Secure Payment Transactions and Consumer Information from Point-of-Sale to the Server

Similar documents
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

Intel Identity Protection Technology (IPT)

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Intel Media SDK Library Distribution and Dispatching Process

Cloud based Holdfast Electronic Sports Game Platform

Intel Solid-State Drive Pro 2500 Series Opal* Compatibility Guide

with PKI Use Case Guide

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Intel SSD 520 Series Specification Update

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

CLOUD SECURITY: Secure Your Infrastructure

How To Reduce Pci Dss Scope

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

Intel Service Assurance Administrator. Product Overview

Intel Desktop Board DP55WB

A Superior Hardware Platform for Server Virtualization

Intel Cyber Security Briefing: Trends, Solutions, and Opportunities. Matthew Rosenquist, Cyber Security Strategist, Intel Corp

Intel Core i5 processor 520E CPU Embedded Application Power Guideline Addendum January 2011

Fast, Low-Overhead Encryption for Apache Hadoop*

Intel Cloud Builders Guide to Cloud Design and Deployment on Intel Platforms

That Point of Sale is a PoS

Securing Endpoints without a Security Expert

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Platforms

Intel Remote Configuration Certificate Utility Frequently Asked Questions

Intel and Qihoo 360 Internet Portal Datacenter - Big Data Storage Optimization Case Study

Intel Network Builders

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Deeper Levels of Security with Intel Identity Protection Technology

Intel Data Direct I/O Technology (Intel DDIO): A Primer >

iscsi Quick-Connect Guide for Red Hat Linux

The Case for Rack Scale Architecture

Beyond the Hype: Advanced Persistent Threats

Intel Desktop Board D945GCPE

Intel Ethernet and Configuring Single Root I/O Virtualization (SR-IOV) on Microsoft* Windows* Server 2012 Hyper-V. Technical Brief v1.

Enhancing McAfee Endpoint Encryption * Software With Intel AES-NI Hardware- Based Acceleration

Intelligent Business Operations

Affordable Building Automation System Enabled by the Internet of Things (IoT)

Specification Update. January 2014

Intel vpro Technology. How To Purchase and Install Go Daddy* Certificates for Intel AMT Remote Setup and Configuration

Intel Solid-State Drive Data Center Tool User Guide Version 1.1

Proven LANDesk Solutions

Intel Desktop Board DG41BI

Intel Desktop Board DG43RK

Intel: a Thought Leader Helping IoT Scale Out

Intel Cloud Builder Guide to Cloud Design and Deployment on Intel Xeon Processor-based Platforms

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

Software Solutions for Multi-Display Setups

IBM Security Intrusion Prevention Solutions

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Intel Desktop Board D945GCPE Specification Update

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, :30 PM

How To Get A Client Side Virtualization Solution For Your Financial Services Business

Intel Desktop Board DG41TY

Intel Desktop Board DG31PR

Intel Identity Protection Technology with PKI (Intel IPT with PKI)

This guide explains how to install an Intel Solid-State Drive (Intel SSD) in a SATA-based desktop or notebook computer.

Endpoint Security More secure. Less complex. Less costs... More control.

Creating Overlay Networks Using Intel Ethernet Converged Network Adapters

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud

Intel Platform Controller Hub EG20T

Intel Data Migration Software

Intel Solid-State Drives Increase Productivity of Product Design and Simulation

IBM Security re-defines enterprise endpoint protection against advanced malware

Intel RAID RS25 Series Performance

Intel HTML5 Development Environment. Tutorial Test & Submit a Microsoft Windows Phone 8* App (BETA)

RAID and Storage Options Available on Intel Server Boards and Systems

Tech Brief Q&A: Implementing Endpoint Security in 9.6 SP 2. Presented by Martin Gannon June 21, 2015

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Intel Desktop Board DQ43AP

Intel Desktop Board D101GGC Specification Update

Simplifying the Scope of the PCI Audit

How to Configure Intel Ethernet Converged Network Adapter-Enabled Virtual Functions on VMware* ESXi* 5.1

Vendor Update Intel 49 th IDC HPC User Forum. Mike Lafferty HPC Marketing Intel Americas Corp.

Internet threats: steps to security for your small business

Citrix and Intel Deliver Client Virtualization

Intel Desktop Board DG41WV

Intel Desktop Board DP43BF

Intel Simple Network Management Protocol (SNMP) Subagent v6.0

Three Paths to Faster Simulations Using ANSYS Mechanical 16.0 and Intel Architecture

Intel 810 and 815 Chipset Family Dynamic Video Memory Technology

Target Security Breach

How High Temperature Data Centers and Intel Technologies Decrease Operating Costs

How To Get A New Computer For Your Business

Host-based Protection for ATM's

Overcoming Security Challenges to Virtualize Internet-facing Applications

Intel Technical Advisory

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Real-Time Big Data Analytics SAP HANA with the Intel Distribution for Apache Hadoop software

NFV Reference Platform in Telefónica: Bringing Lab Experience to Real Deployments

Revision History. Revision Revision History Date

Version Rev. 1.0

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Intel Matrix Storage Console

Intel Desktop Board D945GCL

Advanced Security Methods for efraud and Messaging

Intel X38 Express Chipset Memory Technology and Configuration Guide

How to Configure Intel X520 Ethernet Server Adapter Based Virtual Functions on Citrix* XenServer 6.0*

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Resetting USB drive using Windows Diskpart command

Transcription:

Secure Payment Transactions and Consumer Information from Point-of-Sale to the Server Intel delivers flexible, end-to-end data protection for retail point-of-sale transactions any device, anywhere, anytime. We re discovering between one to nine new pieces of malware every second. And this is basically being written by computers. Peter W. Singer, Brookings Institution Protecting consumer data is a 24/7 task that s critical for retailer success. It s also increasingly challenging to do well; as retail environments evolve, including new point-of-sale (POS) options available to the retailer, opportunities for those with malicious intent continue to rise. Improved credit/debit card authentication methods such as EMV implementation are helping to reduce fraudulent use of counterfeit credit cards. But none of these approaches address the basic issue of protecting the data itself, as evidenced by regular reports of fraud and theft that continue to plague consumers and retailers. Across the transaction industry, malware continues to frustrate commerce by infiltrating networks, exploiting security gaps, and stealing staggering amounts of transaction and personal information. Intel Data Protection Technology for Transactions closes this gap by creating a transaction path that directly routes data from the payment terminal to the bank s servers, encrypting sensitive personal information that bypasses the POS platform, its system memory and the POS operating system. Using a combination of hardware authentication and end-to-end encryption, Intel Data Protection Technology for Transactions is designed to secure both credit/debit and personal data from the moment a transaction is initiated all the way through the storage of the encrypted information on retailer and bank server networks. The Result: Consumer data is well-protected, malware attacks are more likely to be prevented, and retailers are set up with a flexible and future-proof solution that simplifies end-point

End-to-end encryption from card-acceptance at the peripheral through server delivery means plaintext data is never exposed to the POS operating system or to any applications including malware on the computing platform. authentication, reduces security worries, and increases POS choice. Strengthening Security in Open Platforms One of the most significant and persistent vulnerabilities in today s data-transaction environment is at the POS system. Built on open architectures, POS systems tablets, scanners, mobile and fixed payment terminals, and more are where transactional information is often processed and stored in plaintext format. This creates opportunities for successful malware attacks. Transactions tackles the issue of data exposure by separating transaction processing from the POS operating system, both physically and logically. This design has the net effect of securely isolating transactional data from start to finish, essentially rendering it inaccessible by the POS system, its memory, and its operating system. Bolstering Hardware Security with Software Transactions is a software download that is compatible with many retail systems built on today s and tomorrow s Intel processors, including Intel Core processors and the latest Intel Atom processor-based devices. Because it is software-enabled hardware security, Transactions offers retailers advanced levels of data security without the need for new hardware. In addition, Intel Data Protection Technology for Transactions is built on numerous Intel and McAfee technologies that provide trusted execution on the client and secure communications to remote management servers. As illustrated in Figure 1, these create a powerful solution for securing sensitive transactional data, end-to-end. Creating a trusted commerce flow According to a Solutionary report, organizations spend over $3,000 per day for up to 30 days in the aftermath of a malware attack. 2 And according to Michael Bruemmer, Vice President for Experian s Data Breach Resolution Group, recent large retail malware attacks have put hundreds of millions of credit/debit card numbers at risk in the United States alone. 3 CARD READER POINT OF SALE COMMAND CONSOLE Policies POS SOFTWARE PROTECTED APPLET Credit card data BANK Figure 1. Intel Data Protection Technology for Transactions provides unique chipsets and peripherals for retail payment solutions, including those using EMV, NFC, magnetic stripe, and PIN entry capabilities. Intel Data Protection Technology for Transactions also protects sensitive non-payment information. Intel Data Protection Technology for Transactions Retail Sector 2

One Record at a Time. That s how malware steals thousands even millions of consumer records. Malware can be aggressive, going into action immediately. It can also be patient, lying dormant for weeks, months, or years before waking up on a specific date or in response to a specific activity. In either case, transactional data sets are collected one-by-one, often ballooning into incredible multitudes of stolen records, wreaking havoc on commerce and consumer trust. Integration & Activation & 1 2 3 4 5 Deployment Provisioning Equipment installed and connected Applet phones home to server, receives initial provisioning & policies Transactions helps mitigate these risks and their costs. Here are four key ways: End-to-end encryption of transaction information. End-to-end encryption from card-acceptance at the peripheral through server delivery means plaintext data is never exposed to the POS operating system or to any applications including malware on the computing platform. This increased transaction protection closes security gaps that have resulted in the theft of millions of credit/debit card numbers. Central management and updates. Intel Data Protection Technology for Transactions software regularly communicates with a command console to receive proactive configuration changes, credential updates and policy changes, as well as to upload current status and security telemetry data. Trusted Commerce Flow Pairing Transaction Management Peripherals pair with applet if and only if applet provisioning allows it Bank Card transactions are encrypted at the peripheral and policies route them to a bank server Applet phones home periodically for configuration updates & security metrics sharing Strict policy-driven access to transactional information. Intel Data Protection Technology for Transactions permits the controlled use of transaction data in accordance to specific policy. For example, POS processes may dictate that an expiration date is required to print a receipt, or only the birthdate from a given identification card be used to calculate an age (instead of releasing the entire record). By providing the POS with only the minimum information needed to maintain legacy processes (e.g., the last four digits of the credit card and the cardholder s name), Intel Data Protection Technology for Transactions maintains the utility of the POS while blocking memory scraping malware attacks. Whitelisting and authentication of secure devices. Confirming with whitelists provided by the retailer, the technology simplifies the deployment of authentication credentials at the fleet level across all deployed transaction assets. This is an effective protection against attacks whereby store assets are covertly replaced with compromised devices.

KEY CAPABILITIES FEATURE HOW IT WORKS BENEFIT Hardware Isolation Transactions uses a physically and logically isolated execution environment in the compute platform. Peripheral Whitelisting Server Connectivity Software-Enabled Hardware Security Common Ingredients Watchdog Timers Modular Flexibility Peripherals must authenticate and pass a whitelisting check with the POS before becoming part of the secure connection. Secure management channels are utilized to download configuration updates, modify policies, and share status data with the server. Using roots of trust in the Intel platform, the initial activation and provisioning can be securely performed with a remote server. Ingredients will function similarly on POS platforms from multiple vendors. Ingredients of managed assets will disable themselves if they haven t been able to reach a management server after a configured period of time. Transactions supports multiple peripherals and devices communicating with the platform, regardless of how they are connected (e.g., via USB, WiFi, Bluetooth low energy (BLE), etc.). Unintentional plaintext data is never exposed to the host CPU, operating system, or POS applications Data is better protected from memory-scraping malware attacks Peripherals introduced by attackers or from unknown origins cannot participate or process transactions Transactions-based POS devices won t accept data from unknown sources Reduces chances of social-engineering attacks Devices can be managed at the fleet level Can push changes based on changing security threats The technology can be easily activated on previously deployed POS assets, and shouldn t require hardware touches to the POS Investing in Transactions-capable and compatible devices ensures that the same tools can be used to manage the assets over time, regardless of vendor POS assets removed from the store or merchant network will disable their Intel Data Protection Technology for Transactions functionality, reducing the value of an attack Complex data flows can be easily enabled, allowing peripherals to interoperate McAfee Adds a New Layer of Data Protection McAfee Integrity Control blocks unauthorized applications and change on fixed-function POS systems. Combining industry-leading whitelisting with change-control technology, McAfee Integrity Control: Prevents out-of-policy changes while still allowing updates from authorized sources. Boosts control over change policies and effectively secures devices, even in standalone mode without network access. Is centrally-managed and efficient, eliminating the need to manage data in separate systems. Runs transparently and enables the entire POS infrastructure to be monitored without impact. Dynamically manages whitelists and supports multiple configurations for different business needs and devices. Is flexible, affordable, and secure. Intel Data Protection Technology for Transactions Retail Sector 4

Simply Secure and Complementary Keeping consumer data secure is absolutely critical for retailers; the consequences of not providing modern payment tools or neglecting sources of potential security breaches are too great to ignore. Transactions is a powerful new addition to retail s defenses against malicious attacks. Built to work with available transactionprocessing technologies including EMV, magnetic stripe, and near-field communication (NFC), Intel Data Protection Technology for Transactions complements protections retailers already have in place while simultaneously fortifying the entire transaction-security system. With Transactions, retailers are better able to meet consumer requirements for transaction security, and also meet their own requirements for POS manageability and adaptability that today s business demands. For more information, visit intel.com/transactiondataprotection or contact your Intel representative. 1. Demystifying Point-of-Sale Malware Attacks, Symanec Security Response Blog, Feb 2014 (http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks) 2 2013 SERT Global Threat Intelligence Report, Solutionary, https://go.solutionary.com/gtir.html 3 43% of companies had a data breach in the past year, USA Today Tech, Sept 24, 2014 (http://www.usatoday.com/videos/tech/2014/09/24/16123023/) No computer system can provide absolute security. Requires an enabled Intel processor and software optimized for use of the technology. Consult your system manufacturer and/or software vendor for more information. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked reserved or undefined. Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or byvisiting Intel s Web site at www.intel.com. Copyright 2014 Intel Corporation. All rights reserved. Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Printed in USA 1014/MB/ICMCRC/PDF Please Recycle 331357-001US

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information