Documentos de Académico
Documentos de Profesional
Documentos de Cultura
VeriFone VX Evolution - First complete product line to offer PCI PTS 3.0 approved solutions
Threats to electronic payment transactions and personal information continue to grow. Data breaches can be a moving target as security improves, hackers devise new plans of attack. Recovering from a breach could devastate a business. Thats why for many businesses its critical to stay on the leading edge of payment security. In May 2010, the Payment Card Industry Security Standards Council (PCI SSC) announced the PCI PIN Transaction Security (PTS) 3.0 payment security standard. VeriFone is the first payment provider to integrate the sophisticated, unprecedentedly secure PCI PTS 3.0 protections across its entire family of innovative VX Evolution payment devices. If your business demands the absolute best in payment security, you need to talk to VeriFone today about what PCI PTS 3.0 can do for you.
Growing Challenges
Security Is ImprovingBut So Are Criminals. According to The Green Sheet, an online news magazine that focuses on emerging issues in the payments industry, in the U.S. alone there were 181 data breaches in 2010 that impacted financial services, insurance or retail businesses. This was up from 37 such breaches in 2009.1 Globally, both figures would be considerably higher. While some of these breaches were the result of lost, stolen or discarded PCs, cell phones and the like, more than a third of the losses were from hacker or malware attacks. Fraud schemes not only focus on hacking software, but they also can seek to gain physical access to payment devices to enable criminal rings to capture sensitive card information to steal cardholders funds. As the hackers keep evolving their tactics, its essential that payment security gets strengthened to prevent security breaches. PCI PED 2.0 or PCI PTS 3.0 Only VeriFone Gives You a Complete Choice. VeriFone has consistently led the payment industry in providing devices and applications that meet the latest payment security guidelines. The PCI PED 2.0 standard, which first took effect in 2008, can be expected to provide an acceptable level of protection for organizations with relatively ordinary security requirements for a number of years. But for resellers and merchants that require absolutely the most advanced security protections possible not only today, but also well into the future after the current PCI PED 2.0 standard has been retired VeriFone now offers the only family of approved products with the latest in PCI PIN Transaction Security (PCI PTS) 3.0 standard. Three years in the making with input and contributions from a variety of panels and providers with an interest in payment security PCI PTS 3.0 represents by far the most sophisticated, robust and all-encompassing standard for card security ever brought to the market. And VeriFones advanced VX Evolution family of devices through its flagship countertop, portable and PIN pad models is the first complete product line to offer the extraordinary protections of PCI PTS 3.0 for resellers and merchants that want to minimize their exposure to risk to the greatest degree possible.
VeriFone has consistently led the payment industry in providing devices and applications that meet the latest payment security guidelines.
Copyright, Privacy Rights Clearinghouse, as published in The Green Sheet, January 24,2011.
PCI PTS 3.0 Has combined sets of requirements Three modules for evaluations requirements - Open Protocols applies to Internet Protocol (IP) or to ethernet and wireless-enabled devices - Secure Reading & Exchange of Data (SRED) secure reading and encryption of card holder data at the point of entry - Integration addresses the integration of components in an unattended POS PIN acceptance device Mag-stripe read-head protection security level increased Case Open Protection security level increased Mandating that at least 50% of security score comes from exploitation protection Smart card protection security increased Increased software security validation Daily-self test of software in additional to power up self test must use cryptographic methods
PCI PED 2.0 or PCI PTS 3.0 Only VeriFone Gives You a Complete Choice.
gu Re
la
PCI SPVA
Tamper-evident/Tamper-detection One way screws Special gluing & security labels Security fence/keypad Case open switches VeriShield Total Protect VeriShield Hidden Encryption VeriShield Retain Triple Data Encryption Standard VeriShield Remote Key EMV 4.0 SSl & MasterCard PTS
Broader Scope and a Single Evaluation Program PCI PTS 3.0 provides a single, highly efficient and effective security evaluation program for POS devices, encrypting PIN pads (EPPs) and unattended payment devices simplifying and strengthening existing requirements to increase security. In addition, the new standard broadens the scope of security protections.
Lo
gic al
Ph
ys
ica
lP
to r
Additional Security Protections Built into VX Evolution VeriFones implementation of PCI PTS 3.0 in its VX Evolution family of payment devices also includes the following protections: Improved case-open tamper resistance for its devices Better mag-stripe read-head protection Implementation of higher security for smart card usage Use of end-to-end encryption where data is encrypted from the instant a card is swiped and provide further protection against fraud Daily self-testing of software plus the use of cryptographic methods as the primary means for checking either system integrity or file authentication Resellers and merchants that rely on VeriFone for payment security also benefit from the fact that the company does not merely adhere to the latest PCI regulations, it actively helps develop and draft the guidelines. VeriFone serves on the PCI Security Standards Council Board of Advisors, providing input into the various PCI standards. The company is also a founding member of the Secure Payment Vendors Alliance (SPVA). In addition, in an advisory role for the American National Standards Institute (ANSI), VeriFone has contributed to: X9A Regulating electronic retail financial transactions X9F Setting standards for data and information security Various ANSI workgroups that contribute to the ISO security workgroup
VeriFone serves on the PCI Security Standards Council Board of Advisors, providing input into the various PCI standards.
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
Unapproved or non-compliant devices must be removed from service by June 30, 2010. Devices purchased before Dec. 31, 2007 can be deployed. EU devices must be removed by Dec. 31, 2012. All other devices must be removed by Dec. 31, 2014. Devices purchased before March 2014 can be deployed.
Unapproved Devices
Available to purchase
The PCI PED 2.0 standard is by no means obsolete. In fact, merchants have the option of purchasing PCI PED 2.0 approved devices at least through 2016. But when one thinks about it, doesnt it make more sense to pay a little more now for VeriFones PCI PTS 3.0 compliant VX Evolution line and avoid having to upgrade again and certify a whole new set of devices halfway through a solutions lifecycle in a few years - not to mention, the added peace of mind? Any investment thats made in new devices and software thats PCI PTS 3.0 compliant will continue to meet PCI SSC approved standards for payment card security long after the older PCI PED 2.0 compliant solutions must be removed from the POS. Merchants and resellers simply need to make the decision thats best for them.
Inside Look
CASE GLUING SECURITY FENCE SECURITY LABELS VOLTAGE SENSORS REGULATE ELECTRONIC EMISSIONS CASE OPEN SWITCHES PCB GRID SECRET KEYS
KEYPAD SWITCH ES
How VeriFone Leads in Physical and Logical Security As Well VeriFone is not only a leader in ensuring that its devices adhere to the latest compliance standards, but it has also incorporated groundbreaking physical and logical security protections into its POS devices and applications. Physical Protections VeriFone incorporates tamper-resistant, responsive and tamperevident features into every device it designs and builds. These physical protections are layered as illustrated to the left.
Conclusion
Increasing Risks Warrant a Higher Standard Frequent stories of hacker attacks and fraud schemes targeting electronic payments is a constant reminder that risks for everyone payment providers, resellers, merchants and consumers continue to grow. The latest PCI PTS 3.0 security standard makes it easier to secure sensitive card data at the point of interaction against the increasing sophistication of these attacks. VeriFone is pleased to be able to participate in the development of these new standards and proud to be the first to offer them to resellers and merchants that want the latest protections. For more information about PCI PED 2.0 and PCI PTS 3.0 and which might be best for you, contact your VeriFone representative or http://www.verifone.com/about-us/contact-us.
2011 VeriFone, Inc. All rights reserved. VeriFone, the VeriFone Logo, VX Evolution, VX 520, VX 680, VX 820, VX 820 DUET, VeriShield Total Protect, VeriShield Remote Key, VeriShield Hidden Encryption and VeriShield Retain are either trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the properties of their respective holders. All features and specifications are subject to change without notice. Reproduction or posting of this document without prior VeriFone approval is prohibited. 02/11 45897 Rev A FS