Presentation Title Here - Verifonezone.com

Countdown to
Compliance
September 2009

2
Introduction
• This presentation is geared to merchant acquirers and ISOs in the
financial services industry that sell to small to mid-sized merchants
• It is not designed for:
– Petroleum ISVs
– Multi-lane retailers
– VARs
– Transportation
– Retail Banking
• If you’re in the petroleum space visit:
http://www.verifone.com/sites/secure-pumppay.aspx
• If you’re in the multi-lane retail space visit:
http://www.verifone.com/mx-800-series.aspx

3
Agenda
• Breach Concerns
• What is PCI PED
• Sample Scenarios
• VeriFone’s PCI PED Campaign
• V x Solutions and MX Solutions Overview
• Q&A

4
Why worry about a Breach
• Industry research indicates that many merchants do not know much
about security
• In fact, Visa research indicates that compliance was lowest among
level 4 merchants
• According to industry research by Verizon, 81 percent of the
organizations that experienced a breach “were not Payment Card
Industry (PCI) compliant,”
• 75 percent of the breaches it investigated involved the retail (31
percent), financial services (30 percent) and food & beverage (14
percent) industries
• More than 80% of breaches since 2005 have happened at small
merchants
• You only hear about the bigger breaches but smaller ones occur
every day

5
Security Breaches In The News

6
What is PCI PED
• PCI PED requirements are primarily concerned with device
characteristics impacting the security of the PIN Entry Device used
by the cardholder during a financial transaction.
• These rules are to protect the consumer from fraud.
• There are two factors involved in PCI PED requirements.
– Device characteristics – the physical and logical security
characteristics of the device that deter a physical attack on the
device—for example, the penetration of the device to determine its
key(s) or to plant a PIN-disclosing “bug” within it or allowing the
device to output a clear-text PIN-encryption key
– Device management considers how the PED is produced, controlled,
transported, stored, and used throughout its lifecycle
• The deadline to remove PCI PED ‘never approved’ devices from the
market is July 1, 2010.
– Most of these devices were manufactured before 2004
• Visa has issued a tentative removal date of Dec 2014 for all Visa
PED approved devices

7
PED Approval Recap
Never Approved
Visa PED Approved
Merchants/Retailers
Must Stop PIN use by
July 2010
Manufacturers MUST
NOT place for PIN after
December 2007
And must be removed by
December 2014
PCI PED Approved
Manufacturers MUST
place for PIN entry after
12/2007

8
Impact to the Retailer/Merchant
• There has been much confusion over the impact to a retailer who
does not meet the Visa July 1, 2010 mandates for payment security
• To review, there are three different mandates from Visa that must
be met by US merchants by July 1, 2010. These are:
– All never approved payment devices on which PIN debit transactions
are conducted must be removed from service. This includes any
terminal that is not either VISA PED or PCI PED.
– All debit card PINs must be encrypted in TDES from the payment
device
– All applications that “store, process, or transmit cardholder
information” must be PA-DSS or PABP compliant

9
How do I upgrade by merchants
• Replace never approved devices with higher-functioning devices
• Add a compliant PCI PED approved PIN Pad like the PP1000SE
• Use this opportunity as a way to add value to replace the older
device
– Value added applications
• Gift card
• Loyalty
– PIN debit
– Faster devices
– Pay at the point of service

10
How to Upgrade Your Merchant - Sample Scenario
Type of Retailer:
•Type of Retailer: Sports Memorabilia Vendor in
Mall
Scenario: Tim owns a sports memorabilia store
in a busy mall.
• Accepting electronic payments for many years
using an Omni 3210 countertop device
• Being able to accept credit and debit cards is a
major plus for his business.
Challenge:
• Has heard about more stringent security
requirements which affect his Omni 3210.
• He calls his ISO rep who refers him to
VeriFone’s PCI PED landing page where he finds a
wealth of knowledge and easy to understand
materials.
•He also realizes that technology has come a
long way and decides that it’s time to upgrade to
a wireless device to eliminate the expense of his
phone line.

11
Achieve Compliance with the V x 510 GPRS
Solution: Upgrade to a higher functioning and PCI PED compliant
V x 510 GPRS for faster transactions and more flexibility
• Tim now has the peace of mind knowing that his V x 510 GPRS is
compliant with the latest security requirements.
• Also has the added benefits of faster transactions and a mobile
device
– The V x 510 GPRS accepts payments anywhere there is a power source
which is great when Tim visits fairs or sets up a mall kiosk.
– He no longer needs to pay for an extra phone or DSL line which saves
him additional money.
– The ability to accept PIN debit is another plus since debit transactions
mean lower overall transaction costs for his business.

12
Merchant Scenario #2
• Type of Retailer: Jewelry Store
• Scenario: Susie owns a successful jewelry store
• Accepting electronic payments for many years using a NURIT 2085+
countertop device
• Being able to accept credit is a major plus for her business since
most jewelry purchases are rather expensive.
• Challenge:
• She has heard about more stringent security requirements which
affect her NURIT 2085+ but is not concerned since she does not
accept PIN debit
• After doing some research she realizes that by offering PIN debit to
her customers, she could be saving money due to the lower
transaction fees. Plus she’s noticed that more people are using
their debit cards due to the current economic conditions.

13
Merchant Scenario #2 - Conclusion
• Solution: Susie decides to upgrade to the V x 670 portable device
• It can be used anywhere in the store – customers can pay right
where they make their jewelry selection and do not have to walk
across the store floor.
• Customers can complete their own transactions and do not have to
give up their credit card which gives them peace of mind
• Susie has all the benefits of a portable device which comes in
handy when she visits jewelry shows and fares
• Ability to accept PIN debit which means lower overall transaction
costs.

14
Now Is The Time To Upgrade Your Merchants To A Higher
Functioning Device
Shift to Newer Technology
Usability & Security
“Design Focused”
Speed & IP
“Performance”

15
Feature Expansion + Value
• Multiple Reasons to Focus on Latest Products
– Higher Value (“More Bang for the Buck”)
– Lower Cost of Ownership & Reliability
– Portability – Taking payment to the Point of Service
– Customer Stickiness + Features
• Multiple application support
– Performance & Speed

16
Pro-Actively Promote Security
• Educate against unsecure devices for transactions
– Secure terminals, even if no PIN
– Replace never approved devices before July 2010
– Promote new PCI PED approved devices
• Promote End-to-End Data Encryption
– VeriShield Protect
– www.verifone.com/security

17
VeriFone’s Position
• Created the PCI PED upgrade program to help our partners to
remove never approved PIN pads and devices out of the market
• We want to help you leverage the opportunity to move merchants
to a new VeriFone product (and even upgrade to a higher
functioning device) and replace the old
• We believe at this phase, education is crucial

18
Campaign Overview
• The expired parking meter is
our theme graphic and will be
a graphic element on
materials
• Program started July 2009
• Education very important
since topic is complex
• Creating Acquirer and
Merchant specific information

19
Advertising Support
• Trade publication advertising for
several months will support this
campaign

20
Acquirer Collateral
• White Paper
• Flyer
• FAQs
• How to upsell your
merchants
• Tool Kit (Interactive PDF)
• Product Upgrade Chart
• All materials are available on
the landing page
www.verifone.com/pciped
• And the VeriFone Zone
www.verifonezone.com

21
Merchant Collateral
• Merchant Educational Package
– Easy to understand overview, product charts, frequently asked
questions, additional resources
• Merchant Flyer
– One page sheets with key dates and deadlines
• Online Resources:
– PCI Security Council
– Merchant SAQ
– www.verifone.com/pciped (Merchant Tab)

22
PCI PED Landing Page
• Breach Calculator
• Countdown clock
• Collateral
• White Paper
• Product Upgrade Chart
Countdown Clock
Breach Calculator
White Paper
Collateral

23
Breach Calculator
10
6
30,000

24
PCI PED Compliance Chart
This chart
applies to
countertop and
mobile
merchants

25
PCI PED Compliance Chart
This chart applies to
multi-lane retail devices

26
More Tools at www.VeriFonezone.com
• All the tools presented here today are available for download at
the VeriFone Zone (www.verifonezone.com)
• There is chart for all VeriFone products that are never approved
and PCI PED approved as well as the recommended upgrade
– This piece is only available at the Zone

27
V x Solutions - A Platform for Now and for the Future
Compatibility
Security
Performance
Delivering
• Consistent user interface
• Consistent software base
• Consistent support needs
• PA DSS accepted applications
• PCI PED approved
• Part of a complete end-to-end encryption
• High-speed processor
• Multi-application capabilities
• Many connectivity options
• Lower cost of sales, ownership and support
• Easy to understand “up-sell” strategy
• Opens new markets with little investment
• Complete line of products and solutions

28
Compatibility Broadens Your Offering
• Consistency across form factors offers complete
line of solutions for all market segments and
customer needs
– Single function multi-application
– Fixed transportable portable
– Customer facing clerk facing
• More certifications than any other hardware
provider make selling, installing, supporting, and
expanding simpler

29
MX Family, Solutions for Multi-Lane Retailers
• Customer facing payment solutions
• All built on a common,
secure platform
• All run the same applications
• Share consistent user interfaces
• All are PCI PED approved
• Interchangeable and field-upgradable modules
future-proof your investment
offer a lower cost of ownership

30
PIN Pad 1000SE
• Number one selling PIN pad in the
industry!
• Easy to use PIN debit entry
• PCI PED approved to meet the latest
standards for secure PIN entry
• Future-proof payment solution, fully
updatable and compatible
• Provides the best protection against
fraud for merchants and consumers;
• USB option provides another way to
connect to a PC software program
which minimizes cabling and
countertop clutter

31
Additional Resources
• PCI PED website
https://www.pcisecuritystandards.org/security_standards/ped/ind
ex.shtml
• PCI PED list of approved devices
https://www.pcisecuritystandards.org/security_standards/ped/pe
dapprovallist.html
• VeriFone Security Page www.verifone.com/security
• Secure Retail Payments http://www.verifone.com/industrysolutions/retail/payment-trends--
security/secureretailpaymentscom.aspx
• Visa
– http://broadcast01p.visabroadcasts.com/doc/20090422091220/51634
59b29ec9fcdb6f98ceddad92d3d

32
Thank You
Questions
We want your feedback – please complete
the poll at
http://surveys.polldaddy.com/s/C8DE129DFADCBF5B/
Download this presentation and the
recording at
www.verifonezone.com