect PCI-certified software and key injection provider Delivery tracking of all equipment by PCI-certified provider Software on workstation used when a new credit card number is provided, routes transmission of encrypted message to hosted server to retrieve token

PANPAD Devices The CardSecure Desktop Tokenizer, an add-on software product to the CardSecure Token, tokenizes clear payment card numbers before entry to an ERP Further Reduce PCI Scope Point of Interaction devices encrypt card numbers at entry removing the business system from PCI scope Introducing the PANPAD CardConnect s own Point of Interaction Device By partnering with Ingenico and IDTech, the PANPAD removes a business system from PCI scope This substantially reduces the labor and expense required to operate a PCI compliant business

PCI Requirement P2PE Validated Solution PCI Document: Point-to-Point Encryption (P2PE) Frequently Asked Questions for PCI Point-to-Point Encryption (P2PE) August 2012 Q6 Can merchants use P2PE solutions not listed on the Council s website for PCI DSS scope reduction? A. Only Council-listed solutions are recognized as meeting the requirements necessary for merchants to reduce the scope of their cardholder data environment (CDE) through use of a P2PE solution.

PCI Requirement P2PE Validated Application https://www.pcisecuritystandards.org/approved_companies_providers/validated_p2pe_applications.php

Tokenization for Personal Data Protecting Personally Identifiable Information (PII) CardConnect s Patented Tokenization CardSecure is an easy-to-integrate security solution that tokenizes all types of sensitive information at the point of entry. All tokens are randomly generated, making them impossible to decrypt. Omni-Channel Security Integrate CardSecure into devices and applications that capture and transmit sensitive data. All sensitive data is tokenized at the point of entry and kept secure in CardConnect s vault.

Interchange Optimization Save $20,000 a month

Interchange Interchange represents the fees paid to or collected from the card-issuing banks that provide Visa, MasterCard and Discover cards. Visa, MasterCard and Discover each have their own interchange programs. Combined, there are approximately 300 levels of interchange

Defining Interchange Optimization: Interchange Optimization With so many interchange levels, there are ways to ensure a merchant qualifies for the lowest rate possible. Certain transactions can fall into 5 different categories: With 5 different fees Fees are based on information sent to Card Processing Networks If data points are missing interchange can increase more than 1.00%

Level I The Levels of Processing Business to consumer processing this requires the least amount of data Level II B2B processing which includes additional information such as merchant state code, tax ID and customer code Level III Requires the most information including item description, tax rate, invoice number and more. Because it requires the most data, processing rates are lower.

Transaction Level Requirements Data Type Level I Level II Level III Merchant Name Y Y Y Transaction Amount (Total) Y Y Y Date Y Y Y Tax Amount Y Y Customer Code Y Y Merchant Postal Code Y Y Tax Identification Y Y Merchant Minority Code Y Y Merchant State Code Y Y Ship from Postal Code Destination Postal Code Invoice Number Order Number Item Product Code Item Commodity Code Item Description Item Quantity Item Unit of Measure Item Extended Amount Freight Amount Duty Amount Y Y Y Y Y Y Y Y Y Y Y Y

Another Way to Optimize 3-D Secure 3-D Secure Built into the CardConnect Gateway 3-D Secure Protecting card not present (CNP) transactions Merchants using Developed 3-D Secure by Visa, adopted are by Mastercard, Amex, JCB protected from fraud-related chargebacks How 3-D Secure works How to implement 3-D Saves 5-55 bps Secure per transaction Your bank s logo The name of the retailer that you are shopping with The value of the purchase Today s date The last four digits of your card number The personal message that you set when registering

What To Look For The Ideal Solution Security Your customer s sensitive card data should never reside in your system. All encryption and storage should take place outside your ERP. Seamless Integration You want an integration that is accomplished with no modifications to your Oracle e-business Suite. This removes maintenance concerns during patching and upgrading. Interchange Management A vendor should proactively manage your account to ensure your transactions are qualifying for the lowest possible interchange rates. Automated Reporting and Reconciliation Your vendor should be able to help you automate reporting and reconciliation of your ERP data, payment gateway data, payment processor data, and deposit bank data.

Next Steps Alex Chapman CardConnect achapman@cardconnect.com +1 203.952.5715

Point-to-Point Encryption Apply to existing sales channels SAP GUI, istore, integrations POS, Mobile, e-commerce, and more SAP-to-Gateway integration

Protecting Your Sales Channels 2. Point-to-Point Encryption (P2PE) Image for P2PE (maybe slide 6 in Transitions in Payments presentation) Circle icons of 6 payment methods, from slide #13, that P2PE does/does not protect (orange for yes; gray for no): orange for retail, MOTO/B2B, ½ of mobile

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information