Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by



Similar documents
A Compliance Overview for the Payment Card Industry (PCI)

PCI Compliance Overview

Credit Card Processing, Point of Sale, ecommerce

EMV and Small Merchants:

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

Payment Card Industry Data Security Standard (PCI DSS)

What a Processor Needs from a University to Validate Compliance

Enterprise Payments for

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Don Roeber Vice President, PCI Compliance Manager. Lisa Tedeschi Assistant Vice President, Compliance Officer

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Preparing for EMV chip card acceptance

Frequently Asked Questions

Secure Payments Solution

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

NCR CONNECTED PAYMENTS The vision for payment acceptance in restaurants

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Revenue Security and Efficiency

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Introductions 1 min 4

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

E2EE and PCI Compliancy. Martin Holloway VSP Sales Director VeriFone NEMEA

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

Data Security Basics for Small Merchants

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

NCR Secure Pay FAQ Updated June 12, 2014

EMV in Hotels Observations and Considerations

1/18/10. Walt Conway. PCI DSS in Context. Some History The Digital Dozen Key Players Cardholder Data Outsourcing Conclusions. PCI in Higher Education

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

EMV mobile Point of Sale (mpos) Initial Considerations

PCI DSS. CollectorSolutions, Incorporated

NCR CONNECTED PAYMENTS

Adyen PCI DSS 3.0 Compliance Guide

HOW SECURE IS YOUR PAYMENT CARD DATA?

Payment Card Industry (PCI) Data Security Standard

Understand the Business Impact of EMV Chip Cards

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

PCI P2PE 2.0. What Does it Mean for Merchants and Processors? September 10, 2015

A PCI Journey with Wichita State University

What is EMV? What is different?

GRINNELL COLLEGE CREDIT CARD PROCESSING AND SECURITY POLICY

PCI PA-DSS Requirements. For hardware vendors

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

PCI Security Standards Council

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

OpenEdge Research & Development Group April 2015

Payment Card Industry Compliance

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

Payment Card Industry Data Security Standard

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

Meet The Family. Payment Security Standards

Beginner s Guide to Point of Sale

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

PCI and EMV Compliance Checkup

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

PCI DSS Compliance Services January 2016

CREDIT CARD PROCESSING POLICY AND PROCEDURES

Credit Card Processing Overview

Apple Pay. Frequently Asked Questions UK Launch

Mobile Payment Solutions: Best Practices and Guidelines

Visa Inc. PIN Entry Device Requirements

Payment Card Industry Compliance Overview

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Information about this New Guide

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Secure Payments Framework Workgroup

Information Technology

White Paper Solutions For Hospitality

The Relationship Between PCI, Encryption and Tokenization: What you need to know

MITIGATING LARGE MERCHANT DATA BREACHES

CardControl. Credit Card Processing 101. Overview. Contents

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

The Petroleum Marketer s PCI compliance Reference Guide

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Transcription:

Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by Universal Transaction one or Gateway more of (UTG ), the 4Go, following and i4go U.S. are covered Pat. by Nos.: one or more 7770789, of the following 7841523, U.S. Pat. Nos.: 7891563 7770789, 7841523, 7891563

Introductions: About Shift4 Corporation World s Largest Independent, Card-Present Gateway Initiated first gateway connection (to Envoy) 40,000+ customers, 100,000+ merchant locations More than 750 million transactions annually (over 50 billion dollars) Bank- and processor-independent gateway; direct to American Express Fully redundant data centers, connectivity, and networks 24/7 automated software, hardware, connectivity, and power grid monitoring Connections to 99% of merchant banks in North America and the Caribbean Real-time online reporting with pre-settlement auditing capability First payment gateway certified with PCI Data Security Standards (PCI DSS) Member #1 tied to PCI Council

Credit Card Industry Credit Card 101 Banks, Processors (Acquirers), MSP s ISO s Unregulated, profiteering business structure (make money when merchant makes mistakes or follows rules) Hidden, fluctuating and penalty fees Realities of Auto-settle Fee Changes every April and October PIN Debit and Bin Management

Credit Card Industry PCI DSS (Payment Card Industry Data Security Standard) 911 and Homeland Security CISP/ DSOP/ SDP/ DISC PAPB to PA DSS www.pcisecuritystandards.org www.visa.com/cisp

University at Buffalo Campus Dining & Shops Concerns Campus Concerns Security Breach Bank Fees Loss of Meal Plan and SVC Sales

University at Buffalo Campus Dining & Shops Environment 45 Micros Workstations targeted for Credit Card acceptance Additional 7 Micros for vendors 24 locations 2 additional remote locations in Spring 2012 Complex Campus LAN

University at Buffalo Campus Dining & Shops Challenges Older Servers Non-encrypted Micros version Older ws4 Micros terminals Reports from campuses of up to six second delays Public, non-secured Micros and ports Hundreds of employees to train

University at Buffalo Campus Dining & Shops Our Process Hired Trustwave for Gap Analysis Maintained support hours Purchased online PCI tools Resulted in a greater understanding of PCI Upgraded to encrypted Micros version Purchased a robust server Upgraded printers to IDN (made the terminals wicked fast ) Replaced all Micros workstations to WS5

University at Buffalo Campus Dining & Shops Our Process cont. Training Programs University created mandatory online PCI course and assessment. Custom How-to online class and assessment Required that all cashiers, managers and staff pass both prior to working. Physical Security Locking wall plates Locking Ethernet Cables

University at Buffalo Campus Dining & Shops Our Process - cont. Private VLAN Contracted with Shift4 Cost Easy Integration No noticeable delays Low incidence of problems Over $180,000 in upgrades, contracts and fees Per transaction costs above credit card fees

PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply. PCI DSS Preface

Payment Workflow

Review of Solution: Shift4 Secure Suite TrueTokenization Technology and terminology invented by Shift4 in 2004; first-to-market in 2005 Eliminates long-term storage of data They can t steal what you don t have. Replaces cardholder data (CHD) with a randomly generated, unique, alphanumeric value, called a TrueToken Token is transactional; token does not equal card # Tokens are managed by Shift4 not processor Have processed over 4 billion tokenized transactions

Review of Solution: Shift4 Secure Suite 4Go for Micros (Micros 3700, 9700) No CHD is stored in the POS application Supports format preserving token only PA-DSS-validated application that intercepts CHD before it enters the POS Previously validated PABP 4Go is patented technology (U.S. Pat. Nos: 7770789, 7841523, 7891563) Secure Offline Stand-In (SOS) Supported on WS 4 s, 5 s, KW270 s Micros and Tokenization Simphony 1.6 Simphony 2.5

Payment Workflow

Encrypted data may be deemed out of scope if, and only if, it has been validated that the entity that possesses encrypted cardholder data does not have the means to decrypt it. - FAQ Article 10359, PCI DSS

Credit Card Industry P2PE SRED (Secure Reading and Exchange of Data) Compliant Devices HSM (Hardware Security Manager) vs. software based Certifications (2 of 3 released by PCI) Key management (gateway or processor) Debit/ Signature Capture Device IP Communication to UTG Device is controlled by Shift4 s UTG Ingenico Tellium Line (being finalized)

Standard Process Flow with Third-Party Device

Credit Card Industry EMV (EuroPay Mastercard Visa) Visa TIP (Technology Innovation Program): www.visa.com/cisp Chip and Signature (Visa) Contactless (E.g.NFC such as Google Wallet, ISIS) Deadlines October 1, 2012 - Device Manufacturers April 1, 2013 -Processors October 2015 Merchants Ramifications of not supporting the party that is the cause of a chip-on-chip transaction not occurring (i.e., either the issuer or the merchant s acquirer) will be financially liable for any resulting card-present counterfeit fraud losses. What does this mean to you? Benefits of PIN debit (ROI) Bin Management

What s on Your Mind?

Daniel Montellano Director of Strategic Business Development dmontellano@shift4.com Keith Curtachio Director of IT- University of Buffalo knc@buffalo.edu Thank You! Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by one or more of the following U.S. Pat. Nos.: 7770789, 7841523, 7891563