1 / 34

Countdown to Compliance

Countdown to Compliance. October 2009. Introduction. This presentation is geared to merchant acquirers and ISOs in the financial services industry that sell to small to mid-sized merchants It is not designed for: Petroleum ISVs Multi-lane retailers VARs Transportation Retail Banking

quinn-vega
Télécharger la présentation

Countdown to Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Countdown to Compliance October 2009

  2. Introduction • This presentation is geared to merchant acquirers and ISOs in the financial services industry that sell to small to mid-sized merchants • It is not designed for: • Petroleum ISVs • Multi-lane retailers • VARs • Transportation • Retail Banking • If you’re in the petroleum space visit: http://www.verifone.com/sites/secure-pumppay.aspx • If you’re in the multi-lane retail space visit: http://www.verifone.com/mx-800-series.aspx

  3. Agenda • Breach Concerns • What is PCI PED? • Sample Scenarios • VeriFone’s PCI PED Campaign • Vx Solutions and MX Solutions Overview • Q&A

  4. Why worry about a Breach? • Industry research indicates that many merchants do not know much about security • In fact, Visa research indicates that compliance was lowest among level 4 merchants • According to industry research by Verizon, 81 percent of the organizations that experienced a breach “were not Payment Card Industry (PCI) compliant,” • 75 percent of the breaches it investigated involved the retail (31 percent), financial services (30 percent) and food & beverage (14 percent) industries • More than 80% of breaches since 2005 have happened at small merchants • You only hear about the bigger breaches but smaller ones occur every day

  5. Security Breaches In The News

  6. What is PCI PED? • PCI PED requirements are primarily concerned with device characteristics impacting the security of the PIN Entry Device used by the cardholder during a financial transaction. • These rules are to protect the consumer from fraud. • There are two factors involved in PCI PED requirements. • Device characteristics – thephysical and logical security characteristics of the device that deter a physical attack on the device—for example, the penetration of the device to determine its key(s) or to plant a PIN-disclosing “bug” within it or allowing the device to output a clear-text PIN-encryption key • Device management considers how the PED is produced, controlled, transported, stored, and used throughout its lifecycle • The deadline to remove PCI PED ‘never approved’ devices from the market is July 1, 2010. • Most of these devices were manufactured before 2004 • Visa has issued a tentative removal date of Dec 2014 for all Visa PED approved devices

  7. PED Approval Recap Merchants/Retailers Must Stop PIN use by July 2010 Never Approved Manufacturers MUST NOT place for PIN after December 2007 And must be removed by December 2014 Visa PED Approved Manufacturers MUST place for PIN entry after 12/2007 PCI PED Approved

  8. Timeline

  9. Impact to the Retailer/Merchant • There has been much confusion over the impact to a retailer who does not meet the Visa July 1, 2010 mandates for payment security • To review, there are three different mandates from Visa that must be met by US merchants by July 1, 2010.  These are: • All never approved payment devices on which PIN debit transactions are conducted must be removed from service.  This includes any terminal that is not either VISA PED or PCI PED. • All debit card PINs must be encrypted in TDES from the payment device • All applications that “store, process, or transmit cardholder information” must be PA-DSS or PABP compliant

  10. Key Dates • Visa has chosen to implement the following regulations in order to transition to PCI PED compliance: • October 1, 2009 —Acquirers must submit to Visa a summary TDES compliance status report and plan to achieve full compliance for sponsored attended POS activity • July 1, 2010 —All never approved devices must be removed from service • July 1, 2010 — If there is a breach of a never approved device after July 1, 2010, liability for the breach transfers from the issuer to the acquirer and the merchant. • August 1, 2012 —Acquirers may be assessed fines for sponsoring any non-TDES compliant merchants or agents

  11. How do I upgrade by merchants? • Replace never approved devices with higher-functioning devices • Add a compliant PCI PED approved PIN Pad like the PP1000SE • Use this opportunity as a way to add value to replace the older device • Value added applications • Gift card • Loyalty • PIN debit • Faster devices • Pay at the point of service

  12. How to Upgrade Your Merchant - Sample Scenario • Type of Retailer: • Type of Retailer: Sports Memorabilia Vendor in Mall • Scenario: Tim owns a sports memorabilia store in a busy mall. • Accepting electronic payments for many years using an Omni 3210 countertop device • Being able to accept credit and debit cards is a major plus for his business. • Challenge: • Has heard about more stringent security requirements which affect his Omni 3210. • He calls his ISO rep who refers him to VeriFone’s PCI PED landing page where he finds a wealth of knowledge and easy to understand materials. • He also realizes that technology has come a long way and decides that it’s time to upgrade to a wireless device to eliminate the expense of his phone line.

  13. Achieve Compliance with the Vx 510 GPRS Solution: Upgrade to a higher functioning and PCI PED compliant Vx 510 GPRS for faster transactions and more flexibility • Tim now has the peace of mind knowing that his Vx 510 GPRS is compliant with the latest security requirements. • Also has the added benefits of faster transactions and a mobile device • The Vx 510 GPRS accepts payments anywhere there is a power source which is great when Tim visits fairs or sets up a mall kiosk. • He no longer needs to pay for an extra phone or DSL line which saves him additional money. • The ability to accept PIN debit is another plus since debit transactions mean lower overall transaction costs for his business.

  14. Merchant Scenario #2 • Type of Retailer: Jewelry Store • Scenario: Susie owns a successful jewelry store • Accepting electronic payments for many years using a NURIT 2085+ countertop device • Being able to accept credit is a major plus for her business since most jewelry purchases are rather expensive. • Challenge: • She has heard about more stringent security requirements which affect her NURIT 2085+ but is not concerned since she does not accept PIN debit • After doing some research she realizes that by offering PIN debit to her customers, she could be saving money due to the lower transaction fees. Plus she’s noticed that more people are using their debit cards due to the current economic conditions.

  15. Merchant Scenario #2 - Conclusion • Solution: Susie decides to upgrade to the Vx 670 portable device • It can be used anywhere in the store – customers can pay right where they make their jewelry selection and do not have to walk across the store floor. • Customers can complete their own transactions and do not have to give up their credit card which gives them peace of mind • Susie has all the benefits of a portable device which comes in handy when she visits jewelry shows and fares • Ability to accept PIN debit which means lower overall transaction costs.

  16. Feature Expansion + Value • Multiple Reasons to Focus on Latest Products • Higher Value (“More Bang for the Buck”) • Lower Cost of Ownership & Reliability • Portability – Taking payment to the Point of Service • Customer Stickiness + Features • Multiple application support • Performance & Speed

  17. Now Is The Time To Upgrade Your Merchants To A Higher Functioning Device Shift to Newer Technology Usability & Security “Design Focused” Speed & IP “Performance”

  18. Pro-Actively Promote Security • Educate against unsecure devices for transactions • Secure terminals, even if no PIN • Replace never approved devices before July 2010 • Promote new PCI PED approved devices • Promote End-to-End Data Encryption • VeriShield Protect • www.verifone.com/security

  19. VeriFone’s Position • Created the PCI PED upgrade program to help our partners to remove never approved PIN pads and devices out of the market • We want to help you leverage the opportunity to move merchants to a new VeriFone product (and even upgrade to a higher functioning device) and replace the old • We believe at this phase, education is crucial

  20. Campaign Overview • The expired parking meter is our theme graphic and will be a graphic element on materials • Program started July 2009 • Education very important since topic is complex • Creating Acquirer and Merchant specific information

  21. Advertising Support • Trade publication advertising for several months will support this campaign

  22. Acquirer Collateral • White Paper • Flyer • FAQs • How to upsell your merchants • Tool Kit (Interactive PDF) • Product Upgrade Chart • All materials are available on the landing page www.verifone.com/pciped • And exclusive tools at the VeriFone Zone www.verifonezone.com

  23. Merchant Collateral • Merchant Educational Package • Easy to understand overview, product charts, frequently asked questions, additional resources • Merchant Flyer • One page sheets with key dates and deadlines • Online Resources: • PCI Security Council • Merchant SAQ • www.verifone.com/pciped (Merchant Tab)

  24. PCI PED Landing Page • Breach Calculator • Countdown clock • Collateral • White Paper • Product Upgrade Chart Countdown Clock Breach Calculator White Paper Collateral

  25. Breach Calculator 10 6 30,000

  26. PCI PED Compliance Chart This chart applies to countertop and mobile merchants

  27. PCI PED Compliance Chart This chart applies to multi-lane retail devices

  28. More Tools at www.VeriFonezone.com • All the tools presented here today are available for download at the VeriFone Zone (www.verifonezone.com) • There is chart for all VeriFone products that are never approved and PCI PED approved as well as the recommended upgrade • This piece is only available at the Zone

  29. Vx Solutions - A Platform for Now and for the Future Compatibility • Consistent user interface • Consistent software base • Consistent support needs Security • PA DSS accepted applications • PCI PED approved • Part of a complete end-to-end encryption Performance • High-speed processor • Multi-application capabilities • Many connectivity options Delivering • Lower cost of sales, ownership and support • Easy to understand “up-sell” strategy • Opens new markets with little investment • Complete line of products and solutions

  30. Compatibility Broadens Your Offering • Consistency across form factors offers complete line of solutions for all market segments and customer needs • Single function  multi-application • Fixed  transportable  portable • Customer facing  clerk facing • More certifications than any other hardware provider make selling, installing, supporting, and expanding simpler

  31. MX Family, Solutions for Multi-Lane Retailers • Customer facing payment solutions • All built on a common,secure platform • All run the same applications • Share consistent user interfaces • All are PCI PED approved • Interchangeable and field-upgradable modules future-proof your investment offer a lower cost of ownership

  32. PIN Pad 1000SE • Number one selling PIN pad in the industry! • Easy to use PIN debit entry • PCI PED approved to meet the latest standards for secure PIN entry • Future-proof payment solution, fully updatable and compatible • Provides the best protection against fraud for merchants and consumers; • USB option provides another way to connect to a PC software program which minimizes cabling and countertop clutter

  33. Additional Resources • PCI PED website https://www.pcisecuritystandards.org/security_standards/ped/index.shtml • PCI PED list of approved devices https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html • VeriFone Security Page www.verifone.com/security • Secure Retail Payments http://www.verifone.com/industry-solutions/retail/payment-trends--security/secureretailpaymentscom.aspx • Visa http://broadcast01p.visabroadcasts.com/doc/20090422091220/5163459b29ec9fcdb6f98ceddad92d3d

  34. Q&A Session Questions?We want your feedback – please complete the poll at http://surveys.polldaddy.com/s/C8DE129DFADCBF5B/Download this presentation and the recording atwww.verifonezone.com

More Related