Title: VeriShield Protect
1VeriShieldProtect
Nowavailable on Vx Solutions!
- Revolutionary technology that simplifies PCI DSS
compliance with no system upgrades
2Security Breaches In The News
3Security Breaches In The News
4Security Breaches In The News
5Security Breaches In The News
6The Challenge
Difficulty for retail organizations to meet and
retain PCI DSS security compliance
- Contributing Factors
- Too many points of failure
- Audit oversight on complex networks
- Monitoring the security level of POS systems is
difficult and costly - Costly prevention methods
7Acquirers Security Challenge
- Monitoring and verification of compliance
- 80 of identified compromises since Jan. 1, 2005
have occurred at Level 4 merchants - Liability placed on acquirers to ensure Level 4
merchants are compliant
8Acquirers Security Challenge
Unauthorized use of terminal
An example of how a merchant can set up an
exposed network connection without consulting the
acquirer
9Conventional Wisdom within the Payments Sector
You have to be an expert in a lot of areas to
protect your business today
10Not anymore
11Current day retail scenario
12PIN pad
PLEASE SLIDE CARD
13PIN pad
Full card track data traverses networkin the
clear until last connection to the processing
host.
TRANSACTIONPROCESSING
4512211313312112311331441414323232
14PIN pad
What if the data couldbe encrypted at the
payment device and delivered through same
transaction channel without upgrade to current
system?
ENCRYPTION AT DEVICE?
Store ABack Office Server
Company Network Servers
Processing Host
Store AMultilane POS System
15PIN pad secured by VeriShield Protect
Track Data is encrypted at PINpad in manner that
allows it to use current POS infrastructure.
VeriShield Protect delivers data in same format
as POS System is expecting.
ENCRYPTEDTRANSACTIONPROCESSING
The encrypted data is then decrypted at the
processing host.
00CAHG21!aajkd500fasdJ_at_!21
Store AMultilane POS System
16VeriFones Vx 570
This solution isnow availableon Vx Solutions
PLEASESLIDE CARD
17VeriFones Vx 570secured byVeriShield Protect
This solution isnow availableon Vx Solutions
ENCRYPTEDTRANSACTIONPROCESSING
00CAHG21!aajkd500fasdJ_at_!21
Transaction Data Encrypted and Secure
Processing Host
18How Is This Accomplished?
298101 569982 218934 009321 677882 395864 212988 3
20023 983277 928383 012398 455781 395684 887154 76
0033
20017632108900331272 98740300023954232128 32398566
120907612778 55623210799095496331 6567882322435011
6785 23900934586793456821 54673122093459968312 780
01239248290434298 09123963364327496032 52919951005
333143465 91119923884252413148 0212595211017732018
7 93348955819021759690 12561963091370437047 081192
12884426940234
Track data is encrypted at the mag stripe reader
using Hidden TDES, a patented technology that
reformats the data in a manner that the POS
system network still receives the track data
format it was expecting
435688 760033 1588 08119212884426940234
BIN Routing
H-TDES
Last Four
Track Data Resident on Card
435688
1588
298101
20017632108900331272
Track Data encrypted withHidden Triple DES
(H-TDES)
19Protecting Consumer Data
A N D
20VeriShield Protect Components
- VeriFone Component
- VeriShield Protect Encryption Softwareprotects
Retailers by seamlessly encrypting consumer card
data before it enters the Retailers Point of Sale
Systemand maintains that protection until it is
safely outside of the merchants infrastructure,
effectively shielding the merchant from the
actual details of the consumer data. - Semtek Components
- Decryption Appliance high performance decryption
appliance. - CDMS provides merchants and acquirers with a
real time understanding of their security status
and risk. It is also designed to provide merchant
processors a definitive real time view of their
entire portfolio without having to rely on
self-reporting of the merchants within their
system.
21Sustainable Security CDMS Overview
The VeriShield Protect solution incorporates
access to aCipher Device Metrics Server (CDMS)
that provides a real-time status and alert system
to monitor compliance of each and every
transaction as it occurs.
- A highly sophisticated monitoring system
- Security assurance and forensics for every card
transaction within the enterprise - Delivered in real time
CDMS Dashboard
22CDMS as Definitive Monitoring Tool
CDMS Key Features Why They Matter
- Real Time vs. Everything ElseWhen a breach
occurs, time-lag to awareness is the critical
measure of survivability. Real-time means real
mitigation. Real time means the Acquirer is the
first to know. - Actionable Data vs. Foggy DataSecurity status
should not be an argument. CDMS empirical
data(vs. analytics) makes it crystal clear if
you are secure or not secure. - Auditing vs. ReportingSecurity monitoring is no
place for conflicts of interest. Compliance
teams need reporting that is auditable to SAS 70
standards.
23The Real Costs of Security Breaches
- A single lost, stolen, or compromised customer
record costs your company exactly 197according
to the Ponemon Institute, a privacy research firm
- Fines associated with a compromise can equal
25-35per account numberaccording to Retail
Systems Research - 80 of credit card data breaches are tied to cash
register and other POS devicesaccording to
Gartner Inc. - A security breach can cost anywhere between 90
and 305 per recordaccording to Forrester
Research
24VeriShield Protect The Benefits to You
- Cardholder data is never exposed in the POS
environmentSimplifies PCI DSS compliance - Significantly reduces impact of costly audits,
prevention methods and potential breaches - No impact to current POS systemInstalling
VeriShield Protect is transparent to the POSand
does not require any software changes - No impact to cardholderDoes not require any
additional steps or actions by the customer
25Ensure your payment system is secure with
VeriShield Protect.