Está en la página 1de 9

The Evolution Continues

VeriFone VX Evolution - First complete product line to offer PCI PTS 3.0 approved solutions

Threats to electronic payment transactions and personal information continue to grow. Data breaches can be a moving target as security improves, hackers devise new plans of attack. Recovering from a breach could devastate a business. Thats why for many businesses its critical to stay on the leading edge of payment security. In May 2010, the Payment Card Industry Security Standards Council (PCI SSC) announced the PCI PIN Transaction Security (PTS) 3.0 payment security standard. VeriFone is the first payment provider to integrate the sophisticated, unprecedentedly secure PCI PTS 3.0 protections across its entire family of innovative VX Evolution payment devices. If your business demands the absolute best in payment security, you need to talk to VeriFone today about what PCI PTS 3.0 can do for you.

PCI PTS 3.0 Security Standards

Growing Challenges
Security Is ImprovingBut So Are Criminals. According to The Green Sheet, an online news magazine that focuses on emerging issues in the payments industry, in the U.S. alone there were 181 data breaches in 2010 that impacted financial services, insurance or retail businesses. This was up from 37 such breaches in 2009.1 Globally, both figures would be considerably higher. While some of these breaches were the result of lost, stolen or discarded PCs, cell phones and the like, more than a third of the losses were from hacker or malware attacks. Fraud schemes not only focus on hacking software, but they also can seek to gain physical access to payment devices to enable criminal rings to capture sensitive card information to steal cardholders funds. As the hackers keep evolving their tactics, its essential that payment security gets strengthened to prevent security breaches. PCI PED 2.0 or PCI PTS 3.0 Only VeriFone Gives You a Complete Choice. VeriFone has consistently led the payment industry in providing devices and applications that meet the latest payment security guidelines. The PCI PED 2.0 standard, which first took effect in 2008, can be expected to provide an acceptable level of protection for organizations with relatively ordinary security requirements for a number of years. But for resellers and merchants that require absolutely the most advanced security protections possible not only today, but also well into the future after the current PCI PED 2.0 standard has been retired VeriFone now offers the only family of approved products with the latest in PCI PIN Transaction Security (PCI PTS) 3.0 standard. Three years in the making with input and contributions from a variety of panels and providers with an interest in payment security PCI PTS 3.0 represents by far the most sophisticated, robust and all-encompassing standard for card security ever brought to the market. And VeriFones advanced VX Evolution family of devices through its flagship countertop, portable and PIN pad models is the first complete product line to offer the extraordinary protections of PCI PTS 3.0 for resellers and merchants that want to minimize their exposure to risk to the greatest degree possible.

VeriFone has consistently led the payment industry in providing devices and applications that meet the latest payment security guidelines.

Copyright, Privacy Rights Clearinghouse, as published in The Green Sheet, January 24,2011.

PCI PTS 3.0 Security Standards

PCI PED 2.0 or PCI PTS 3.0?


PCI PED 2.0 Three separate sets of requirements - Point of Sales PIN Entry Devices (PED) - Encrypting PIN Pads (EPP) - Unattended Payment Terminals (UPT) Additional magnetic stripe protection Top case replacement protection All encryption keys must have different values (enforced by devices) Approved key management schemes only

PCI PTS 3.0 Has combined sets of requirements Three modules for evaluations requirements - Open Protocols applies to Internet Protocol (IP) or to ethernet and wireless-enabled devices - Secure Reading & Exchange of Data (SRED) secure reading and encryption of card holder data at the point of entry - Integration addresses the integration of components in an unattended POS PIN acceptance device Mag-stripe read-head protection security level increased Case Open Protection security level increased Mandating that at least 50% of security score comes from exploitation protection Smart card protection security increased Increased software security validation Daily-self test of software in additional to power up self test must use cryptographic methods

PCI PED 2.0 or PCI PTS 3.0 Only VeriFone Gives You a Complete Choice.

PCI PTS 3.0 Security Standards

VeriFones Security Triad


VeriFone Provides Three Types of Security to Protect Payment Information VeriFone has 30 years of unmatched experience in designing and implementing the most sophisticated security solutions in the industry. To combat the increasing sophistication of hacker attacks, VeriFone has developed a multifaceted approach to security protection. This security triad includes: Physical protection Logical security Compliance with the latest industry and regulatory standards To achieve a high level of physical security, VeriFone builds a variety of tamperresistant and responsive features into its payment devices. The objective is to make it extraordinarily difficult for a criminal ring to alter devices to capture sensitive cardholder information. For logical security, VeriShield Total Protect combines end-to-end encryption and tokenization to deliver one of the most secure solutions for data protection today. Other software and services capabilities that provide logical security include innovative file authentication methods and convenient yet highly-secure remote key injection. PCI PTS 3.0 Offers Greater Protections and Exciting Opportunities for Resellers and Merchants In the third leg of the triad regulatory security VeriFone has been an industry leader for years, holding a seat on a number of the working bodies responsible for developing and implementing the latest compliance standards. That additional protection is precisely what PCI PTS 3.0 provides resellers and merchants that want to virtually eliminate their exposure to the bad press and potentially catastrophic losses from a major fraud incident or data breach.
ro te c tio n

gu Re

la
PCI SPVA

Tamper-evident/Tamper-detection One way screws Special gluing & security labels Security fence/keypad Case open switches VeriShield Total Protect VeriShield Hidden Encryption VeriShield Retain Triple Data Encryption Standard VeriShield Remote Key EMV 4.0 SSl & MasterCard PTS

Broader Scope and a Single Evaluation Program PCI PTS 3.0 provides a single, highly efficient and effective security evaluation program for POS devices, encrypting PIN pads (EPPs) and unattended payment devices simplifying and strengthening existing requirements to increase security. In addition, the new standard broadens the scope of security protections.

Lo

gic al

Ph

ys

ica

lP

to r

PCI PTS 3.0 Security Standards

Additional Security Protections Built into VX Evolution VeriFones implementation of PCI PTS 3.0 in its VX Evolution family of payment devices also includes the following protections: Improved case-open tamper resistance for its devices Better mag-stripe read-head protection Implementation of higher security for smart card usage Use of end-to-end encryption where data is encrypted from the instant a card is swiped and provide further protection against fraud Daily self-testing of software plus the use of cryptographic methods as the primary means for checking either system integrity or file authentication Resellers and merchants that rely on VeriFone for payment security also benefit from the fact that the company does not merely adhere to the latest PCI regulations, it actively helps develop and draft the guidelines. VeriFone serves on the PCI Security Standards Council Board of Advisors, providing input into the various PCI standards. The company is also a founding member of the Secure Payment Vendors Alliance (SPVA). In addition, in an advisory role for the American National Standards Institute (ANSI), VeriFone has contributed to: X9A Regulating electronic retail financial transactions X9F Setting standards for data and information security Various ANSI workgroups that contribute to the ISO security workgroup

VeriFone serves on the PCI Security Standards Council Board of Advisors, providing input into the various PCI standards.

PCI PTS 3.0 Security Standards

PCI PTS 3.0 Available NOW!


Meeting and Exceeding Industry Requirements For organizations that are comfortable with the security protections provided by the current PCI PED 2.0 standard, VeriFone offers a wide array of POS devices designed for every possible environment from traditional countertop to mobile payment, and from multi-lane merchants to healthcare providers or transit agencies. But for customers that are willing to spend a little more to invest in the absolutely best security protection available with the longest projected life VeriFone is once again demonstrating its industry leadership by becoming the first payment provider to incorporate the PCI PTS 3.0 standard into a full line of payment devices: VeriFones state-of-the-art VX Evolution platform. The new standard is available as a premium option on both the VX 520 countertop and VX 680 portable devices. And it comes standard as part of the VX 820 PIN pad. These VX Evolution models not only provide resellers and merchants with the latest and most sophisticated security protections available today, but they also deliver the qualities that help set VeriFone products apart from all others: exceptional functionality, extraordinary quality and absolute trust that the devices will perform dependably and reliably, year after year.

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

Unapproved or non-compliant devices must be removed from service by June 30, 2010. Devices purchased before Dec. 31, 2007 can be deployed. EU devices must be removed by Dec. 31, 2012. All other devices must be removed by Dec. 31, 2014. Devices purchased before March 2014 can be deployed.

Unapproved Devices

Visa PED Devices


(Pre-PCI Devices)

PCI PED 1 Devices

Devices purchased before March 2017 can be deployed.

PCI PED 2 Devices

Devices purchased before March 2020 can be deployed.

PCI PTS 3 Devices

Available to purchase

Approved for continued use

Not available for purchase or use

PCI PTS 3.0 Security Standards

The PCI PED 2.0 standard is by no means obsolete. In fact, merchants have the option of purchasing PCI PED 2.0 approved devices at least through 2016. But when one thinks about it, doesnt it make more sense to pay a little more now for VeriFones PCI PTS 3.0 compliant VX Evolution line and avoid having to upgrade again and certify a whole new set of devices halfway through a solutions lifecycle in a few years - not to mention, the added peace of mind? Any investment thats made in new devices and software thats PCI PTS 3.0 compliant will continue to meet PCI SSC approved standards for payment card security long after the older PCI PED 2.0 compliant solutions must be removed from the POS. Merchants and resellers simply need to make the decision thats best for them.

Inside Look
CASE GLUING SECURITY FENCE SECURITY LABELS VOLTAGE SENSORS REGULATE ELECTRONIC EMISSIONS CASE OPEN SWITCHES PCB GRID SECRET KEYS
KEYPAD SWITCH ES

How VeriFone Leads in Physical and Logical Security As Well VeriFone is not only a leader in ensuring that its devices adhere to the latest compliance standards, but it has also incorporated groundbreaking physical and logical security protections into its POS devices and applications. Physical Protections VeriFone incorporates tamper-resistant, responsive and tamperevident features into every device it designs and builds. These physical protections are layered as illustrated to the left.

ONE WAY SCREWS

KEYPAD TRACES HIDDEN VERY LITTLE SPACE

PCI PTS 3.0 Security Standards

Conclusion
Increasing Risks Warrant a Higher Standard Frequent stories of hacker attacks and fraud schemes targeting electronic payments is a constant reminder that risks for everyone payment providers, resellers, merchants and consumers continue to grow. The latest PCI PTS 3.0 security standard makes it easier to secure sensitive card data at the point of interaction against the increasing sophistication of these attacks. VeriFone is pleased to be able to participate in the development of these new standards and proud to be the first to offer them to resellers and merchants that want the latest protections. For more information about PCI PED 2.0 and PCI PTS 3.0 and which might be best for you, contact your VeriFone representative or http://www.verifone.com/about-us/contact-us.

2011 VeriFone, Inc. All rights reserved. VeriFone, the VeriFone Logo, VX Evolution, VX 520, VX 680, VX 820, VX 820 DUET, VeriShield Total Protect, VeriShield Remote Key, VeriShield Hidden Encryption and VeriShield Retain are either trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the properties of their respective holders. All features and specifications are subject to change without notice. Reproduction or posting of this document without prior VeriFone approval is prohibited. 02/11 45897 Rev A FS

PCI PTS 3.0 Security Standards

También podría gustarte