Presentation Title Here - Verifonezone.com
Presentation Title Here - Verifonezone.com
Presentation Title Here - Verifonezone.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Countdown to<br />
Compliance<br />
September 2009
2<br />
Introduction<br />
• This presentation is geared to merchant acquirers and ISOs in the<br />
financial services industry that sell to small to mid-sized merchants<br />
• It is not designed for:<br />
– Petroleum ISVs<br />
– Multi-lane retailers<br />
– VARs<br />
– Transportation<br />
– Retail Banking<br />
• If you’re in the petroleum space visit:<br />
http://www.verifone.<strong>com</strong>/sites/secure-pumppay.aspx<br />
• If you’re in the multi-lane retail space visit:<br />
http://www.verifone.<strong>com</strong>/mx-800-series.aspx
3<br />
Agenda<br />
• Breach Concerns<br />
• What is PCI PED<br />
• Sample Scenarios<br />
• VeriFone’s PCI PED Campaign<br />
• V x Solutions and MX Solutions Overview<br />
• Q&A
4<br />
Why worry about a Breach<br />
• Industry research indicates that many merchants do not know much<br />
about security<br />
• In fact, Visa research indicates that <strong>com</strong>pliance was lowest among<br />
level 4 merchants<br />
• According to industry research by Verizon, 81 percent of the<br />
organizations that experienced a breach “were not Payment Card<br />
Industry (PCI) <strong>com</strong>pliant,”<br />
• 75 percent of the breaches it investigated involved the retail (31<br />
percent), financial services (30 percent) and food & beverage (14<br />
percent) industries<br />
• More than 80% of breaches since 2005 have happened at small<br />
merchants<br />
• You only hear about the bigger breaches but smaller ones occur<br />
every day
5<br />
Security Breaches In The News
6<br />
What is PCI PED<br />
• PCI PED requirements are primarily concerned with device<br />
characteristics impacting the security of the PIN Entry Device used<br />
by the cardholder during a financial transaction.<br />
• These rules are to protect the consumer from fraud.<br />
• There are two factors involved in PCI PED requirements.<br />
– Device characteristics – the physical and logical security<br />
characteristics of the device that deter a physical attack on the<br />
device—for example, the penetration of the device to determine its<br />
key(s) or to plant a PIN-disclosing “bug” within it or allowing the<br />
device to output a clear-text PIN-encryption key<br />
– Device management considers how the PED is produced, controlled,<br />
transported, stored, and used throughout its lifecycle<br />
• The deadline to remove PCI PED ‘never approved’ devices from the<br />
market is July 1, 2010.<br />
– Most of these devices were manufactured before 2004<br />
• Visa has issued a tentative removal date of Dec 2014 for all Visa<br />
PED approved devices
7<br />
PED Approval Recap<br />
Never Approved<br />
Visa PED Approved<br />
Merchants/Retailers<br />
Must Stop PIN use by<br />
July 2010<br />
Manufacturers MUST<br />
NOT place for PIN after<br />
December 2007<br />
And must be removed by<br />
December 2014<br />
PCI PED Approved<br />
Manufacturers MUST<br />
place for PIN entry after<br />
12/2007
8<br />
Impact to the Retailer/Merchant<br />
• There has been much confusion over the impact to a retailer who<br />
does not meet the Visa July 1, 2010 mandates for payment security<br />
• To review, there are three different mandates from Visa that must<br />
be met by US merchants by July 1, 2010. These are:<br />
– All never approved payment devices on which PIN debit transactions<br />
are conducted must be removed from service. This includes any<br />
terminal that is not either VISA PED or PCI PED.<br />
– All debit card PINs must be encrypted in TDES from the payment<br />
device<br />
– All applications that “store, process, or transmit cardholder<br />
information” must be PA-DSS or PABP <strong>com</strong>pliant
9<br />
How do I upgrade by merchants<br />
• Replace never approved devices with higher-functioning devices<br />
• Add a <strong>com</strong>pliant PCI PED approved PIN Pad like the PP1000SE<br />
• Use this opportunity as a way to add value to replace the older<br />
device<br />
– Value added applications<br />
• Gift card<br />
• Loyalty<br />
– PIN debit<br />
– Faster devices<br />
– Pay at the point of service
10<br />
How to Upgrade Your Merchant - Sample Scenario<br />
Type of Retailer:<br />
•Type of Retailer: Sports Memorabilia Vendor in<br />
Mall<br />
Scenario: Tim owns a sports memorabilia store<br />
in a busy mall.<br />
• Accepting electronic payments for many years<br />
using an Omni 3210 countertop device<br />
• Being able to accept credit and debit cards is a<br />
major plus for his business.<br />
Challenge:<br />
• Has heard about more stringent security<br />
requirements which affect his Omni 3210.<br />
• He calls his ISO rep who refers him to<br />
VeriFone’s PCI PED landing page where he finds a<br />
wealth of knowledge and easy to understand<br />
materials.<br />
•He also realizes that technology has <strong>com</strong>e a<br />
long way and decides that it’s time to upgrade to<br />
a wireless device to eliminate the expense of his<br />
phone line.
11<br />
Achieve Compliance with the V x 510 GPRS<br />
Solution: Upgrade to a higher functioning and PCI PED <strong>com</strong>pliant<br />
V x 510 GPRS for faster transactions and more flexibility<br />
• Tim now has the peace of mind knowing that his V x 510 GPRS is<br />
<strong>com</strong>pliant with the latest security requirements.<br />
• Also has the added benefits of faster transactions and a mobile<br />
device<br />
– The V x 510 GPRS accepts payments anywhere there is a power source<br />
which is great when Tim visits fairs or sets up a mall kiosk.<br />
– He no longer needs to pay for an extra phone or DSL line which saves<br />
him additional money.<br />
– The ability to accept PIN debit is another plus since debit transactions<br />
mean lower overall transaction costs for his business.
12<br />
Merchant Scenario #2<br />
• Type of Retailer: Jewelry Store<br />
• Scenario: Susie owns a successful jewelry store<br />
• Accepting electronic payments for many years using a NURIT 2085+<br />
countertop device<br />
• Being able to accept credit is a major plus for her business since<br />
most jewelry purchases are rather expensive.<br />
• Challenge:<br />
• She has heard about more stringent security requirements which<br />
affect her NURIT 2085+ but is not concerned since she does not<br />
accept PIN debit<br />
• After doing some research she realizes that by offering PIN debit to<br />
her customers, she could be saving money due to the lower<br />
transaction fees. Plus she’s noticed that more people are using<br />
their debit cards due to the current economic conditions.
13<br />
Merchant Scenario #2 - Conclusion<br />
• Solution: Susie decides to upgrade to the V x 670 portable device<br />
• It can be used anywhere in the store – customers can pay right<br />
where they make their jewelry selection and do not have to walk<br />
across the store floor.<br />
• Customers can <strong>com</strong>plete their own transactions and do not have to<br />
give up their credit card which gives them peace of mind<br />
• Susie has all the benefits of a portable device which <strong>com</strong>es in<br />
handy when she visits jewelry shows and fares<br />
• Ability to accept PIN debit which means lower overall transaction<br />
costs.
14<br />
Now Is The Time To Upgrade Your Merchants To A Higher<br />
Functioning Device<br />
Shift to Newer Technology<br />
Usability & Security<br />
“Design Focused”<br />
Speed & IP<br />
“Performance”
15<br />
Feature Expansion + Value<br />
• Multiple Reasons to Focus on Latest Products<br />
– Higher Value (“More Bang for the Buck”)<br />
– Lower Cost of Ownership & Reliability<br />
– Portability – Taking payment to the Point of Service<br />
– Customer Stickiness + Features<br />
• Multiple application support<br />
– Performance & Speed
16<br />
Pro-Actively Promote Security<br />
• Educate against unsecure devices for transactions<br />
– Secure terminals, even if no PIN<br />
– Replace never approved devices before July 2010<br />
– Promote new PCI PED approved devices<br />
• Promote End-to-End Data Encryption<br />
– VeriShield Protect<br />
– www.verifone.<strong>com</strong>/security
17<br />
VeriFone’s Position<br />
• Created the PCI PED upgrade program to help our partners to<br />
remove never approved PIN pads and devices out of the market<br />
• We want to help you leverage the opportunity to move merchants<br />
to a new VeriFone product (and even upgrade to a higher<br />
functioning device) and replace the old<br />
• We believe at this phase, education is crucial
18<br />
Campaign Overview<br />
• The expired parking meter is<br />
our theme graphic and will be<br />
a graphic element on<br />
materials<br />
• Program started July 2009<br />
• Education very important<br />
since topic is <strong>com</strong>plex<br />
• Creating Acquirer and<br />
Merchant specific information
19<br />
Advertising Support<br />
• Trade publication advertising for<br />
several months will support this<br />
campaign
20<br />
Acquirer Collateral<br />
• White Paper<br />
• Flyer<br />
• FAQs<br />
• How to upsell your<br />
merchants<br />
• Tool Kit (Interactive PDF)<br />
• Product Upgrade Chart<br />
• All materials are available on<br />
the landing page<br />
www.verifone.<strong>com</strong>/pciped<br />
• And the VeriFone Zone<br />
www.verifonezone.<strong>com</strong>
21<br />
Merchant Collateral<br />
• Merchant Educational Package<br />
– Easy to understand overview, product charts, frequently asked<br />
questions, additional resources<br />
• Merchant Flyer<br />
– One page sheets with key dates and deadlines<br />
• Online Resources:<br />
– PCI Security Council<br />
– Merchant SAQ<br />
– www.verifone.<strong>com</strong>/pciped (Merchant Tab)
22<br />
PCI PED Landing Page<br />
• Breach Calculator<br />
• Countdown clock<br />
• Collateral<br />
• White Paper<br />
• Product Upgrade Chart<br />
Countdown Clock<br />
Breach Calculator<br />
White Paper<br />
Collateral
23<br />
Breach Calculator<br />
10<br />
6<br />
30,000
24<br />
PCI PED Compliance Chart<br />
This chart<br />
applies to<br />
countertop and<br />
mobile<br />
merchants
25<br />
PCI PED Compliance Chart<br />
This chart applies to<br />
multi-lane retail devices
26<br />
More Tools at www.VeriFonezone.<strong>com</strong><br />
• All the tools presented here today are available for download at<br />
the VeriFone Zone (www.verifonezone.<strong>com</strong>)<br />
• There is chart for all VeriFone products that are never approved<br />
and PCI PED approved as well as the re<strong>com</strong>mended upgrade<br />
– This piece is only available at the Zone
27<br />
V x Solutions - A Platform for Now and for the Future<br />
Compatibility<br />
Security<br />
Performance<br />
Delivering<br />
• Consistent user interface<br />
• Consistent software base<br />
• Consistent support needs<br />
• PA DSS accepted applications<br />
• PCI PED approved<br />
• Part of a <strong>com</strong>plete end-to-end encryption<br />
• High-speed processor<br />
• Multi-application capabilities<br />
• Many connectivity options<br />
• Lower cost of sales, ownership and support<br />
• Easy to understand “up-sell” strategy<br />
• Opens new markets with little investment<br />
• Complete line of products and solutions
28<br />
Compatibility Broadens Your Offering<br />
• Consistency across form factors offers <strong>com</strong>plete<br />
line of solutions for all market segments and<br />
customer needs<br />
– Single function multi-application<br />
– Fixed transportable portable<br />
– Customer facing clerk facing<br />
• More certifications than any other hardware<br />
provider make selling, installing, supporting, and<br />
expanding simpler
29<br />
MX Family, Solutions for Multi-Lane Retailers<br />
• Customer facing payment solutions<br />
• All built on a <strong>com</strong>mon,<br />
secure platform<br />
• All run the same applications<br />
• Share consistent user interfaces<br />
• All are PCI PED approved<br />
• Interchangeable and field-upgradable modules<br />
future-proof your investment<br />
offer a lower cost of ownership
30<br />
PIN Pad 1000SE<br />
• Number one selling PIN pad in the<br />
industry!<br />
• Easy to use PIN debit entry<br />
• PCI PED approved to meet the latest<br />
standards for secure PIN entry<br />
• Future-proof payment solution, fully<br />
updatable and <strong>com</strong>patible<br />
• Provides the best protection against<br />
fraud for merchants and consumers;<br />
• USB option provides another way to<br />
connect to a PC software program<br />
which minimizes cabling and<br />
countertop clutter
31<br />
Additional Resources<br />
• PCI PED website<br />
https://www.pcisecuritystandards.org/security_standards/ped/ind<br />
ex.shtml<br />
• PCI PED list of approved devices<br />
https://www.pcisecuritystandards.org/security_standards/ped/pe<br />
dapprovallist.html<br />
• VeriFone Security Page www.verifone.<strong>com</strong>/security<br />
• Secure Retail Payments http://www.verifone.<strong>com</strong>/industrysolutions/retail/payment-trends--<br />
security/secureretailpayments<strong>com</strong>.aspx<br />
• Visa<br />
– http://broadcast01p.visabroadcasts.<strong>com</strong>/doc/20090422091220/51634<br />
59b29ec9fcdb6f98ceddad92d3d
32<br />
Thank You<br />
Questions<br />
We want your feedback – please <strong>com</strong>plete<br />
the poll at<br />
http://surveys.polldaddy.<strong>com</strong>/s/C8DE129DFADCBF5B/<br />
Download this presentation and the<br />
recording at<br />
www.verifonezone.<strong>com</strong>