FUTURE OF CREDIT CARD PAYMENT APPLICATION SECURITY:
|
|
- Junior O’Connor’
- 6 years ago
- Views:
Transcription
1 FUTURE OF CREDIT CARD PAYMENT APPLICATION SECURITY: PA-DSS VS P2PE ForenSecure 17 April 27, 2017
2 SPEAKER Joel Dubin, PCI QSA, PA-QSA, CISSP Senior Consultant, Application Validation -Eight years as a PA-QSA and QSA and five years in PCI for a global bank -Reviewed payment vendors from small mom-and-pop to major global companies -Conducted PA-DSS assessments in U.S., Latin America, Europe and Middle East -Scoped architectures for PCI, PA-DSS applications and P2PE
3 OVERVIEW Payment application architectures The payment application ecosystem Who is the PCI SSC? What is PA-DSS and P2PE? Current Issues with PA-DSS Growth and challenge of P2PE Advantages and Drawbacks of PA-DSS and P2PE The future of PA-DSS and payment application security
4 PAYMENT APP (POS) ARCHITECTURE I
5 PAYMENT APP (POS) ARCHITECTURE II
6 PAYMENT APP (POS) ARCHITECTURE III (P2PE)
7 WHO IS THE PCI SSC? Payment Card Industry Security Standards Council Visa MasterCard American Express Discover JCB One standard for merchants and service providers One standard for payment applications One standard for P2PE solution providers PCI PA-DSS P2PE
8 SUITE OF PCI STANDARDS Hierarchy of PCI Standards PTS è PIN-pad Level PA-DSS è Application Level PCI è Network Level P2PE è ALL OF THE ABOVE
9 WHAT IS PA-DSS? Payment Application Data Security Standard (PA-DSS) Card industry standard for payment applications
10 WHAT IS P2PE? P2PE stands for Point-to-Point Encryption Encryption of card data at the merchant point of acceptance Most frequently at the point of swipe or dip at the payment terminal Complete end-to-end encryption of card number From merchant location Through merchant network Over a public (i.e., Internet) or private network Ending at P2PE solution provider, may be a P2PE-certified acquirer
11 THE PROMISE OF P2PE The Holy Grail of P2PE in three words: PCI SCOPE REDUCTION
12 THE SIX DOMAINS OF P2PE
13 PARTS OF A P2PE SOLUTION Encryption of card data at point of swipe or dip PTS compliant PIN-pad with SRED functionality Domain 1 Key injection by P2PE solution provider or their third-party Encrypted card data flows untouched all the way out to the processor or acquirer No management of keys by merchant Key management and decryption handled by P2PE solution provider Domain 5 Decryption Domain 6 Key management
14 P2PE HIGH-LEVEL RECAP Card data is encrypted at point of swipe or dip... flows untouched through merchant environment... is never stored by the merchant at any point... encryption keys never handled by merchant... is only decrypted outside merchant at solution provider P2PE components PTS PIN-pad with SRED PIN-pads with pre-loaded keys by solution provider or their third party P2PE approved solution provider with decryption environment
15 THREE FLAVORS OF P2PE 1) All-in-one solution provider 2) Solution provider using P2PE components Outsourced PIN-pads Outsourced key injection Outsourced decryption Outsourced payment apps Domain 2 P2PE PA-DSS 3) Merchant provided solutions Segregated P2PE environment within PCI CDE Also called Hybrid P2PE solutions
16 GEOGRAPHIC SPREAD OF P2PE Europe Early adopters with regional or country-based processors Latin America One or two big processors dominate each country United States Large number of processors and acquirers, so slower to catch on Not as standardized as smaller countries but gaining traction
17 CURRENT ISSUES WITH PA-DSS Complicated and expensive assessments with PA-DSS 3.x Document and testing requirements difficult for smaller vendors Requirements for PA-QSA certification are more difficult Shrinking pool of qualified PA-QSAs and fewer SSC classes Changes in technology have removed some apps from scope Growth of P2PE and other end-to-end encryption technologies Vendors deliberately reducing releases to avoid assessments Vendors consolidating code base to reduce assessments
18 GROWTH AND CHALLENGE OF P2PE Rapidly gaining ground around the world Vendors moving toward implementing P2PE features in apps Merchants attracted to possible reduction of PCI scope But scope reduction isn t always as big as promised P2PE club is an exclusive elite but still growing Moves PCI headache from merchant to processor Moves management of payment apps from merchant to processor
19 PA-DSS VS P2PE PA-DSS P2PE Time Frame 2 to 3 months 6 months to a year Overhead 1-2 PA-QSAs Teams, sometimes multinational Reporting (ROV) About 200 pages Can be 600+ pages Implementation Assessor Training No change to merchant environment Must be QSA in good standing Must have pen test experience Must have been developer Must be CISSP Must have done two PCI ROCs >4 years experience Must pass SSC exam/requal New PIN-pads from solution provider May have to rip out plumbing Must be QSA/PA-QSA Must know encryption Must know PTS hardware Must have dev and pen testing Must have done two PCI ROCs >2 years experience in above Must pass SSC exam/requal Only about 60 P2PE QSAs
20 PA-DSS VS P2PE FAQ Will PA-DSS completely disappear as P2PE technologies advance? No. First, the SSC has a commitment to keeping PA-DSS alive and adapting it to new technologies. Second, P2PE requires significant overhead and, until now, has been a preserve of larger merchants and larger acquirers. In that case, since P2PE is so much more involved, will it buckle under and go back to PA-DSS? Not necessarily. The SSC has been streamlining the standard since it came out in 2013, and we re seeing smaller entities, other than just large acquirers entering the game. In fact, with the mix and match approach of assembling P2PE components from diverse thirdparties, it s getting easier for players to get on board.
21 PA-DSS VS P2PE FAQ (CONT D) Is P2PE the wave of the future? Yes and no. It s the current hot technology of today. But there are competitors with various types of tokenization, creative new encryption technologies and even cloud solutions challenging the traditional P2PE space. P2PE is here to stay, but it might be very different in a few years than what we re seeing today. Is there a shortage of P2PE QSAs? Absolutely, and the demand is outstripping the supply. The barriers to entry for P2PE QSAs are high and not coming down.
22 NESA P2PE AND E2E Non-Listed Encryption Solutions SSC work around for end-to-end encryption solutions that aren t fully P2PE compliant Can avoid overhead of full P2PE assessment, if applicable Must still be compliant with Domains 5 and 6 of P2PE NESA released in November 2016 by SSC Response to growth of E2E solutions resembling P2PE 1) Encryption and keys not handled by merchant 2) No card data storage by merchant 3) PTS approved PIN-pads encrypting at swipe or dip
23 FUTURE OF PA-DSS AND P2PE PA-DSS and P2PE will co-exist for the foreseeable future The decision of which to use, will be the same for the implementation of any technology: 1) Size of application vendor or merchant 2) Complexity of their environment and ease of implementation 3) Technological constraints 4) Business needs New technologies are being used and others will arise to challenge PA-DSS and P2PE in the future
24 FRUSTRATION NEVER ENDS
25 FOR MORE INFORMATION Check the PCI SSC web site:
26 MY CONTACT INFORMATION Joel Dubin, QSA, PA-QSA, CISSP Senior Consultant x7861
27 QUESTIONS?
PCI BLOG. P2PE, EMV, Tokenization, Oh My!
Page 1 of 8 PCI BLOG THE UNOFFICIAL PCI COMPLIANCE & IT SECURITY BLOG HOME PCI IN THE NEWS PCI TOOLS IT SEC. JOB BOARD DOCUMENTS CONTACT US FORUM P2PE, EMV, Tokenization, Oh My! June 14, 2016 PCI Blog
More informationPCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS
TRAILS INSIDERS LOGS MODEL PCI Compliance What It Is And How To Maintain It PCI COMPLIANCE WHAT IT IS AND HOW TO MAINTAIN IT HACKERS APPS BUSINESS PCI AUDIT BROWSER MALWARE COMPLIANCE VULNERABLE PASSWORDS
More informationCCV s self-service payment solutions drive PCI-DSS-compliant security
CCV s self-service payment solutions drive PCI-DSS-compliant security White Paper July 2016 1. Introduction This white Paper discusses the basic differences between the current PCI-DSS and the P2PE rules
More informationWhite Paper. Payment fraud threatens retail business. P2PE helps you fight back
verifone.co.uk White Paper Payment fraud threatens retail business P2PE helps you fight back 2 Payment fraud threatens retail business, P2PE helps you fight back Every day there are new headlines relating
More informationMerchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!
Merchant Services What You Need to Know Heather Nowak VP, CPP Senior Product Manager Agenda Overview of Merchant Services Why accept cards? What you need to know/consider Capabilities/Pricing/Contract
More informationEMV FAQ S FROM A MERCHANT S PERSPECTIVE
EMV FAQ S FROM A MERCHANT S PERSPECTIVE WHAT IS EMV? EMV, or Europay MasterCard Visa, is a fraudreducing technology that can help protect issuers, merchants and consumers against losses from the use of
More informationSAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS
SAMPLE DATA FLOW DIAGRAMS for MERCHANT ENVIRONMENTS To protect your environment against payment data theft, you first have to understand how you accept payments. What kind of equipment do you use, who
More informationFrequently Asked Questions for Merchants May, 2015
EMV Frequently Asked Questions for Merchants May, 2015 Copyright 2015 Vantiv, LLC. All rights reserved. *EMV is a registered trademark in the U.S. and other countries, and is an unregistered trademark
More informationEMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team
EMV, PCI, Tokenization, Encryption What You Should Know for 2015 Presented by: The Bryan Cave Payments Team Agenda Overview of Secured Payments Judie Rinearson (NY) EMV Courtney Stout (DC) End to End Encryption
More informationUnderstanding the SAQs for PCI DSS v3.0
Understanding the SAQs for PCI DSS v3.0 The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS self-assessment.
More informationStraight Answers on PCI and EMV
Straight Answers on PCI and EMV Gray Consulting November, 2015 Why We Are All Here This presentation is an attempt to demystify the challenges faced by the car wash industry, in dealing with secure, electronic
More informationEMV: Frequently Asked Questions for Merchants
EMV: Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationMOBILE CHECKOUT SOLUTION
MOBILE CHECKOUT SOLUTION MONEXgroup in this report introduces the Mobile Checkout Solution for merchants who process payments on-the-go using their Smartphone devices. Mobile Checkout allows businesses
More informationSecure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016
Secure Remote Payment Council (SRPc) White Paper Discussion: EMV Enhancements Post Implementation September 13, 2016 Objective This white paper is the fifth in the series developed by the Secure Remote
More informationFTFS. Fault Tolerant Financial Systems
FTFS Fault Tolerant Financial Systems Fault Tolerant Financial Systems - FTFS - is the modular solution designed to support Enterprises and Financial Institutions in channel management for POS, self service,
More informationElectronic Payments: PayPal vs. Credit Cards
Electronic Payments PayPal vs. Credit Cards 101109 R1 Objectives Electronic Payments: PayPal vs. Credit Cards Credit Cards - 20,000 foot view New Realities Credit Card Industry Considerations What Is Your
More informationPCI Requirements Office of Business and Finance Issued July 2015
PCI Requirements Office of Business and Finance Issued July 2015 This document provides supplemental information to be used in conjunction with the Payment Card Compliance policy to assist merchants and
More informationEMV Terminology Guide
To make life easier, TMG has compiled some of the most commonly used EMV terms in this guide. If you have questions about EMV, contact your Director of Client Relations directly or email clientrelations@themebersgroup.com.
More informationEMV Just the Facts. Ozarks Association of Government Accountants
EMV Just the Facts Ozarks Association of Government Accountants Speakers and Housekeeping EMV: Just the Facts Presentation Brad Hench Regional Sales Manager US Bank Elavon 45 minute presentation 10 minute
More informationEMV and Educational Institutions:
October 2014 EMV and Educational Institutions: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks,
More informationEMV Implementation Guide
iqmetrix Payment Processing 12/18/2014 EMV Implementation Guide 1-866-iQmetrix www.iqmetrix.com Table of Contents 1. Introduction... 2 2. What is EMV?... 2 3. How is a chip card different?... 2 4. How
More informationEMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...
EMV Chip Cards FREQUENTLY ASKED QUESTIONS Table of Contents GENERAL BACKGROUND...1 GENERAL FAQ...1 4 MERCHANT FAQ...5 PROCESSOR/ATM PROCESSOR FAQ... 6 ISSUER FAQ... 6 U.S.-SPECIFIC FAQ...7 8 GENERAL BACKGROUND
More informationPayment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS) Attestation of Validation Version 2.02
Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS) Attestation of Validation Version 2.02 April 2012 PA-DSS Attestation of Validation Instructions for Submission The Payment
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE Last Reviewed: December 13, 2017 Last Updated: December 19, 2017 PCI DSS Version: v3.2, rev 1.1 Prepared for: The
More informationEMV: The Race Is On! September 24, 2013
EMV: The Race Is On! September 24, 2013 Bill Thomas Vice President, Member Operations United Nations Federal Credit Union Leanne Phelps Senior Vice President, Card Services State Employees Credit Union
More informationCOLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY
COLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY Effective Date: August 31, 2009 Latest Revision: March 28, 2017 Policy Statement This policy establishes the requirements for the acceptance
More informationPCI Requirements Office of Business and Finance Issued July 2015
PCI Requirements Office of Business and Finance Issued July 2015 This document provides supplemental information to be used in conjunction with the Payment Card Compliance policy to assist merchants and
More informationAUTHORIZE.NET SAQ ELIGIBILITY WHITE PAPER NICK TRENC CISSP, CISA, QSA, PA- QSA. North America Europe coalfire.
W HITE P APER AUTHORIZE.NET SAQ ELIGIBILITY WHITE PAPER NICK TRENC CISSP, CISA, QSA, PA- QSA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Executive Summary... 3 Audience...
More informationATM Webinar Questions and Answers May, 2014
May, 2014 Debit Network Alliance LLC (DNA) is a Delaware Limited Liability Company currently comprised of 10 U.S. Debit Networks and open to all U.S. Debit Networks. The goal of this collaborative effort
More informationBest Practices for Securing E-commerce
Standard: PCI Data Security Standard (PCI DSS) Date: April 2017 Authors: Best Practices for Securing E-commerce Special Interest Group PCI Security Standards Council Information Supplement: Best Practices
More informationPayment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide
Payment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide Prepared for: University of Tennessee Merchants 12 May 2015 Prepared by: University of Tennessee System Administration
More informationTokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC
ization Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager Andrews Hooper Pavlik PLC 1 Agenda and Implementation EMV, Encryption, ization Apple Pay Google Wallet Recent Trends Resources Agenda and
More informationAgenda. What is EMV. Chip vs Mag Stripe. Benefits of EMV. Timeframes & Liability Shift. Costs. Things to consider. Questions
EMV Chip Cards Agenda What is EMV Chip vs Mag Stripe Benefits of EMV Timeframes & Liability Shift Costs Things to consider Questions 2 What is EMV EMV was named for the developers Europay, MasterCard and
More informationThe Changing Landscape of Card Acceptance
The Changing Landscape of Card Acceptance Troy Byram Vice-President Sr. E-Receivables Consultant February 6, 2015 Agenda EMV (Chip and Pin) PCI Compliance and Data Security New Regulations for Municipalities
More informationPCI Data Breach Preparedness How To Prevent Your Organization From Becoming the Next Data Breach Headline
PCI Data Breach Preparedness How To Prevent Your Organization From Becoming the Next Data Breach Headline Presented by the Bryan Cave Payments Team and Special Guest Speaker Andi Baritchi Agenda Introduction
More informationIntroduction. Scott Jerabek. The CBORD Group. Product Manager
PCI Compliance Introduction Scott Jerabek Product Manager The CBORD Group Founded in 1975 Foodservice, Campus Card and Security solutions to College and University and Healthcare markets CBORD Product
More informationPCI DSS practical guide for Travel Agents
PCI DSS practical guide for Travel Agents Guidance for achieving PCI DSS compliance PCI DSS demystified for Travel Agents PCI Program Office_ Marc. A. HENRY_ISA_ May 25th, 2017 Revision 5.3 Dear customer,
More informationCard Payment acceptance at Common Use positions at airports
Card Payment acceptance at Common Use s at airports Business requirements Version 1, published in June 2016 Preamble Common Use (CU) touchpoints (self-service s such as self-service kiosks or bag drops,
More information3.17 Payment Card Industry (PCI) Compliance Policy
3.17 Payment Card Industry (PCI) Compliance Policy Policy Statement The Payment Card Industry (PCI) Security Standards Council (SSC) has developed standards, referred to as the Payment Card Industry Data
More informationTHE FUTURE OF TRANSACTING
1 Payments - Create and Protect Recurring Revenue Opportunities THE FUTURE OF TRANSACTING The Future is Genius SuperDeck Creative v.1 10.22.2015 Who are we? 2 Our payment solutions enable businesses to
More informationWhite Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure. By Christopher Kronenthal, Chief Technology Officer
White Paper PCI-Validated Point-to-Point Encryption On Microsoft Azure By Christopher Kronenthal, Chief Technology Officer Advanced Commerce Platform Foreword 2015 will bring incredible change and innovation
More informationEMV IN HOSPITALITY 2 YEARS LATER
EMV IN HOSPITALITY 2 YEARS LATER Version 1.0 15 January 2018 About HTNG Hospitality Technology Next Generation (HTNG) is a non-profit association with a mission to foster, through collaboration and partnership,
More informationPCI Information Session. May NCSU PCI Team
PCI Information Session May 2014 - NCSU PCI Team Agenda PCI compliance process Security Training Why compliance is important PCI DSS update from NCSU ISA 2014 attestation process Questions PCI Compliance
More informationHot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014
Hot Topics in Payments Cornerstone CU League Small CU Committee July 9, 2014 Matt Davies, AAP, CTP, CPP Federal Reserve Bank of Dallas 1 Mobile Banking Constant development cycle Online banking customer
More informationEMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown
EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown andy.brown@ncr.com MAC is an organization comprised of members from Banks, Acquirers, ISOs, Card Associations, Law Enforcement and
More informationC&H Financial Services. PCI and Tin Compliance Basics
C&H Financial Services PCI and Tin Compliance Basics What Is PCI? (Payment Card Industry) Developed by the PCI Security Standards Council and major payment brands For enhancing payment account data security
More informationEMV: GET READY. Michelle Thornton, CO-OP Financial Services
EMV: GET READY Michelle Thornton, CO-OP Financial Services EMV Technology EMV and Chip Used Interchangeably In essence it replaces the functionality of magstripe with a computer chip making it nearly impossible
More informationPayments - EMV Review. EMV Functionality Inside OpenOne
Payments - EMV Review EMV Functionality Inside OpenOne A Brief History EMV stands for Europay, MasterCard and Visa. It is a global standard for cards equipped with computer chips and the technology used
More informationOnline Payment Services
A NetPay Guide to... Online Payment Services Online payments, also commonly referred to as CNP or Cardholder not present are those that provide the capability for a purchase to be made without physically
More informationCHIP CARDS. Banks are issuing payment cards embedded with security chips to help protect you against fraud at the register. What is a Chip Card?
BANK NAME 1234 5678 9012 3456 Exp. 2018 JOHN DOE CHIP CARDS Banks are issuing payment cards embedded with security chips to help protect you against fraud at the register. What is a Chip Card? How Do I
More informationUNIVERSITY OF OKLAHOMA Campus Payment Card Security Standard Norman Campus
UNIVERSITY OF OKLAHOMA Campus Payment Card Security Norman Campus Subject: Campus Payment Card Security Coverage: The University of Oklahoma Norman Campus Regulation: Payment Card Industry ( PCI ) Data
More informationADDENDUM NO. 3 REQUEST FOR PROPOSAL NO. R BANKING AND MERCHANT SERVICES FOR HIGHER EDUCATION
ADDENDUM NO. 3 Attention to Proposers: This constitutes Addendum No. 3 to the referenced Request for Proposals (RFP), and consists of this ten (10) page cover letter, which provides responses to questions
More informationesocket POS Integrated POS solution Knet
esocket POS Integrated POS solution Knet 1 Summary Since 1994 when the first POS devise was deployed in the market, Knet had recognized the importance of this service and did take it up on it self to invest
More informationPayment Acceptance Solutions
Payment Acceptance Solutions Increase sales, enhance agility, and mitigate risks with CyberSource CyberSource is a Visa solution Businesses today are developing new strategies for acquiring and retaining
More informationCredit Card Processing:
Credit Card Processing: What Your Nonprofit Needs to Know Presenter: Erik Verryden, Founder/CEO National Processing Solutions (NPS) 602-892-5047 erikv@npsaz.com www.npsaz.com Copyright 2003 2017 DBA: National
More informationPIN Issuance & Management
PIN Issuance & Management From PIN selection to PIN verification Card issuers and merchants know they can put their trust in MagTek. Whether meeting the growing need for instant, in-branch card and PIN
More informationCONTRACTUAL COMPLIANCE DEADLINE COMPOUNDED FINES FOR MISSING THE REVIEW APPROACHING DEADLINES
Special Alert atm and card security update July 2012 This article discusses the need for security compliance reviews of institutions with automated teller machines (ATM) and instant issue credit/debit
More informationVerifone MX 915/925 Payment Devices. with KWI 6.x POS Registers: What s New?
Verifone MX 915/925 Payment Devices with KWI 6.x POS Registers: What s New? Contents Overview... 3 Network and Power Requirements... 5 Network Requirements... 5 Power Requirements... 5 Place Your Order
More informationThreat Landscape: Skimming In a Changing Environment
Threat Landscape: Skimming In a Changing Environment Chris Forsythe, Sr. Risk Analyst, Visa, Payment Fraud Disruption & Intelligence Stoddard Lambertson, Director, Fraud & Breach Investigations 22 February
More information2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of
2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company
More informationVirtual Terminal User Guide
Virtual Terminal User Guide Table of Contents Introduction... 4 Features of Virtual Terminal... 4 Getting Started... 4 3.1 Logging in and Changing Your Password 4 3.2 Logging Out 5 3.3 Navigation Basics
More informationEpicor Eagle EMV Implementation Guide. Step-by-Step
Epicor Eagle EMV Implementation Guide Step-by-Step This Guide summarizes actions we believe you must follow to make your Eagle system EMV enabled as of the date of publication (February 2016). The information
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
4:15 5:30 May7, 2018 Room 230 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Rafiu Ighile Chief Business and Technology Officer Howard County Public School System,
More informationEuronet s Dynamic Currency Conversion Solution Increase Your Revenue as an Acquirer with a Value Added Service
Serving millions of people worldwide with electronic payment convenience. Euronet s Dynamic Currency Conversion Solution Increase Your Revenue as an Acquirer with a Value Added Service Copyright 2010 Euronet
More informationA Merchant s Path to EMV Understanding Impacts To Your Business
A Merchant s Path to EMV Understanding Impacts To Your Business Georgia Fiscal Management Council June 23, 2015 EMV is a registered trademark in the U.S. and other countries, and an unregistered trademark
More informationThe October 1 EMV Liability Shift: Everything You Need to Know
The October 1 EMV Liability Shift: Everything You Need to Know 2 3 4 6 7 Introduction The Basics Predicting the impact Technical considerations What to look for in a service provider The financial services,
More informationDates Visa MasterCard Discover American Express. Acquirers, subprocessors. support EMV. International ATM liability shift 2
Network Updates Winter 2015 We are committed to working closely with you on achieving your business goals. As a part of this commitment, we carefully monitor Network changes and summarize them for your
More informationInstant issuance in retail breaks new ground for banks
Use Case Instant issuance in retail breaks new ground for banks The most obvious consumer trend today is the expectation of immediacy. You can download movies and music, and shop online with instant results.
More informationE M V O V E R V I E W. July 2014
E M V O V E R V I E W July 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution Decisions Market Certification Considerations Questions 2 E M V
More informationPreparing your store for EMV
Petroleum Solutions, Inc. 2700 Aldine Bender Houston, TX 77032 281-449-4027 EMV Compliance and POS/Dispenser Systems Preparing your store for EMV Goals For This Session Understanding Planning Approach
More informationEMV for Merchants and Merchant Acquirers: U.S. Migration Considerations. Smart Card Alliance Webinar October 6, 2011
EMV for Merchants and Merchant Acquirers: U.S. Migration Considerations Smart Card Alliance Webinar October 6, 2011 Introductions Randy Vanderhoof Executive Director -- Smart Card Alliance 2 Who We Are
More informationHEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED PERFORMANCE OPTIMIZATION
HEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED Subhead & POS Here PERFORMANCE OPTIMIZATION EXECUTIVE SUMMARY It has been more than a year since the EMV liability shift came into effect in the U.S. and
More informationProtecting Your Swipe Devices from Illegal Tampering. Point of Sale Device Protection. Physical Security
Protecting Your Swipe Devices from Illegal Tampering The threat of Point of Sale (POS) terminal tampering is serious and worldwide. Every day criminals install skimmers, keykatchers, and other devices
More informationProtecting Your Future
Protecting Your Future with NCR Secure How to prepare for the EMV and Windows 7 Migration An NCR White Paper 02 1 Upcoming Major Changes and Trends The North American financial industry will go through
More informationUsing Pinterest Buyable Pins with Demandware: Frequently Asked Questions
Using Pinterest Buyable Pins with Demandware: Frequently Asked Questions I. OVERVIEW What is Demandware s relationship with Pinterest? In June 2015, Demandware announced a partnership with Pinterest to
More informationAdding Business Value with Integrated Payment Solutions
Adding Business Value with Integrated Payment Solutions Sponsored by Sage Payment Solutions Laurie McCabe, Partner Sanjeev Aggarwal, Partner 1 SMB Group, Inc. January 2014 ADDING BUSINESS VALUE WITH INTEGRATED
More informationEnsuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015
Ensuring the Safety & Security of Payments Faster Payments Symposium August 4, 2015 Problem Statement: The proliferation of live consumer account credentials Bank issues physical card Plastic at point
More informationEMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services
EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services October 25, 2012 Agenda What EMV is and how it works U.S. and global adoption Impact to the payments ecosystem
More informationThe Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV
The Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV November 21, 2015 Knet 2 The Shared Electronic Banking Services Company (Knet) was established in 1992. Knet Established
More informationpresents Transaction Laundering: What is Hiding in Your Merchant Portfolio?
presents Transaction Laundering: What is Hiding in Your Merchant Portfolio? Moderator: Cathryn Matarazzo, Director of Marketing, ControlScan, Inc. June 30, 2015 cmatarazzo@controlscan.com MAC is an organization
More informationPolicies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
More informationFinding the Best Route for EMV in the US
Finding the Best Route for EMV in the US 1/23/2013 Exploring EMV Implementation Strategies that Preserve Network Routing Options and Satisfy Government Regulations ABSTRACT Recently the Debit Working Committee
More informationjhapassport EMV Update:
jhapassport EMV Update: Your Questions Answered Presented by Keri Crane September/October 2015 Dates contained in this document are provided as estimates only and can be changed at any time at the sole
More informationRevolutionize Your Business with Harbortouch
Revolutionize Your Business with Harbortouch Swipe Card Regardless of the business you are in, Harbortouch has the ideal processing solution for you. Allow Harbortouch to demonstrate why our company is
More informationAccept Mobile Payments
Accept Mobile Payments INTRODUCTION Mobile phones are changing the way consumers make payments. Consumers have become accustomed to relying on their smartphones to manage a variety of their financial practices,
More informationEMV Basics and the market
EMV Basics and the market What is a smartcard? 1 2 3 4 5 2 What is EMV? EMV is the globally adopted international standard for adding a chip on a payment card A chip is a small computer built into the
More informationIs Your Organization Ready for the EMV Challenge?
Is Your Organization Ready for the EMV Challenge? Suzanne Galvin Director of Product Management Elan Financial Services Jeff Green Director of the Emerging Technologies Advisory Service Mercator Advisory
More informationHelping merchants automate testing practices.
Helping merchants automate testing practices. Meet deadlines, facilitate certifications and overcome complexities. www.fisglobal.com As a merchant, you are in the middle of the shift from traditional cash
More informationA step towards cashless economy - Unified Payments Interface (UPI)
A step towards cashless economy - Unified Payments Interface (UPI) What is Unified Payment Interface? Objective of a unified payments system is to offer an architecture and a set of APIs on top of existing
More informationBankcard Compliance Group. PIN Security & Key Management TR-39 PCI PIN TRANSACTION SECURITY.
Bankcard Compliance Group PIN Security & Key Management TR-39 PCI PIN TRANSACTION SECURITY 2014 peter@bankcardcompliance.com 877-378-5344 What is a TR-39/PCI PTS? ANSI Technical Release 39 Originally developed
More informationIn this Document: EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ
In this Document: EMV Payment Tokenisation General FAQ EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ EMV Payment Tokenisation General FAQ 1. What is
More informationWHITE PAPER. Focus on value added services by network companies a paradigm shift. Rahul Kaushal, Ramakant Mittal
WHITE PAPER Focus on value added services by network companies a paradigm shift Rahul Kaushal, Ramakant Mittal Introduction Network association is the most critical player in the payment card industry.
More informationLet s Talk about EMV. getnationwide.com
Let s Talk about EMV getnationwide.com Europay, MasterCard, Visa EMV is a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS)
More informationCyber Security in Retail
Cyber Security in Retail Nick Kemske Director, Cyber Security Jacki Snyder Sr. Director Payments, Asset Protection and CIC Services 1 Cyber Security RANSOMWARE AND SKIMMERS 2 Ransomware A Retail Perspective
More informationOHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017
OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017 REQUEST FOR PROPOSALS TO PROVIDE CREDIT CARD PROCESSING SERVICES TO THE OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION ADDENDUM
More informationEMV in the U.S. Liability shift; what does this mean for the U.S.?
EMV in the U.S. Liability shift; what does this mean for the U.S.? Questions and answers What the liability shift really means with regards to costs, risks and benefits. Fraud is on the rise in the U.S.
More informationCREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 04/29/2016
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 04/29/2016 Updated: April 29, 2016 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
More informationEMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.
EMV & Fraud POS Fraud Mitigation Tips for Merchants EMV Information Merchants may see an increase in Card-Not-Present Fraud as a result of the new EMV standards. Help protect your business from fraud risk
More informationWE ENGINEER PAYMENTS
WE ENGINEER S COUNTERTOP ID TECH s full line of secure PIN pads and state-of-theart payment devices allows you to easily make a credit card purchase at any countertop POS location. VP8800 VP8300 PCI 5.x
More informationEMV A Chip Off the New Block
EMV A Chip Off the New Block WACHA Taking Flight With Payments March 18, 2014 Paul Tomasofsky President, Two Sparrows Consulting Paul@TwoSparrowsConsulting.com (201) 930-9551 Christa Addy Product Manager,
More information