Jan 07, 2016
VeriShield Protect
Revolutionary end-to-end encryption technology that simplifies PCI DSS compliance with no system upgrades
Now
available on
Vx Solutions!
“[It is recommended that] Enterprises that accept, process or transmit cardholder data implement end-to-end card data encryption and stop transmitting sensitive card data ‘in the clear’.” Avivah Litan, Gartner Analyst
Gartner Briefing, January 23, 2009
“We have industry-leading encryption, but the data has to be unencrypted to request the information. The sniffer was able to grab that authorization data at that point.”
President/CFOA Large Processor
In particular, the standards require companies to encrypt data that travels over computer networks “that are easy and common for a hacker to intercept”. Whether certain internal networks are “easy and common” to crack is a matter of judgment, so Navetta believes Hannaford may have erroneously felt safe leaving data unencrypted in a spot that turned out to be vulnerable. David Navetta, President
InfoSec Compliance LLC
Plus the growing # of breaches =
Cost to Comply — Cost of a BreachFor merchants who have become compliant:
Merchant Type
Level 1 Level 2 Level 4 Acquirers
PCI Compliance Recurring
Costs.02-.07/tx .05-.15/tx .0 -.25/tx $5/account
TJX CaseCost of Breach
$240 million front end$36 million recurring**
(.102/tx)
$25-$75 per record stolen
NEED A SOLUTION!
Merchant’s Security Challenge
Difficult for organizations to meet PCI DSS security compliance
Recent events show that maintaining compliance may be even more difficult
ContributingFactors
Too many points of failure
Audit oversight on complex networksMonitoring the security level of POS systems is difficult and costly
Costly prevention methods
Acquirer’s Security Challenge
Monitoring and verification of compliance for complete portfolio – Level 1 to Level 4Level 1 and 2 merchants can have complex systemsVolume of Level 4 merchants and their general lack of knowledge on data securityLiability placed on acquirers to ensure Level 4 merchants are compliant
S E C U R I T Y F A C T
80%of identified
compromises since Jan. 1, 2005
have occurred atLevel 4 merchants
Current day retail scenario …
Full card track data traverses networkin the clear until last connection to the processing host.
45122113133121=12311331441414323232
Store AMultilane POS System
Store ABack Office Server
Company Network Servers
Processing Host
Secure Frame Connection
TRANSACTIONPROCESSING
PIN pad
Points of Potential Compromise
How to address the security dilemma
…
298101569982218934009321677882395864212988320023983277928383012398455781395684887154760033435688 1588=
200176321089003312729874030002395423212832398566120907612778556232107990954963316567882322435011678523900934586793456821546731220934599683127800123924829043429809123963364327496032529199510053331434659111992388425241314802125952110177320187933489558190217596901256196309137043704708119212884426940234298101 20017632108900331272
BIN Routing H-TDES Last Four Track Data Resident on Card
435688 760033 1588= 08119212884426940234
Track Data encrypted withVeriShield Hidden Encryption
(VHE)
Encryption at the Point of SwipeVeriShield Protect uses VeriShield Hidden Encryption™(VHE), a patented format-preserving technology that reformats the data in a manner that the POS system network still receives the track data format it was expecting ...
PLEASE SLIDE CARD
VeriFone PIN pad
Card data is encrypted at the payment device and delivered through same transaction channel without upgrade to current systems
Store ABack Office Server
Company Network Servers
Processing Host
ENCRYPTION ATDEVICE?
PIN pad
Store AMultilane POS System
Track Data is encrypted at PINpad in manner that allows it to use current POS infrastructure.
4356882981011588=20017632108900331272
Store ABack Office Server
Company Network Servers
Processing Host
ENCRYPTEDTRANSACTIONPROCESSING
PIN pad secured by VeriShield Protect
VeriShield Protect delivers data in same format as POS System is expecting.
The encrypted data is then decrypted at the processing host.
Transaction Data Encrypted and Secure
Store AMultilane POS System
VeriFone Vx 570
PLEASESLIDE CARD
This solution isnow available
on Vx Solutions
Processing Host
VeriFone Vx 570secured by
VeriShield ProtectENCRYPTED
TRANSACTION
PROCESSING
Transaction Data Encrypted and Secure
This solution isnow available
on Vx Solutions
4356882981011588=20017632108900331272
VeriShield ProtectNow Offered in Multiple Ways
Processor hosted
Merchant hosted
VeriFone hosted
ManagedEnterprise
Merchant hosted
VeriFone hosted
VeriShield ProtectNow Offered in Multiple Ways
ManagedEnterprise
Processor hosted
VeriShield ProtectNow Offered in Multiple Ways
Enterprise – Processor
Encryption is transparent through processing
Transparent to merchant systems
Data decrypted at secure host processing facilityNo impact to merchants
Processor hosted
VeriFone hosted
VeriShield ProtectNow Offered in Multiple Ways
ManagedEnterprise
Merchant hosted
VeriShield ProtectNow Offered in Multiple Ways
Enterprise – Merchant HQ
Solution for large retailer customers
Gives total control to the retailer
Offers immediate protection; more rapid time to marketData decrypted at merchant central facility
Secure transmission from HQ to processor
Merchant hosted
Processor hosted
VeriShield ProtectNow Offered in Multiple Ways
ManagedEnterprise
VeriFone hosted
Data decrypted at VeriFone’s gateway and securely transmitted to processorDirect and reseller modelsAlready certified by all the major processors; more rapid time to market for merchant and resellerSingle interface for reporting and terminal managementTransaction consolidation for merchants across multiple terminal/comm types
VeriShield ProtectNow Offered in Multiple Ways
Managed On VeriFone’s Gateway
End-to-End Encryption Explained
VeriFone deploys technologies at the “end points” of the card payment processing chain, hence “end-to-end” encryption.
Data Encryption Zone
POS device levelapplications thatencrypt card data
Network level applicationsthat decrypt and monitor
GoodBetter
Best
MerchantDevice
MerchantData Center Gateway Acquirer/
Processor Visanet Issuer
Versus Competition
VeriShield Hidden Encryption
Incompatible with current integrated systems.Requires new development to make compatible.
VeriShieldHidden Encryption
Clear Data
4356882981011588=20017632108900331272 Track Data encrypted with
VeriShield Hidden Encryption (VHE)
4356887600331588=08119212884426940234 Clear Track 2 or Equivalent Data
Triple DES+37% PayloadAES+70% Payload
0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8
5d1ef20dced6bcbc12131ac7c54788aa6743C3D1519AB4F2CD9A78AB09A511BD
Web Based Monitoring /
ReportingThe VeriShield Protect solution incorporates access to a Secure Device Management Service (VSDMS) that provides a real-time status and alert system to monitor compliance of each and every transaction as it occurs.
VSDMS Dashboard
A highly sophisticated monitoring systemSecurity assurance and forensics for every card transaction within the enterpriseDelivered in real time
VSDMS as Definitive Monitoring ToolVeriShield Secure Device Management (VSDMS)Key Features and Why They Matter…
Real Time vs. Everything Else
Actionable Data vs. Foggy Data
Auditing vs. Reporting
When a breach occurs, time lag to awareness is the critical measure of survivability. Real time means real mitigation. Real time means the Acquirer is the first to know.
Security status should not be an argument. VSDMS empirical data (vs. analytics) makes it crystal clear if you are secure or not secure.
Security monitoring is no place for conflicts of interest. Compliance teams need reporting that is auditable to SAS 70 standards.
Value Proposition
Delivers true end-to-end encryption to the merchant
Takes merchant out of the data security business
Best opportunity for PCI DSS “de-scoping”
Superior security investment ROI
4356882981011588=20017632108900331272Track Data encrypted withVeriShield Hidden Encryption (VHE)
VeriShieldHiddenEncryption
0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8
Triple DES+37% Payload Incompatible with current integrated systems.
Requires new development to make compatible.
VeriShield Protect Value PropositionVHE™ delivers encryption in a way that is transparent to the merchant’s receiving systemsRapid deployment
Low disruption
No POS system impact
435688 1588=298101 20017632108900331272
BIN Routing H-TDES Last Four Track Data Resident on Card
435688 760033 1588= 08119212884426940234
Track Data encrypted withVeriShield Hidden Encryption
(VHE)
VeriShield Protect Value PropositionEnsures that if the merchant is breached,they will not suffer harm
NO USEABLE DATAmeans
NO HARM
VeriShield Protect Value PropositionMonitors all systems in real timeat the device level (VSDMS)
Far superior to audit based approach
Definitive, real-time security assurance
www.verifone.com/definitivesecurity
For More Information
Visit