SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS



Similar documents
EMV and Small Merchants:

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Credit Card Processing, Point of Sale, ecommerce

Modernizing H-E-B s Point-of-sale Systems

Payments Transformation - EMV comes to the US

welcome to liber8:payment

Preparing for EMV chip card acceptance

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Version 7.4 & higher is Critical for all Customers Processing Credit Cards!

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

Are You Ready For PCI v 3.0. Speaker: Corbin DelCarlo Institution: McGladrey LLP Date: October 6, 2014

Your Compliance Classification Level and What it Means

TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No MERCHANT DEBIT AND CREDIT CARD RECEIPTS

PCI DSS. Payment Card Industry Data Security Standard.

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

PCI and EMV Compliance Checkup

PCI DSS 101 FOR CTOs AND BUSINESS EXECUTIVES

OpenEdge Research & Development Group April 2015

We believe First Data is well positioned to take advantage of all of these trends given the breadth of our solutions and our global operating

Frequently Asked Questions

Secure Payments Framework Workgroup

White Paper PCI-Validated Point-to-Point Encryption

EMV in Hotels Observations and Considerations

How To Protect Your Credit Card Information From Being Stolen

Data Security Basics for Small Merchants

ICS Presents: The October 1st 2015 Credit Card Liability Shift: This Impacts Everyone!

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

PCI DSS COMPLIANCE DATA

* Any merchant that has suffered a hack that resulted in an account data compromise may be escalated to a higher validation level.

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

EMV Frequently Asked Questions for Merchants May, 2014

PCI Compliance: How to ensure customer cardholder data is handled with care

What Merchants Need to Know About EMV

EMV : Frequently Asked Questions for Merchants

A RE T HE U.S. CHIP RULES ENOUGH?

PCI Compliance Overview

Clark University's PCI Compliance Policy

University Policy Accepting Credit Cards to Conduct University Business

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Card Industry Data Security Standards

The Comprehensive, Yet Concise Guide to Credit Card Processing

PCI Compliance. Top 10 Questions & Answers

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

rguest Pay Gateway: A Solution Review

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Solutions For Higher Education: Reducing Compliance Scope Across Campus With PCI Validated P2PE

Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) Frequently Asked Questions

PROTECTION OF OUR MERCHANTS AND REFERRAL PARTNERS IS OUR FIRST CONCERN

Agent Registration. Program Guidelines. (For use in Asia Pacific, Central Europe, Middle East and Africa)

EMV Chip and PIN. Improving the Security of Federal Financial Transactions. Ian W. Macoy, AAP August 17, 2015

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) Merchant Business Solutions. Version 5.0 (April 2011)

Mobile Near-Field Communications (NFC) Payments

Wayne EMV Solutions. Protect your business with a complete EMV Solution inside and out.

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

How To Protect Visa Account Information

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

A PCI Journey with Wichita State University

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Fraud Protection, You and Your Bank

Fiscal Service EMV Education Series EMV-Compliant Point-of-Sale Card Acceptance for Federal Agencies. Fiscal Service / Vantiv July 27, 2015

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

AIS Webinar. Payment Application Security. Hap Huynh Business Leader Visa Inc. 1 April 2009

SecurityMetrics Introduction to PCI Compliance

PCI Compliance Top 10 Questions and Answers

PCI DSS. CollectorSolutions, Incorporated

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

PCI Compliance. What is New in Payment Card Industry Compliance Standards. October cliftonlarsonallen.com CliftonLarsonAllen LLP

Agent Registration. Program Guide. (For use in Asia Pacific, Central Europe, Middle East, Africa)

Payment Card Industry Data Security Standards Compliance

PCI DSS Compliance Information Pack for Merchants

Tokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism

What is EMV? What is different?

PAI Secure Program Guide

Q: What is PCI? Q: To whom does PCI apply? Q: Where can I find the PCI Data Security Standards (PCI DSS)? Q: What are the PCI compliance deadlines?

Fall Conference November 19 21, 2013 Merchant Card Processing Overview

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

See page 16. Thomas A. Vallas

IT Security Compliance PCI DSS FOR MERCHANTS THE PAYMENT CARD INDUSTRY DATE SECURITY STANDARD WHITE PAPER

Credit Card Processing Overview

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Thoughts on PCI DSS 3.0. D. Timothy Hartzell CISSP, CISM, QSA, PA-QSA Associate Director

Corbin Del Carlo Director, National Leader PCI Services. October 5, 2015

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Payment Card Industry Compliance Overview

Transcription:

SELLING PAYMENT SYSTEMS SERVICES & SOLUTIONS A RESELLER S GUIDE

CONTENTS New Sales Opportunities : EMV Mandate Means New Business... 3 New POS Will Need Both EMV and PCI... 3 Growing Demand for NFC Transactions... 4 Emerging Payment Systems... 4 Chip-Based Scanners for EMV...5 Digital Currency Systems... 5 Professional & Training Services... 6 PCI Payment Compliance... 6 Risk Assessments... 7 PCI Onsite Reviews & Assessments... 7 Vulnerability Scanning Services... 7 PCI Compliance Scanning... 7 Design Services... 8 Payment Key Injection Process... 8 Shipping & Fullfillment... 8 Deployment Services... 8 Disposal Services... 8 Training Services... 8 Ingram Micro Can Help... 9 2...

NEW SALES OPPORTUNITIES EMV MANDATE MEANS NEW BUSINESS Retail and restaurant payment systems in the United States are undergoing a dramatic change in the coming year because of mandated smart credit card adoption and the need for new payment systems. Walmart has already started to accept EMV cards, and Search, Target, and CVS Caremark are rolling out their own EMV systems, but other retailers have been slower to make the change. As with the frenzy to accommodate Y2K, the October 2015 deadline for EMV card adoption has retailers and restaurateurs struggling to upgrade their point of sale systems or they will have to start assuming liability for fraudulent credit card purchases. NEW POS WILL NEED BOTH EMV AND PCI Even with the new mandate for EMV compliance, stores and restaurants are not relying on EMV alone to protect them against credit card fraud. The payment Card Industry (PCI) has issued a new Data Security Standard (DSS) for the secure processing, transmission, and storage of credit card data. EMV and PCI work well together to secure ensure secure handling of credit card transactions. The PCI DSS standard is required for all merchants who handle credit card transactions and is supported by American Express, Discover, JCB, MasterCard, or Visa International. Any vendor using a non-pci DSS compliant credit card system can incur fines up to $100,000 per month. There are multiple aspects of PCI DSS compliance, including secure point of sale transactions and secure storage of credit card data. The rules are extremely complex so merchants often rely on third-parties, such as integrators and VARs, to help them stay compliant. For example, PCI DSS requires that consumer credit card data has to adhere to a standard of secure storage protection against data theft, including a quarterly network scan by a PCI-approved scanning vendor. Security-savvy VARs can work with merchants to ensure credit card data is secure and PCI compliance is never an issue....3

GROWING DEMAND FOR NFC TRANSACTIONS As part of growing EMV card adoption, more retailers will start adopting contactless card readers. Near field communication (NFC) is a technology that has been waiting in the wings for a problem like EMV cards. As retailers upgrade from their current magstripe readers to EMV readers, many also will be migrating to card readers that are NFC-ready. This is in anticipation of the growing number of mobile transactions being made using smartphones. Google Wallet is one of the first examples of transactions using NFC payments and Apple pay and other systems are sure to follow. A research report from Berg Insights predicts that 86 percent of POS terminals installed in North America will accept NFC payments by 2017. That represents an in-store mobile wallet volume of $44 billion. Retailers will need assistance making sure they can handle NFC transactions. EMERGING PAYMENT SYSTEMS There are new payment technologies and systems emerging all the time, and the challenge for retailers is deciding which of the latest payment system fads are necessary for their business. Consider the growing popularity of e-payment platforms such as PayPal, Google Wallet, and now Apple Pay. Consumers like these services for their convenience as well as the cool factor ; just think how cool and easy is to leave your wallet home and make purchases with your smartphone. Retailers watch these new payment systems with trepidation since they have to decide whether they need to invest to support these new payment platforms to better serve customers. There are other payment systems that are here to stay, and retailers are struggling with how to best support them. As you develop your POS/data capture sales strategy, consider how these new payment systems fit into your strategy. 4...

CHIP-BASED SCANNERS FOR EMV Europay, MasterCard, and Visa (EMV) banded together to develop a global standard for the interaction of integrated circuit cards, also known as IC cards or chip cards. Deemed as more secure than current credit card technology, U.S. credit card companies are migrating to chip cards in an effort to reduce credit card fraud and counterfeit credit cards. EMV cards are ushering in new liability rules and new payment processes. So what EMV adoption means for U.S. merchants is adding new in-store, pointof-sale and internal processing systems that can handle EMV credit cards. Like magnetic strip card readers, EMV readers use a two-step authentication process: card reading and transfer verification. However, unlike swiping a card the authentication system takes longer. And unlike magnetic stripe cards, EMV cards can be updated or changed, which makes them harder to counterfeit. It also means more personal information can be included that could be valuable to retailers, assuming the EMV scanners can capture that data. The first round of EMV cards will be equipped with both a magnetic stripe and a smart chip but eventually cards will migrate to all EMV. Retailers need to keep pace with these changes and migrate to EMV data capture systems that integrate with their back end systems before the EMV conversion deadline of October 2015. DIGITAL CURRENCY SYSTEMS Digital transaction systems are gaining popularity with consumers. Starbucks and other merchants have been using prepaid debit cards that can be preloaded by customers and used like vendorspecific ATM or gift cards. Starbucks has even gone further to provide a smartphone barcode system where the barista scans the phone screen. Bitcoin, Ripple, Litecoin, and Quark are some of the new currencies that are being adopted that use cryptography for secure transactions. Bitcoin is probably the best known and more merchants are installing Bitcoin readers to handle transactions, especially in Europe and Asia. In North America the latest digital currency announced by the Royal Canadian Mint. The Mint Chip is backed by the Canadian treasury and tied directly to the Canadian dollar. It is starting to take hold rapidly in Canada, partly because Ingenico, one of the world s largest point-of-sale terminal manufacturers, has developed software for its new terminals that will accept payments via Mint Chip. The challenge for retailers is determining which forms of digital currency they support. There is no dominant e-currency at present, and there are no industry standards for e-payments. It s impractical to adopt systems to embrace all the emerging currency options so merchants will need assistance and guidance in navigating e-payment and digital currency systems....5

PROFESSIONAL & TRAINING SERVICES INCREASE PROFITS & EXPAND VALUE Ingram Micro goes beyond hardware and software to offer a full portfolio of Professional and Training Services that you can leverage to plan, implement, manage and support your payment solutions. Experienced technicians, engineers, and project managers are focused on identifying, configuring, and deploying your chosen solutions like PCI compliance assessments to deployment and disposal services. PCI PAYMENT COMPLIANCE The Payment Card Industry (PCI) has issued a Data Security Standard (DSS) to ensure that all companies process, transmit, and store credit card information in a secure environment. Administered by the PCI Security Standards Council (SSC), compliance with the PCI DSS is now required of all merchants and banks who handle credit card transactions. Any organization that accepts credit or debit card transactions backed by American Express, Discover, JCB, MasterCard, or Visa International have to have PCI DSS-compliant transaction systems, regardless of their size or how they accept payment. Failure to comply can result fines up to $100,000 per month. Needless to say merchants are anxious to demonstrate that they conform to PCI DSS. There are various components to PCI DSS compliance, including rules to protect credit card transactions stored in the merchant s network. The rules can be complex, so merchants often rely on vendors to help them stay compliant. For example, PCI DSS requires merchants to protect consumer credit card data from hackers. To ensure compliance the PCI SSC can conduct a network security scan using an automated tool that looks for online vulnerabilities. PCI requires a quarterly network scan by a PCI SSC Approved Scanning Vendor. VARs that are well-versed in PCI DSS can prove to be a real asset to merchants concerned with compliance and credit card security. 6...

RISK ASSESSMENTS Understanding and assessing risk is one of the most fundamental ways to develop a well-founded information security strategy which helps fulfill both compliance objectives (such as GLBA, HIPPA and PCI DSS) and broader security goals. Our risk assessments help identify the risks faced and identify: Systems used to store, process or transmit sensitive information Threats to systems from attackers, automated attacks (i.e., computer viruses), environmental factors and human mistakes Vulnerabilities that could make systems susceptible to the threats Impact if an attacker was able to successfully exploit the vulnerability PCI ONSITE REVIEWS & ASSESSMENTS For customers required to undergo a full compliance assessment, a Qualified Security Assessor (QSA) will assist with a three-phase process for the PCI DSS compliance assessment: A Pre-Assessment identifies and analyzes the compliance scope as well as any gaps. The Assessment tests security of the system as well as provides advice to remediate the gaps. Post-Assessments include quarterly follow-ups to address compliance maintenance checkups, changes in the environment and future plans which may affect the scope. VULNERABILITY SCANNING SERVICES Vulnerability scanning examines networks for security holes and misconfigurations. Regular scanning is a critical component of information security programs and a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in the ever-changing network environment. PCI COMPLIANCE SCANNING Any organization that stores, processes or transmits payment card data is required to be PCI DSS-compliant by the payment brands and the merchant bank. And, depending on the organization s role and transaction volume, they will need to complete either a full compliance assessment performed by a Qualified Security Assessor (QSA) or a Self- Assessment Questionnaire (SAQ). Most organizations find that they need at least some level of guidance while going through the SAQ process. Our experts will help determine which SQA route is appropriate and give assistance understanding the requirements. Through our secure web portal, the customer is able to set up, manage and review their scans. And in the event a scan fails, meaning a security vulnerability is found, the report will contain detailed recommendations to address any issues. Once the organization is able to make the appropriate changes to address the discovered vulnerabilities, a rescan can be done to see if the changes were effective....7

DESIGN SERVICES Network security professionals can assist in developing a simple, sustainable and operationally efficient network architecture for both wired and wireless deployments. PAYMENT KEY INJECTION PROCESS Avoid the cost and time of taking terminals offline and shipping them to secure facilities for key injections. Ingram Micro can download security keys to payment terminals on behalf of our channel partners. SHIPPING & FULFILLMENT Our Advanced Logistic Centers (ALCs) are positioned to ensure compressed order fulfillment lead times and optimize inventory distribution from end to end. DEPLOYMENT SERVICES Leverage local, rapidly-deployable technicians across the country for deployments including payment terminals, cameras, wireless access points, cabling, network/pos upgrades, and more. Our Project Management Office will schedule each site and staff technicians as well as manage the entire project including site escalations and reviewing/archiving all documentation. DISPOSAL SERVICES Address the end-of-life information security as well as environmentally compliant disposal concerns for old electronic equipment. We offer a full service portfolio of services including: De-Installation & Asset Removal Onsite Data Erasure & Destruction Packaging & Palletizing Asset Processing Refurbishment, Repair & Re-marketing De-manufacturing & Recycling Issuance of Certificate of Destruction TRAINING SERVICES Whether exploring EMV chip card issues for the first time or an experience issuer, staff needs to be educated on how to identify suspicious activity, to follow the appropriate escalation procedures and to respond to a potential security incident. Training helps in understanding common mistakes that my lead to data breaches, EMV security, the importance of PCI DSS compliance and the advantages/disadvantages of Point-to-Point Encryption (P2PE) solutions. Contact Us Today! 800-456-8000 ext. 76094 proservices@ingrammicro.com 8...

INGRAM MICRO CAN HELP The mandatory move to support EMV smartcards opens a unique opportunity for resellers. Restaurants, retailers, and other merchants that accept credit card and debit payments have to adopt a new point-of-sale payment system to accommodate EMV cards, whether they like it or not. They have to rely on the expertise of experienced resellers to help them make the right choice and integrate those new payment systems into their merchandising systems. Ingram Micro is here to help. The migration to EMV opens up the possibility for additional conversations about hardware and software, scanners and data capture devices, wireless networking, storage, backup, power, security, cloud computing, big data, and more. Ingram Micro Professional and Training Services has experts that can help you build your business from end-to-end. Our experienced professionals can provide guidance beyond the hardware and software. From risk assessments and PCI-compliance scanning to solution design and deployment and even staff training and equipment disposal, our experts can help you during the entire project lifecycle. We understand how to bring new technologies together to promote greater profits for you and your customers. Contact us to learn more! Steve Bochniarz 800-456-8000 ext. 67366 stephen.bochniarz@ingrammicro.com...9

To learn more about our comprehensive payments program and solutions, please contact us.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information