Transcript Document
VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Security Breaches In The News Security Breaches In The News Security Breaches In The News Security Breaches In The News The Challenge Difficulty for retail organizations to meet and retain PCI DSS security compliance Contributing Factors: • Too many points of failure • Audit oversight on complex networks • Monitoring the security level of POS systems is difficult and costly • Costly prevention methods Acquirer’s Security Challenge • Monitoring and verification of compliance • 80% of identified compromises since Jan. 1, 2005 have occurred at Level 4 merchants • Liability placed on acquirers to ensure Level 4 merchants are compliant Acquirer’s Security Challenge Unauthorized use of terminal An example of how a merchant can set up an exposed network connection without consulting the acquirer… PTSN VoIP Gateway Unencrypted Data Over Internet VoIP Provider PTSN Payment Processor Conventional Wisdom within the Payments Sector You have to be an expert in a lot of areas to protect your business today SSL, Point Encryption, Firewalls, PCI PED, Security Practices … QSA, Scanning, Static Auditing, Analytics … Prayer, Good Insurance Not anymore… Protect Monitor HTDES CDMS Mitigate Leaves Useless Data Current day retail scenario… PIN pad PLEASE SLIDE CARD PIN pad Full card track data traverses network in the clear until last connection to the processing host. TRANSACTION PROCESSING 45122113133121=1231133 Points of Potential Compromise Secure Frame Connection Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host PIN pad What if the data could be encrypted at the payment device and delivered through same transaction channel without upgrade to current system? ENCRYPTION AT DEVICE? Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host PIN pad secured by VeriShield Protect Track DataProtect is encrypted VeriShield at PINpad in manner delivers data in same that allows it toSystem use is format as POS The encrypted data is current POS expecting. then decrypted at the infrastructure. processing host. ENCRYPTED TRANSACTION PROCESSING 00CAHG#!aa=$#jkd50 Transaction Data Encrypted and Secure Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host VeriFone’s Vx 570 This solution is now available on Vx Solutions VeriFone’s Vx 570 secured by VeriShield Protect This solution is now available on Vx Solutions 00CAHG#!aa=$#jkd5 Transaction Data Encrypted and Secure Processing Host 298101 How Is This 20017632108900331272 Accomplished? 569982 98740300023954232128 Track data is encrypted at the mag stripe reader using 218934 32398566120907612778 Hidden TDES, a patented technology that reformats the 009321 55623210799095496331 data in a manner that the POS system network still 677882 65678823224350116785 receives the track data format it was expecting… 395864 23900934586793456821 212988 54673122093459968312 320023 78001239248290434298 983277 09123963364327496032 928383 52919951005333143465 435688 760033 012398 1588= 08119212884426940234 91119923884252413148 455781 02125952110177320187 BIN Routing 395684 H-TDES Last Four 93348955819021759690 Track Data Resident on Card 887154 12561963091370437047 435688 298101 760033 1588= 20017632108900331272 08119212884426940234 Track Data encrypted with Hidden Triple DES (H-TDES) Protecting Consumer Data AND VeriShield® Protect Components VeriFone Component: • VeriShield® Protect Encryption Software protects Retailers by seamlessly encrypting consumer card data before it enters the Retailers Point of Sale System…and maintains that protection until it is safely outside of the merchants infrastructure, effectively shielding the merchant from the actual details of the consumer data. Semtek Components: • Decryption Appliance high performance decryption appliance. • CDMS™ provides merchants and acquirers with a real time understanding of their security status and risk. It is also designed to provide merchant processors a definitive real time view of their entire portfolio without having to rely on self-reporting of the merchants within their system. Sustainable Security :: CDMS Overview The VeriShield Protect solution incorporates access to a Cipher Device Metrics Server™ (CDMS™) that provides a real-time status and alert system to monitor compliance of each and every transaction as it occurs. • A highly sophisticated monitoring system • Security assurance and forensics for every card transaction within the enterprise • Delivered in real time CDMS Dashboard CDMS as Definitive Monitoring Tool CDMS Key Features: Why They Matter… • Real Time vs. Everything Else When a breach occurs, time-lag to awareness is the critical measure of survivability. Real-time means real mitigation. Real time means the Acquirer is the first to know. • Actionable Data vs. Foggy Data Security status should not be an argument. CDMS empirical data (vs. analytics) makes it crystal clear if you are secure or not secure. • Auditing vs. Reporting Security monitoring is no place for conflicts of interest. Compliance teams need reporting that is auditable to SAS 70 standards. The Real Costs of Security Breaches • A single lost, stolen, or compromised customer record costs your company exactly $197 according to the Ponemon Institute, a privacy research firm • Fines associated with a compromise can equal $25-35 per account number according to Retail Systems Research • 80% of credit card data breaches are tied to cash register and other POS devices according to Gartner Inc. • A security breach can cost anywhere between $90 and $305 per record according to Forrester Research VeriShield Protect :: The Benefits to You • Cardholder data is never exposed in the POS environment Simplifies PCI DSS compliance • Significantly reduces impact of costly audits, prevention methods and potential breaches • No impact to current POS system Installing VeriShield Protect is transparent to the POS and does not require any software changes • No impact to cardholder Does not require any additional steps or actions by the customer Ensure your payment system is secure with VeriShield Protect.