Enterprise Payments for



Similar documents
Revenue Security and Efficiency

Transitions in Payments: PCI Compliance, EMV & True Transactions Security

Optimizing the Payment Process in SAP

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

What is Payment Processing?

Credit Card Processing, Point of Sale, ecommerce

PCI Deadline Are you Complying? Mark Cuneo. CardConnect

OVERCOMING DATA SECURITY CHALLENGES IN RETAIL PETROLEUM

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

PCI Compliance Overview

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Universal Transaction Gateway (UTG ), 4Go, and i4go are covered by

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

Understanding (and Optimizing) Credit Card Fees

Implementing Payments in SAP:

Office of Finance and Treasury

How To Comply With The New Credit Card Chip And Pin Card Standards

Spotlight on Product & Service: Worldpay - End-to-End Payments Secure Platform at Most Cost-Effective Rates. Accept payments. Anywhere. Anytime.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

CPIM Academy. Cash 257 Merchant Services and Revenue Collection

Healthcare Payment Security Is Your Patient s Card Data Exposed? May 24, 2016

We Got Hacked.. But We re Not Worried & Our Credit Cards & Personal Information Are Safe!!!

Flexible and secure. acceo tender retail. payment solution. tender-retail.acceo.com

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

Sage 100 ERP I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

EMV and Small Merchants:

Target Security Breach

Sage ERP MAS I White Paper. Payment Processing Trends, Tips, and Tricks: What You Need to Know

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

PCI Security Standards Council

PCI DSS Compliance Services January 2016

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

NCR CONNECTED PAYMENTS The vision for payment acceptance in restaurants

Practically Thinking: What Small Merchants Should Know about EMV

PCI Risks and Compliance Considerations

Secure Payments Framework Workgroup

Important Info for Youth Sports Associations

White Paper Solutions For Hospitality

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

University Policy Accepting Credit Cards to Conduct University Business

EMV in Hotels Observations and Considerations

Cash 257 Merchant Services and Revenue Collection

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

Understand the Business Impact of EMV Chip Cards

Frequently Asked Questions

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Guide to Payment Processing

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

Saint Louis University Merchant Card Processing Policy & Procedures

EMV Frequently Asked Questions for Merchants May, 2014

EMV : Frequently Asked Questions for Merchants

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Payment Card Industry Compliance

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

Payment Card Industry Data Security Standard (PCI DSS)

Encryption and Tokenization: Protecting Customer Data. Your Payments Universally Amplified. Tia D. Ilori Sue Zloth September 18, 2013

White Paper PCI-Validated Point-to-Point Encryption

NCR Secure Pay FAQ Updated June 12, 2014

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

Preparing for EMV chip card acceptance

The Relationship Between PCI, Encryption and Tokenization: What you need to know

Payment Card Industry Data Security Standards

Meet The Family. Payment Security Standards

rguest Pay Gateway: A Solution Review

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

PCI Compliance: How to ensure customer cardholder data is handled with care

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

PCI Compliance in Oracle E-Business Suite

University Policy Accepting and Handling Payment Cards to Conduct University Business

Plotting a Course for EMV Compliance

Secure Payments Solution

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

Tokenization: FAQs & General Information. BACKGROUND. GENERAL INFORMATION What is Tokenization?

SellWise User Group. Thursday, February 19, 2015

WE ENABLE OUR CUSTOMERS TO MAKE THE SALE

What is EMV? What is different?

OpenEdge Research & Development Group April 2015

Credit Card Processing and Security Policy

welcome to liber8:payment

Card Network Update Chip (EMV) Acceptance in the United States At-A-Glance

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Table of Contents. Overview. What is payment processing? Who s Who. Types of Payment Solutions. Online Transactions. Interchange Process

What a Processor Needs from a University to Validate Compliance

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

White Paper: Are there Payment Threats Lurking in Your Hospital?

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS

COLUMBUS STATE COMMUNITY COLLEGE POLICY AND PROCEDURES MANUAL

Dartmouth College Merchant Credit Card Policy for Processors

Understanding the Value of Tokens

Introductions 1 min 4

The Comprehensive, Yet Concise Guide to Credit Card Processing

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Accepting Payment Cards and ecommerce Payments

Managing the Costs of Securing Cardholder Data

How Multi-Pay Tokens Can Reduce Security Risks and the PCI Compliance Burden for ecommerce Merchants

Table of Contents. 2 TouchSuite Welcome Kit

Transcription:

Enterprise Payments for

Table of Contents I. Introducing CardConnect II. III. IV. Gartner Tokenization Reporting Featuring CardConnect PCI Compliance, EMV & True Payment Security CardConnect for SAP V. Case Study: All-in-One Solution for Secure Payments VI. VII. CardConnect for SAP B1 The Complete Solution

GIFT

I. Introducing CardConnect CardConnect is a rapidly growing U.S.-based payment technology company that provides solutions for companies accepting bank card transactions, storing sensitive data and seeking to push the boundaries of innovation. CardConnect s proprietary payment gateway makes integrated payments, especially for enterprise systems including SAP, Oracle, and JD Edwards simple and secure. The only constant in payments is change and CardConnect stays on top of that change by offering enterprise businesses the flexibility to securely accept payments in almost any form. Heavy investments in research and technology have produced breakthroughs in data protection with patented encryption and tokenization processes, improved strategies to remove businesses from PCI compliance scope including PCI-certified P2PE and innovative integrations within the tough-to-navigate environments of SAP, Oracle, and JD Edwards. Why We re Different CardConnect's solutions are customized for each SAP environment to accommodate a variety of unique business needs. SAP-Certified Gateway Connect to all major merchant acquirers. Instant Reconciliation Automatically reconcile deposit details from the bank to match deposits to open receipts. Interchange Management CardConnect passes Level II and III data and offers 3-D Secure to get the lowest interchange rates possible. Account Updater Retain customers by eliminating the need for them to update their credit card information (expiration date, number, etc.)

The CardConnect Security Platform Make payments within SAP simple, secure and 100% PCI compliant. Point to Point Encryption CardConnect has the only PCI-certified P2PE solution for both card-present and card-not-present transactions. Patented Tokenization CardConnect s CardSecure was recently awarded two U.S. patents for its tokenization process. PCI-Certified Vault Clear SAP of credit card data and place them in CardConnect s off-site vault for secure storage. Trusted By

II. Gartner Tokenization Reporting Featuring CardConnect Gartner, Inc., a renowned information technology research and advisory company, released the 2015 report, Market Guide for Merchant/Acquirer Tokenization of Payment Card Data. One of the featured vendors? CardConnect. The gist of Gartner s report is rather simple: tokenizing sensitive data is a key element in ensuring payment system security. Gartner elaborated further and encouraged businesses adhere to a certain set of tokenization standards with the goal of eliminating all stored cardholder data (CHD).

Why tokenize? Gartner dives into the key advantages of implementing tokenization: 1) Simplification of Compliance Monitoring 2) PCI DSS Compliance Scope Reduction 3) End-to-End Data Security The Solution In their report, Gartner highlights CardConnect as a representative tokenization vendor. Our solution, CardSecure, provides both on-premise and off-premise tokenization, delivering protection for CHD and personally identifiable information (PII). CardSecure s tokenization can be combined with our PCI-certified point-to-point encryption (P2PE) offering and supports all major payment operations, including EMV and can be integrated with popular ERP solutions, such as SAP, Oracle EBS and Cloud, JD Edwards and InforM3. CardConnect tokenization and our security offering as a whole will continue to develop over time, ensuring our clients are fiercely protected by industry-leading techniques.

III. PCI Compliance, EMV & True Payment Security Since 2013, approximately 3.6 billion records have been compromised. In 2015 alone, 708 million records were breached in just 1,673 incidents - 46 of which involved more than one million affected records. As companies continue to collect increasing amounts of customer information, more data about who they 1 are is at risk to be stolen. It s not a surprise that in 2015, criminals started to shift their attacks to personal information and identity theft. The bottom line: payment security is still very much in the headlines. Last year, there was a lot of change in the payment industry from the introduction of PCI 3.0 and the launch of PCI P2PE 2.0, to the much anticipated October 1 deadline for EMV. 708 MILLION RECORDS IN 2015 3.6 BILLION SINCE 2013 PCI 3.0 PCI 3.0 became the standard in January 2015 and not long after, to PCI DSS Version 3.1 in April. PCI DSS (Payment Card Industry Data Security Standards) increasingly focuses on detecting security vulnerabilities early. Organizations using POS hardware must maintain a list of all of their devices and periodically inspect them to ensure they haven t been compromised. Increased staff training so they can identify a tampered device and maintaining a list of service providers and their PCI status which could be in response to the Target breach are emphasized in this latest update. As EMV efforts increase and the threat of online fraud grows, the PCI Council went on the offensive by introducing SAQ-A EP, a longer SAQ that includes penetration testing and external vulnerability scans specifically for e-commerce merchants that redirect to a third party shopping cart. P2PE Point to Point Encryption (P2PE) is having a banner year. It is quickly becoming the security technology to protect a business against a breach (both card-present and card-not-present). With P2PE, credit card data is immediately encrypted, whether it is swiped at a terminal or keyed into an iframe or a hosted payment page, so that clear card data is never susceptible to theft.

The technology proved its worth in April 2015 when the PCI Council introduced SAQ-P2PE, a much shorter SAQ for companies that employ a PCI-certified P2PE solution. P2PE was further validated as Visa introduced TIP Technology Innovation Program that exempted businesses with over 75% of transactions originating from a secure acceptance channel (either P2PE or EMV) from a PCI DSS audit entirely. It s clear that P2PE is regarded as the key to protecting sensitive cardholder data. EMV EMV has been the talk of the payment industry for years as adoption spread throughout Europe, and that talk exploded after the Target breach exposed over 70 million records. On October 1, 2015 the EMV (Europay MasterCard Visa) liability shift officially took effect. In simple terms, if there is a chargeback on an EMV card and the merchant does not have an EMV-capable terminal, that merchant is now liable. EMV adoption is so highly regarded because unlike static magnetic stripe cards, chip cards store data on a small, embedded computer chip so that sensitive data is dynamic and extremely difficult to counterfeit. It s important to note that EMV only applies to card-present transactions. On the same hand, it does impact card-not-present transactions, specifically e-commerce. Countries that adopted EMV immediately saw a rise in e-commerce fraud as criminals found other vulnerable sales channels to steal credit card data. That is why an all-encompassing security solution is so important. The Path to Payment Security For complete protection against a data breach, implementing one component (EMV, PCI, P2PE, etc.) won t suffice. Following PCI standards, encrypting data at the point of entry, accepting EMV cards, along with tokenization replacing sensitive card data with a random, irreversible token all work hand in hand to protect each sales channel within a business from a breach. As data security threats continue to rise and the payment industry continues to evolve, merchants now more than ever need to understand the security solutions available and the impact they have on their business.

IV. CardConnect for SAP CardConnect for SAP provides a central location for the management of encryption keys and tokens in addition to providing services to numerous applications across an enterprise. Accept any payment type from any sales channel quickly and easily while enjoying the most secure technology on the market. POS Forms Mobile Website/ istore Encryption Tokenization Vault Enterprise Security Certified Point to Point Encryption (P2PE) CardConnect s P2PE solution is one of the first to be certified by the PCI council and the only solution for call centers with the patented PANpad device. P2PE encrypts data at the point of interaction, storing it in a form that is unreadable without the appropriate decryption key. Patented Tokenization After data is encrypted at the point of interaction it is assigned a randomly generated token that only CardConnect can reverse. The token - not the card number - is stored in SAP, ensuring that your system never touches sensitive credit card data. Secure Vault Storage All of the sensitive data will be stored in our secure, off-site vault. Although credit card and social security numbers aren t housed within SAP, they will still be accessible via the token for financial reporting. OPTIMIZED GATEWAY CardConnect s gateway connects to all major merchant acquirers while also lowering transaction costs by automatically passing Level II/III data and using 3-D Secure. PCI COMPLIANCE CardConnect provides the ultimate reduction of PCI scope, eliminating a time consuming audit while keeping your customers sensitive information safe and secure. INSTANT RECONCILIATION Clear receipts from accounts receivable, reconcile cash deposits and fees directly from within SAP without any modifications or loss of support.

V. Case Study: All-in-One Solution for Secure Payments Background CardConnect recently worked with a furniture retailer that has 50+ showrooms, completes 60,000 deliveries and processes $40 million in credit card volume each month. In order to better manage all facets of their business, the retailer selected SAP to implement an ERP system. The system SAP provided was designed for business-to-business organizations and lacked many of the capabilities a retail store would rely on to accommodate and secure an in-store transaction. Summary CardConnect provided the furniture retailer an all-in-one solution for integrated, secure payment processing consisting of: 1. CardSecure PCI-Validated P2PE Terminals: encrypts and tokenizes transactions at the swipe 2. 3. CardConnect Gateway and Vault: transmits tokenized information into SAP and securely hosts raw cardholder data CardConnect Merchant Services: delivers low transaction rates, cost savings and automated reconciliation reporting Encryption & Tokenization + Payment Gateway for SAP + Merchant Services Out of PCI Scope Out of PCI Scope Sales Kiosk ERP integration Processor The furniture retailer first approached CardConnect in 2009 to provide an integrated solution for secure payment acceptance. Having created the first payment gateway for SAP in 1997, the retailer recognized CardConnect's expertise. From General Electric to AmeriGas, CardConnect's enterprise payment solutions are embraced by some of the world's most recognizable brands. Through intense development and customization, CardConnect provided the furniture retailer with a specialized solution that would allow their SAP application to support retail transactions. Most importantly, this solution significantly lowered the retailer s interchange rates on debit cards, giving the retailer the ability to capture track 1 and track 2 data from swiped payment cards.

Unmatched security According to SafeNet s Breach Level Index, there was a 224% increase in data breaches in 2014, affecting nearly half of all Americans. The furniture retailer understood the increased risks facing retailers and sought the best available Decryption/SSL solution for safeguarding customer payment data. 4 The retailer was using a simple swipe device connected to a computer running its SAP application to process transactions. Swiping a payment card on the device would automatically populate SAP with the transaction information. While the card numbers would then be immediately tokenized, there was a small period of time where sensitive data could theoretically be stolen. CardConnect solved the furniture retailer s security issues with CardSecure P2PE, the only available point-to-point encryption hardware-based solution for SAP users. CardSecure P2PE consists of Ingenico isc 250 terminals integrated with CardSecure s malware-resistant, P2PE firmware. CardSecure encrypts all card data at the point of entry, removing the retailer s PCI burden related to accepting and processing payment cards. CardSecure also stores the associated signature image with each transaction record. The furniture retailer plans to implement more than 1,000 CardSecure P2PE terminals in 2015. All-in-one provider Encryption/Tokenization on swipe Merchant Network Out of PCI Scope CREDIT CARD NUMBER IS ENCRYPTED INSTANTLY Terminal = Ingenico isc 250 with CardSecure Encryption Key CardConnect lowered the retailer s processing costs further by providing merchant services. Currently, the furniture retailer processes $480 million in annual credit and debit card volume. In CardConnect, the retailer will have a singular payment partner that handles all facets of the transaction: P2PE payment security terminals, SAP gateway integration, merchant services and reconciliation reporting. 3 Gateway & Vault -Sungard Data Center - HSM (Hardware Security Module) -FIPS140-2 Government Grade Security P2PE Security ERP + Gateway Software Merchant Services About CardConnect CardConnect allows its 50,000 clients to securely accept payments from any sales channel - without the risk and liability of storing or transmitting credit card data. Using CardSecure, the preeminent tokenization solution for reducing PCI DSS compliance costs, all sensitive data is encrypted, tokenized and hosted in an ultra-secure vault. The CardConnect Gateway qualifies all transactions for the lowest interchange rate possible and provides a robust reporting portal for all reconciliation needs.

VI. CardConnect for SAP B1 An integration like no other. Combining SAP s scalable small business software with the CardConnect gateway provides you with the tools needed to skillfully manage your business - complete with best-in-class security. Enterprise-Level Security CardSecure moves all of your customer data to our secure, off-site vault where the sensitive information is encrypted, tokenized and protected from security breaches Interchange Optimization The CardConnect gateway was specifically designed to pass both Level II and Level III data, meaning you receive the lowest possible rate for each transaction Superior Processing Enjoy low processing rates, a powerful online (and mobile friendly) reporting system and more Reporting & Reconciliation The CardConnect gateway collects vital business data (settlements, deposits, statements, etc.) all in one place. Our customizable reconciliation solution ensures reconciling cash-to-receipts is integrated and automated Take your entire SAP B1 system out of PCI scope with CardConnect s integrated P2PE devices.

VII. The Complete Solution Our certified SAP integrations support secure payment acceptance from all of your sales channels. For over a decade, CardConnect has been building the best in ERP security technology, adding innovative features and functionality all the time.

Notes

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information