Leveraging Data Security Technology. October 19 th 9:15 AM
|
|
- Madison Lawson
- 6 years ago
- Views:
Transcription
1 Leveraging Data Security Technology October 19 th 9:15 AM
2 Presenters Moderator Linda Toth Director of Standards Conexxus, Inc. Speakers Kara Gunderson POS Manager CITGO Petroleum Corp Mike Lindberg Payment Solutions Dir. CHS Inc. (CENEX) Linda Toth Director of Standards Conexxus, Inc.
3 What s Happened? What s New? What s Coming? Leveraging Data Security Technology
4 Connect with
5 Objectives UNDERSTAND EVALUATE IDENTIFY Current C-store data security technology & what s coming Leveraging the latest data security technology for a competitive edge Responsibilities for the latest card requirements & liability shift dates 5
6 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 6
7 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 7
8 EMV Liability Shift* Dates for Petroleum Oct Oct Payment Terminals (except AFDs) Outdoor AFDs *Not a card brand mandate, but may be an oil brand mandate 8
9 Liability Shift Liability shifts to the party in the payment chain with the least secure payment technology 9
10 Who s Liable? It Depends! Type of Fraud - Counterfeit - Lost & Stolen Card Type (Chip, Mag Stripe) Card Brand Location (Attended, Unattended) System (Terminal, POS) Capabilities 10
11 Who s Liable? Merchant is protected if EMV terminal with PIN processing enabled; AND Site system software with EMV processing enabled 11
12 EMV Considerations Consider Faster EMV processing Brand refresh (increase ROI) Be aware of consumer perception Last Man Standing Avoid excessive chargebacks 12
13 Liability Shift Deferment (*fine print) Several Card Brands have chargeback threshold limitations relative to the EMV counterfeit liability shift Check with your payment processor or oil brand for specific information Effective Limitations Oct 1 Excessive fraud-to-sales ratios; and 2017 Excessive amounts of chargebacks; or Excessive number of chargebacks 13
14 Liability Shift Deferment (*fine print) Types Affected Outdoor EMV Counterfeit Liability Only Indoor and Outdoor, Lost & Stolen, EMV and Non-EMV Effects Outdoor counterfeit liability (EMV) chargebacks prior to Oct 1, 2020 Additional penalties/fines imposed on top of the chargeback 14
15 Liability Shift Deferment (*fine print) Chargeback Timing Immediate -OR- Remediation period offered depending upon the total volume of the chargebacks 15
16 Liability Shift Deferment (*fine print) 3-year extension may only apply to U.S. issued Cards for some Card Brands Cards issued outside the U.S. are subject to EMV chargebacks 16
17 EMV Considerations EMV does NOT equal PCI compliance EMV is only one part of securing card data Both PCI and EMV require frequent software upgrades to maintain compliance 17
18 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 18
19 EMV Outdoor Liability Shift Extension = Oct 1, 2020 Early Adopter Retain & Obtain New Market Share Additional Inside Sales Add New Technology = Video Secure Data & Reduce Fraud Mitigate Traditional Skimmers = Tamper Alarms 19
20 EMV Outdoor Upgrade Options PIN Pad Upgrade 20
21 EMV Outdoor - Technology EMV Cards Contact Cards NFC or Contactless (Optional Feature) 21
22 EMV Contactless Cards 22
23 EMV Biometric Cards 23
24 EMV Outdoor AFD Video Upgraded Communications enables Media at AFD Video promotes inside sales Be aware of Data Security and PCI DSS Compliance Implications 24
25 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 25
26 Fleet Fleet cards enable: Product Restrictions Data Prompting 26
27 Fleet Simplified Track 2 Data SS PAN FS Exp Add. Data Disc. Data ES LRC 27
28 Fleet Simplified Track 2 Data with P2P Encryption XXXXXXXXX6789 SS PAN FS Exp Add. Data Disc. Data ES LRC 28
29 EMV Fleet Today Track data equivalent tags Future (Conexxus Retail Financial Transactions) Standard for EMV Tags (instead of track data) that identify: Product Restrictions Data Prompting 29
30 Debit Routing At least two AIDs on EMV debit cards for routing choice: Global AID ( branded ) US Common Debit AID Shared Debit Network Alliance AID ( unbranded ) 30
31 Debit Routing Someone has to choose: (Consumer) Prompts (Merchant) Auto select the AID based on system configuration Be careful still may route over higher interchange choice Talk to your vendors (oil brand, acquirers, POS, EPS vendors)! 31
32 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 32
33 Mobile Contactless Tap/Wave Payment 33
34 Mobile QR Code Scan Payment 34
35 Samsung MST Payment Magnetic Secure Transmission 35
36 Mobile In-App Payment 36
37 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 37
38 Connected Cars/Payments OR Select Receipt Begin Authorizing Authorized Select Unleaded 87 Fueling Pump Pump Gallons Payment Total #3 #3 #3... Pump $23.02 In Car Navigation Third Auth Party Provider Pump #3 Request Pump #3 Payment Host Conexxus Standard My Station POS 38
39 Contactless Payment Devices 39
40 BIN Range Expansion MasterCard BIN Range Expands: 5 s AND 2 s Merchant acceptance required June 30, 2017 Substantial fines for merchant non-acceptance 40
41 Longer Bin Migration ISO/IEC * Updated in 2017 Field Old New IIN aka BIN PAN Length to to 19 * Identification Cards-Identification of Issuers Part 1: Numbering System 41
42 Longer Bin Migration Pans will remain 16 digits 2019 Visa system development complete 2022 Visa starts assigning 8-digit BINS Merchants must be able to process! Talk to your vendors (oil brand/ acquirers/pos or EPS vendors)! 42
43 Payment Tokens Tokenization: Method to substitute a nonmeaningful value for sensitive data. Token Service Provider Payment Token 43
44 Payment Tokenization Impact Historical PAN data used to: Reduce Anti-Money Laundering (AML) Curb Fraud Customer service Loyalty, track spending habits 44
45 Payment Account Reference Transactions using PANS Transactions using Tokens > EMVCo PAR Uppercase alphanumeric 29 characters First 4 = BIN Controller Id Next 25 = Unique PAN ID Ex: Q1HPZ28RKA1EBL470G9XYG90R5D3E 45
46 Barriers to PAR Requires broad stakeholder support Token service providers Payment networks Issuers Acquirers Merchants Talk to your vendors! 46
47 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 47
48 Federal Reserve Payments Initiative Consultation Paper (2013) Strategies for Improving (2015) Faster Payments Task Force Payment Security Task Force 48
49 Federal Reserve Task Force Faster Payments Goal - Available by 2020 Catch up to the Rest of the World Same Day ACH; Real time???; Kill checks Leverage FinTech innovation Regulate??? 49
50 Federal Reserve Task Force Payments Security Resiliency of US banking Payment System Data Protection Payment Identity Management Information Sharing to mitigate fraud 50
51 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 51
52 PCI DSS Compliance Payment Card Industry - Data Security Standard 52
53 PCI Compliance 53
54 PCI Merchant Levels - Visa Level 1 6+ million transactions Level 2 1 to 6 million transactions Level 3 Level 4 E-Commerce 20,000 to 1M transactions < 1M transactions < 20,000 E-Commerce transactions 54
55 PCI DSS What s Happened? Effective January 31, 2017 Annual PROOF of PCI DSS compliance for Level 4 merchants 55
56 PCI DSS What s Happened? Effective January 31, 2017 Level 4 Merchants use technician with Qualified Integrators or Resellers QIR certification for: POS and software installs Fuel dispenser work with PIN Pads or card readers Any device transmitting credit card data = Fuel Controller, PIN Pads, or Electronic POS 56
57 Data Breach Statistics 98% 81% Recorded POS attacks resulted in a data breach Hacking-related breaches used stolen or weak passwords 75% Data breaches were from outsiders 66% Malware was installed via malicious attachments Source: 2017 Verizon Data Breach Investigations Report Executive Summary 57
58 PCI DSS Must-Do s Install PA-DSS POS Software Install PCI DSS Firewall Close Remote Access Internet for Business Only 58
59 PCI DSS Must-Do s Change Default Passwords Track PIN Pads Check Skimmers Current Anti-Virus Software Log Everything & Everybody 59
60 PCI DSS Compliance How to get started? 60
61 PCI DSS Compliance WeCare = nacsonline.com or Conexxus.org Be PCI DSS compliant annually Hire PCI Qualified Security Assessor Required for Level 1 & 3 merchants Check with your processor/oil brand 61
62 PCI DSS Compliance Must complete annual PCI DSS compliance and provide proof of compliance Self-Assessment Questionnaire ( SAQ ) SAQ B (stand-alone, dial terminal, no cardholder data stored) SAQ C (internet terminal, no cardholder data stored) SAQ D (internet terminal, cardholder data) Most Petro locations 62
63 PCI DSS Compliance Approved Scanning Vendor ( ASV ) Test store s closed remote access thru IP address-internet Service Provider Passing scan required every 3 months Need Help? Hire a Qualified Security Assessor 63
64 PCI DSS Compliance Additional Requirements PCI DSS Section = Site Asset Inventory PCI DSS Section = Inspect dispensers for tampering and skimmers 64
65 Dispenser Skimming Your brand is at stake Loss of customer confidence Lost sales Loss of reputation Diminishment of store image Cost Recovery Liability Credit Monitoring Fines 65
66 Proactive Skimming Mitigation NACS/Conexxus WeCare Program (Education, Tamper-Evident Labels, Skim Defend Mobile App) Inspect dispensers daily and post notices Improve Lighting * 66
67 Proactive Skimming Mitigation Prominent Video Surveillance Secure card reader & encrypted pin pad Change dispenser locks Next generation of dispensers (electronic door sensors/alarms) 67
68 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 68
69 IoT - Internet of Things Home Smart Appliances Smart Assistants Home Control Business Site Equipment Monitoring Devices Environmental Control 69
70 Worldwide IoT Units (Billions) * *Gartner, Inc. Forecast, February 2017 Higher Security Concerns 70
71 Remote Access Vulnerabilities Loyalty Enrollment and Fulfillment & Back Office ALL Remote Access is susceptible to hacking More than Payment Vulnerabilities EPA Requirements E.g. Tank Monitoring PCI Compliance validation from QIR technician 71
72 Remote Access #1 Cause of Data Breach On-Demand Third-Party Remote Access Do Not Leave On or Open Log & Audit Alert Suspicious Remote Access Multi-Factor Authentication Two or More Access Permissions 72
73 Multi-Factor Authentication Multi = Multiple Authentication for more secure remote access Something you have Something you know PIN Something that is yours Example: Smartphone + PIN 73
74 Agenda EMV Payments What s Happened? What s New? What s Coming? Data Security 74
75 PCI P2PE 75
76 Point to Point Encryption (P2PE) Secure Card Reader & Encrypted PIN Pad Payment Host POS 76
77 What We Learned Today EMV Payments Data Security What s Happened? What s Coming? What s New? 77
78 Q & A
79 Key Takeaways Implement & leverage technology as it becomes available Utilize standards (Conexxus, ISO) Maintain PCI DSS compliance Engage your vendors (oil brand/ acquirers/pos or EPS vendors) 79
80 For Additional Information Tech Edge Solution Center Booth 4384 Website: LinkedIn Group: Conexxus Online 80
81 Survey You MUST complete the Survey to receive presentation slides You will receive a four question survey about this session in your Please complete the survey for each session you attend. The survey will close at 6pm and you will receive the slides in the morning. 81
82 Copyright Notice The copyright law of the United States (Title 17, United States Code) governs the making of photocopies or other reproduction of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be "used for other purpose than private study, scholarship or research." If a user makes a request for, or later uses, a photocopy or reproduction for purposes in excess of "fair use," that person may be liable for copyright infringement. Disclaimer The opinions of the contributors expressed herein do not necessarily state or reflect those of the National Association of Convenience Stores. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, shall not constitute or imply an endorsement, recommendation, or support by the National Association of Convenience Stores. The National Association of Convenience Stores makes no warranty, express or implied, nor does it assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process described in these materials. 82
EMV and Educational Institutions:
October 2014 EMV and Educational Institutions: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks,
More informationThe Changing Landscape of Card Acceptance
The Changing Landscape of Card Acceptance Troy Byram Vice-President Sr. E-Receivables Consultant February 6, 2015 Agenda EMV (Chip and Pin) PCI Compliance and Data Security New Regulations for Municipalities
More informationEMV Chip Cards. Table of Contents GENERAL BACKGROUND GENERAL FAQ FREQUENTLY ASKED QUESTIONS GENERAL BACKGROUND...1 GENERAL FAQ MERCHANT FAQ...
EMV Chip Cards FREQUENTLY ASKED QUESTIONS Table of Contents GENERAL BACKGROUND...1 GENERAL FAQ...1 4 MERCHANT FAQ...5 PROCESSOR/ATM PROCESSOR FAQ... 6 ISSUER FAQ... 6 U.S.-SPECIFIC FAQ...7 8 GENERAL BACKGROUND
More informationATM Webinar Questions and Answers May, 2014
May, 2014 Debit Network Alliance LLC (DNA) is a Delaware Limited Liability Company currently comprised of 10 U.S. Debit Networks and open to all U.S. Debit Networks. The goal of this collaborative effort
More informationEMV: Frequently Asked Questions for Merchants
EMV: Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited
More informationEMV Just the Facts. Ozarks Association of Government Accountants
EMV Just the Facts Ozarks Association of Government Accountants Speakers and Housekeeping EMV: Just the Facts Presentation Brad Hench Regional Sales Manager US Bank Elavon 45 minute presentation 10 minute
More informationPCI DSS Security Awareness Training. The University of Tennessee and The University of Tennessee Foundation. for Credit Card Merchants at
PCI DSS Security Awareness Training for Credit Card Merchants at The University of Tennessee and The University of Tennessee Foundation Presented by UT System Administration Information Security Office
More informationE M V O V E R V I E W. July 2014
E M V O V E R V I E W July 2014 A G E N D A EMV Overview EMV Industry Announcements EMV Transaction Differences, What to Expect Solution Decisions Market Certification Considerations Questions 2 E M V
More informationMerchant Services What You Need to Know. Agenda 6/5/2017. Overview of Merchant Services. EMV, Tokenization/Encryption, and PCI (Oh My!
Merchant Services What You Need to Know Heather Nowak VP, CPP Senior Product Manager Agenda Overview of Merchant Services Why accept cards? What you need to know/consider Capabilities/Pricing/Contract
More informationStraight Answers on PCI and EMV
Straight Answers on PCI and EMV Gray Consulting November, 2015 Why We Are All Here This presentation is an attempt to demystify the challenges faced by the car wash industry, in dealing with secure, electronic
More informationEMV Adoption in the U.S.
EMV Adoption in the U.S. What you need to know about the outcome of EMV adoption in other countries and the implications for adoption in the U.S. Table of Contents Introduction [3] What is EMV? [4] The
More informationIs Your Organization Ready for the EMV Challenge?
Is Your Organization Ready for the EMV Challenge? Suzanne Galvin Director of Product Management Elan Financial Services Jeff Green Director of the Emerging Technologies Advisory Service Mercator Advisory
More informationUnderstanding the 2015 U.S. Fraud Liability Shifts
Understanding the 2015 U.S. Fraud Liability Shifts Version 1.0 May 2015 Some U.S. payment networks are implementing EMV fraud liability shifts effective October 2015. With these liability shifts fast approaching,
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD SELF-ASSESSMENT QUESTIONNAIRE (SAQ) A GUIDE Last Reviewed: December 13, 2017 Last Updated: December 19, 2017 PCI DSS Version: v3.2, rev 1.1 Prepared for: The
More informationTokenization April Tokenization. Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager. Andrews Hooper Pavlik PLC
ization Gregory H. Soule, CPA, CISA, CISSP, CFE Senior Manager Andrews Hooper Pavlik PLC 1 Agenda and Implementation EMV, Encryption, ization Apple Pay Google Wallet Recent Trends Resources Agenda and
More informationEMV & Fraud POS Fraud Mitigation Tips for Merchants First Data Corporation. All Rights Reserved.
EMV & Fraud POS Fraud Mitigation Tips for Merchants EMV Information Merchants may see an increase in Card-Not-Present Fraud as a result of the new EMV standards. Help protect your business from fraud risk
More informationCard Payment acceptance at Common Use positions at airports
Card Payment acceptance at Common Use s at airports Business requirements Version 1, published in June 2016 Preamble Common Use (CU) touchpoints (self-service s such as self-service kiosks or bag drops,
More informationEMV: Facts at a Glance
EMV: Facts at a Glance 1. What is EMV? EMV is an open-standard set of specifications for smart card payments and acceptance devices. The EMV specifications were developed to define a set of requirements
More informationTop 5 Facts Merchants Need To Know About EMV
Top 5 Facts Merchants Need To Know About EMV June, 2015 Lindsay Breathitt, Product Marketing Steve Cole, Product Management Why EMV, Why Now Agenda U.S. market update EMV Top 5 EMV facts Understanding
More informationThreat Landscape: Skimming In a Changing Environment
Threat Landscape: Skimming In a Changing Environment Chris Forsythe, Sr. Risk Analyst, Visa, Payment Fraud Disruption & Intelligence Stoddard Lambertson, Director, Fraud & Breach Investigations 22 February
More informationEMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services
EMV is coming. Here s how to stay ahead of the trend. Presented by CO-OP Financial Services October 25, 2012 Agenda What EMV is and how it works U.S. and global adoption Impact to the payments ecosystem
More informationEMV, PCI, Tokenization, Encryption What You Should Know for Presented by: The Bryan Cave Payments Team
EMV, PCI, Tokenization, Encryption What You Should Know for 2015 Presented by: The Bryan Cave Payments Team Agenda Overview of Secured Payments Judie Rinearson (NY) EMV Courtney Stout (DC) End to End Encryption
More informationThe Future of Payment Security in Canada
The Future of Payment Security in Canada October 2017 1 Visa Canada Public The Future of Payment Security in Canada Notices Forward-Looking Statements This presentation contains forward-looking statements
More informationTechnology Developments in Card-Based Payments WACHA Payments 2013
Technology Developments in Card-Based Payments WACHA Payments 2013 April 9, 2013 The information contained on these slides is considered the Confidential & Proprietary Information of Two Sparrows Consulting,
More informationPayment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide
Payment Card Industry Data Security Standard Self-Assessment Questionnaire B Guide Prepared for: University of Tennessee Merchants 12 May 2015 Prepared by: University of Tennessee System Administration
More informationEMV: Coming Soon to a Card Near You
Julie Conroy EMV: Coming Soon to a Card Near You Page 2 This presentation is the work of its author who is solely responsible for its contents. First Data Corporation and its subsidiaries and affiliates
More informationCREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 04/29/2016
CREDIT CARD MERCHANT PROCEDURES MANUAL Effective Date: 04/29/2016 Updated: April 29, 2016 TABLE OF CONTENTS Introduction... 1 Third-Party Vendors... 1 Merchant Account Set-up... 2 Personnel Requirements...
More informationEMV is coming. But it s ever changing.
EMV is coming. But it s ever changing. March 26, 2013 Presented By MICHELLETHORNTON Senior Product Manager CO-OP Financial Services RYANZILKER B2B Marketing Manager CO-OP Financial Services Today s Agenda
More informationPayPass M/Chip Requirements. 3 July 2013
PayPass M/Chip Requirements 3 July 2013 Notices Following are policies pertaining to proprietary rights, trademarks, translations, and details about the availability of additional information online. Proprietary
More informationCCV s self-service payment solutions drive PCI-DSS-compliant security
CCV s self-service payment solutions drive PCI-DSS-compliant security White Paper July 2016 1. Introduction This white Paper discusses the basic differences between the current PCI-DSS and the P2PE rules
More informationEMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown
EMV IN THE U.S. HOW FAR HAVE WE COME AND WHERE ARE WE GOING? Andy Brown andy.brown@ncr.com MAC is an organization comprised of members from Banks, Acquirers, ISOs, Card Associations, Law Enforcement and
More informationContactless Toolkit for Acquirers
MASTERCARD AND MAESTRO CONTACTLESS PAYMENTS Contactless Toolkit for Acquirers DECEMBER 2016 19.7% The Global Contactless Payment Market is poised to grow at a CAGR of around 19.7% over the next decade
More informationVisa Minimum U.S. Online Only Terminal Configuration
Visa Minimum U.S. Online Only Terminal Configuration Intended Audience This document is intended for U.S. merchants, acquirers, processors and terminal providers who are planning deployments of EMV chip
More informationInstant issuance in retail breaks new ground for banks
Use Case Instant issuance in retail breaks new ground for banks The most obvious consumer trend today is the expectation of immediacy. You can download movies and music, and shop online with instant results.
More informationSecuring Card Payments Challenges & Opportunities. Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA
Securing Card Payments Challenges & Opportunities Julie Hanson Senior Vice President, Card & Payment Products ICBA Bancard & TCM Bank, NA Agenda Securing Payments Landscape Chip Technology Tokenization
More informationEnsuring the Safety & Security of Payments. Faster Payments Symposium August 4, 2015
Ensuring the Safety & Security of Payments Faster Payments Symposium August 4, 2015 Problem Statement: The proliferation of live consumer account credentials Bank issues physical card Plastic at point
More informationCard Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?
Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure? A Smart Card Alliance Payments Council White Paper Publication/Update Date: January 2013 Publication
More informationPinless Transaction Clarifications
Pinless Transaction Clarifications April, 2017 Agenda Definition Level Set Application Selection Overview and Scenario Explanation EMV No CVM PIN Bypass Debit Expansion Programs PINless POS Product Signature
More informationPolicies and Procedures
Policies and Procedures Provided by PROGuard The following are policies and procedures which need to be enforced to ensure PCI DSS compliance. In order to answer yes to the questions and pass the SAQ,
More informationU.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will fnd: Explaining Chip Card Technology (EMV)
U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled
More informationPCI Requirements Office of Business and Finance Issued July 2015
PCI Requirements Office of Business and Finance Issued July 2015 This document provides supplemental information to be used in conjunction with the Payment Card Compliance policy to assist merchants and
More informationVerifone EMV Roadmap Point of Sale ( POS ) Roadmap for CITGO
Verifone EMV Roadmap Point of Sale ( POS ) Roadmap for CITGO January, 2017 EMV Acceptance & Deadlines EMV = Europay, MasterCard & Visa Prior to the EMV counterfeit liability shift dates, financial institutions
More informationPCI BLOG. P2PE, EMV, Tokenization, Oh My!
Page 1 of 8 PCI BLOG THE UNOFFICIAL PCI COMPLIANCE & IT SECURITY BLOG HOME PCI IN THE NEWS PCI TOOLS IT SEC. JOB BOARD DOCUMENTS CONTACT US FORUM P2PE, EMV, Tokenization, Oh My! June 14, 2016 PCI Blog
More informationVirtual Terminal User Guide
Virtual Terminal User Guide Table of Contents Introduction... 4 Features of Virtual Terminal... 4 Getting Started... 4 3.1 Logging in and Changing Your Password 4 3.2 Logging Out 5 3.3 Navigation Basics
More informationOptimizing Transaction Speed at the POS
Optimizing Transaction Speed at the POS Version 3.0 Date: October 2017 U.S. Payments Forum 2017 Page 1 About the U.S. Payments Forum The U.S. Payments Forum, formerly the EMV Migration Forum, is a cross-industry
More informationPCI Requirements Office of Business and Finance Issued July 2015
PCI Requirements Office of Business and Finance Issued July 2015 This document provides supplemental information to be used in conjunction with the Payment Card Compliance policy to assist merchants and
More informationVisa Digital Solutions. Rocio Beckham Community Issuers
Visa Digital Solutions Rocio Beckham Community Issuers Notice of Confidentiality This presentation is furnished to you solely in your capacity as a customer of Visa and/or participant in the Visa payments
More informationpayshield 9000 The hardware security module securing the world s payments
> payshield 9000 The hardware security module securing the world s payments www.thalesgroup.com/iss Information Systems Security Information Systems Security payshield 9000 Table of Contents Introduction
More informationesocket POS Integrated POS solution Knet
esocket POS Integrated POS solution Knet 1 Summary Since 1994 when the first POS devise was deployed in the market, Knet had recognized the importance of this service and did take it up on it self to invest
More informationThe October 1 EMV Liability Shift: Everything You Need to Know
The October 1 EMV Liability Shift: Everything You Need to Know 2 3 4 6 7 Introduction The Basics Predicting the impact Technical considerations What to look for in a service provider The financial services,
More informationEMVCo: Operating Principles
EMVCo: Operating Principles This document provides an overview of EMVCo s operating principles, including its governance, operations and the role of EMV Specifications in the wider payments community.
More informationBest Practices for Securing E-commerce
Standard: PCI Data Security Standard (PCI DSS) Date: April 2017 Authors: Best Practices for Securing E-commerce Special Interest Group PCI Security Standards Council Information Supplement: Best Practices
More informationEMV: The Journey Begins October 1st
221 NORTH LASALLE ST. CHICAGO, IL 60601 312-873-3300 INFO@WCAPRA.COM EMV: The Journey Begins October 1st An Examination of the History, Impact, Best Practices, Pitfalls of EMV Implementations, and What
More informationWhat is Stripe? Is Stripe secure? PCI compliant?
What is Stripe? Stripe is a quick and secure way to accept credit card and debit card payments online. Stripe helps Handshake provide a seamless payment experience for you and your customers (Employers/Students).
More informationPCI DSS practical guide for Travel Agents
PCI DSS practical guide for Travel Agents Guidance for achieving PCI DSS compliance PCI DSS demystified for Travel Agents PCI Program Office_ Marc. A. HENRY_ISA_ May 25th, 2017 Revision 5.3 Dear customer,
More informationEMV * Contactless Specifications for Payment Systems
EMV * Contactless Specifications for Payment Systems Book A Architecture and General Requirements Version 2.6 March 2016 * EMV is a registered trademark or trademark of EMVCo LLC in the United States permitted
More informationMaximize the use of your HSM 8000
MAximise_HSM.qxp 19/06/2009 17:11 Page 1 www.thalesgroup.com/iss Maximize the use of your HSM 8000 Information Systems Security Information Systems Security Maximize the use of your HSM 8000 Table of Contents
More informationCards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region
Cards on the table! Bernd Filsinger Payment Technology Services Lead Client Support Services, Europe region Notice of confidentiality This presentation is furnished to you solely in your capacity as a
More informationA Conversation with Visa on Consumer Debit Growth Connie Davis FIS Global Retail Payments Greg Borchardt Visa Consumer Debit Products
A Conversation with Visa on Consumer Debit Growth Connie Davis FIS Global Retail Payments Greg Borchardt Visa Consumer Debit Products May 2017 Visa Notice of Confidentiality This presentation is furnished
More informationA Guide to. US EMV Migration
A Guide to US EMV Migration Table of Contents What is EMV?... 3 EMV: A Global Standard... 4 Fraud Prevention... 5 Mobile & Contactless... 6 U.S. EMV Deadlines... 7 Maestro Liability Shift... 8 U.S. EMV
More informationThe Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV
The Shared Electronic Banking Services Company (KNET) Knet securing E-payment for EGOV November 21, 2015 Knet 2 The Shared Electronic Banking Services Company (Knet) was established in 1992. Knet Established
More informationTokenization: What, Why and How
Tokenization: What, Why and How 11/5/2015 UL Transaction Security 2011 Underwriters Laboratories Inc. We have EMV why do we need tokenization? From Magstripe Merchant Signature Issuer Magstripe Risk Management
More informationEMV Migration. What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement
EMV Migration What You Need to Know about the Technology, the Security Protection it Provides, and When to Implement According to a 2016 TSYS study identifying consumer payment preferences, 40 percent
More informationSpecial Notes Regarding the CITGO Payment Card Guide and Regulations Manual
Special Notes Regarding the CITGO Payment Card Guide and Regulations Manual Although you ll find most of the content to be quite familiar, you ll notice that the manual has a new format which makes it
More informationCanada EMV Test Card Set Summary
Canada EMV Test Card Set Summary.90 January, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationPoint-Of-Sale Device Tampering Training COMPLIANCE MANAGEMENT FINANCIAL SERVICES EAST CAROLINA UNIVERSITY
Point-Of-Sale Device Tampering Training COMPLIANCE MANAGEMENT FINANCIAL SERVICES EAST CAROLINA UNIVERSITY Objective East Carolina University is committed to following the guidelines as set out by the Payment
More informationCOLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY
COLUMBIA UNIVERSITY CREDIT CARD ACCEPTANCE AND PROCESSING POLICY Effective Date: August 31, 2009 Latest Revision: March 28, 2017 Policy Statement This policy establishes the requirements for the acceptance
More informationGemalto Consulting Services. Take control of your smart card implementation
Gemalto Consulting Services Take control of your smart card implementation FINANCIAL SERVICES & RETAIL > SERVICE ENTERPRISE INTERNET CONTENT PROVIDERS PUBLIC SECTOR TELECOMMUNICATIONS TRANSPORT Gemalto
More informationSecuRe Pay recommendations for the security of mobile payments
ECB-PUBLIC FINAL SecuRe Pay recommendations for the security of mobile payments Stephanie Czák Senior Market Infrastructure Expert European Central Bank ETSI/EC Collaborative Ecosystem for M-Payments Workshop
More informationEmerging Opportunities in Morocco s Cards and Payments Industry
Emerging Opportunities in Morocco s Cards and Payments Industry Industry Size, Trends, Factors, Strategies, Products and Competitive Landscape Product Code: VR0935MR Published Date: August 2013 www.timetric.com
More informationPIN Issuance & Management
PIN Issuance & Management From PIN selection to PIN verification Card issuers and merchants know they can put their trust in MagTek. Whether meeting the growing need for instant, in-branch card and PIN
More informationQuick Guide. Token Service Provider
Quick Guide Token Service Provider 1 Introduction to Mobile Payments The mobile payments revolution is here! Driven by the development of near field communication (NFC) enabled smartphones, the launch
More informationUnderstanding the SAQs for PCI DSS v3.0
Understanding the SAQs for PCI DSS v3.0 The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS self-assessment.
More informationProtecting Your Future
Protecting Your Future with NCR Secure How to prepare for the EMV and Windows 7 Migration An NCR White Paper 02 1 Upcoming Major Changes and Trends The North American financial industry will go through
More informationPoint-of-Sale Terminals
Point-of-Sale Terminals The Right Hardware for the Job SIMPLE, SECURE PAYMENT PROCESSING Your customers can be anywhere. And no matter where they are, they expect you to process their payments easily and
More informationPANDORA S DIGITAL BOX: DIGITAL WALLETS AND THE HONOR ALL DEVICES RULE ADAM J. LEVITIN EXECUTIVE SUMMARY
PANDORA S DIGITAL BOX: DIGITAL WALLETS AND THE HONOR ALL DEVICES RULE ADAM J. LEVITIN EXECUTIVE SUMMARY Digital wallets are software applications based on mobile devices, desktop computers, or the Web
More informationVerifone MX 915/925 Payment Devices. with KWI 6.x POS Registers: What s New?
Verifone MX 915/925 Payment Devices with KWI 6.x POS Registers: What s New? Contents Overview... 3 Network and Power Requirements... 5 Network Requirements... 5 Power Requirements... 5 Place Your Order
More informationI N T E R A C. The Faster, More Convenient Way. Small Value Purchases
I N T E R A C I S S U I N G F L A S H The Faster, More Convenient Way to Securely Accept Payment For Small Value Purchases Trade-mark of Interac Inc. (Everlink Payment Services Inc.) authorized user of
More informationRevolutionize Your Business with Harbortouch
Revolutionize Your Business with Harbortouch Swipe Card Regardless of the business you are in, Harbortouch has the ideal processing solution for you. Allow Harbortouch to demonstrate why our company is
More informationFirst Data EFTPOS. User Guide. 8006L2-3CR Integrated PIN Pad
First Data EFTPOS User Guide 8006L2-3CR Integrated PIN Pad 2 Contents What are you looking for? Get to know your PIN pad Introduction 05 PIN Pad location and PIN privacy 05 PIN Pad ownership 06 Your PIN
More informationOHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017
OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION 682 Prospect Street Berea, Ohio 44017 REQUEST FOR PROPOSALS TO PROVIDE CREDIT CARD PROCESSING SERVICES TO THE OHIO TURNPIKE AND INFRASTRUCTURE COMMISSION ADDENDUM
More informationAccept Mobile Payments
Accept Mobile Payments INTRODUCTION Mobile phones are changing the way consumers make payments. Consumers have become accustomed to relying on their smartphones to manage a variety of their financial practices,
More informationPayment Services. Issuing Processing. Product & Service Portfolio for Retailers
Payment Services Issuing Processing Product & Service Portfolio for Retailers New card business models generate profit for retailers Generate additional revenue and improve customer loyalty A payment card
More informationVIRTUAL TERMINAL USER GUIDE
VIRTUAL TERMINAL USER GUIDE VERSION 17.2 NOVEMBER 2017 COPYRIGHT 2007-2017 GLOBAL PAYMENTS INC. ALL RIGHTS RESERVED. RELEASE NOVEMBER 2017 The Virtual Terminal User Guide contains proprietary information.
More informationPayments - EMV Review. EMV Functionality Inside OpenOne
Payments - EMV Review EMV Functionality Inside OpenOne A Brief History EMV stands for Europay, MasterCard and Visa. It is a global standard for cards equipped with computer chips and the technology used
More informationEMV Migration for the US Parking Industry EMV and the Parking Industry
EMV and the Parking Industry May 2013 Contents Introduction 03 What is EMV 04 Why EMV Matters 06 to Parking Overcoming the 08 Challenges Case Study 10 Best Practice Tips for 11 EMV Migration About Creditcall
More informationPayment Acceptance Solutions
Payment Acceptance Solutions Increase sales, enhance agility, and mitigate risks with CyberSource CyberSource is a Visa solution Businesses today are developing new strategies for acquiring and retaining
More informationSeeds of Change in Debit
Seeds of Change in Debit The 2016 Debit Issuer Study MEDIA EXHIBITS Study Overview The Debit Issuer Study is the definitive assessment of U.S. debit market 2016 Debit Issuer Study is the 11th edition of
More informationADDING VALUE TO SECURITY. How Issuers Can Leverage Tokenization to Capture New Revenue-Generating Opportunities. firstdata.com
A First Data Position Paper ADDING VALUE TO SECURITY How Issuers Can Leverage Tokenization to Capture New Revenue-Generating Opportunities firstdata.com Introduction The payments world is undergoing a
More informationAUTHORIZE.NET SAQ ELIGIBILITY WHITE PAPER NICK TRENC CISSP, CISA, QSA, PA- QSA. North America Europe coalfire.
W HITE P APER AUTHORIZE.NET SAQ ELIGIBILITY WHITE PAPER NICK TRENC CISSP, CISA, QSA, PA- QSA North America Europe 877.224.8077 info@coalfire.com coalfire.com TABLE OF CONTENTS Executive Summary... 3 Audience...
More informationPayment Digitalization and the University Smart Card
Payment Digitalization and the University Smart Card Payment Digitalization and the University Smart Card 1 EVOLVING LANDSCAPE 2 PAYMENTS CONVERGENCE 3 PARTNERSHIP APPROACH 2 1 There are two rapidly evolving
More informationEMVCo s Contactless Indicator Trademark - Acceptable Use Cases
EMVCo s Contactless Indicator Trademark - Acceptable Use Cases Last Revised: 21 August 2014 This document is intended as a companion to the Contactless Indicator Reproduction Requirements ( Reproduction
More informationHelping merchants automate testing practices.
Helping merchants automate testing practices. Meet deadlines, facilitate certifications and overcome complexities. www.fisglobal.com As a merchant, you are in the middle of the shift from traditional cash
More information3.17 Payment Card Industry (PCI) Compliance Policy
3.17 Payment Card Industry (PCI) Compliance Policy Policy Statement The Payment Card Industry (PCI) Security Standards Council (SSC) has developed standards, referred to as the Payment Card Industry Data
More informationSecurity overview. 2. Physical security
1. Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the cloud. Security
More informationWHO S GOT IT? WHO GETS IT?
3D SECURE 2.0: WHO S GOT IT? WHO GETS IT? An Outlook on Merchant Adoption BUSINESS-DRIVEN SECURITY SOLUTIONS 3D SECURE AUTHENTICATION 2.0: MERCHANTS WHO GOT IT ARE GETTING IT Online merchants whose experience
More informationEMV : One year later. Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale
EMV : One year later Merchants take steps to adapt and address challenges in the year following the shift to EMV technology at the point of sale EMV: ONE YEAR LATER A BANK OF AMERICA MERCHANT SERVICES
More informationHEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED PERFORMANCE OPTIMIZATION
HEADLINE INSIGHTS ON HERE EMV TRANSACTION SPEED Subhead & POS Here PERFORMANCE OPTIMIZATION EXECUTIVE SUMMARY It has been more than a year since the EMV liability shift came into effect in the U.S. and
More informationQuick Guide. Token Service Provider
Quick Guide Token Service Provider Introduction to Mobile Payments The mobile payments revolution is here! Driven by the development of near field communication (NFC) enabled smartphones, the launch of
More information