Transcript Slide 1
VeriShield Protect
Revolutionary end-to-end
encryption technology
that simplifies PCI DSS
compliance with no
system upgrades
“[It is recommended that] Enterprises that accept, process or transmit
cardholder data implement end-to-end card data encryption and stop
transmitting sensitive card data ‘in the clear’.”
Avivah Litan, Gartner Analyst
Gartner Briefing, January 23, 2009
“We have industry-leading encryption, but the data has to be
unencrypted to request the information. The sniffer was able to
grab that authorization data at that point.”
President/CFO
A Large Processor
In particular, the standards require companies to encrypt data that
travels over computer networks “that are easy and common for a
hacker to intercept”. Whether certain internal networks are “easy and
common” to crack is a matter of judgment, so Navetta believes
Hannaford may have erroneously felt safe leaving data unencrypted in a
spot that turned out to be vulnerable.
David Navetta, President
InfoSec Compliance LLC
Cost to Comply — Cost of a Breach
For merchants who have become compliant:
Merchant Type
Level 1
Level 2
Level 4
Acquirers
PCI Compliance
Recurring Costs
.02-.07/tx
.05-.15/tx
.0 -.25/tx
$5/account
TJX Case
Cost of Breach
$240 million front end
$36 million recurring**
(.102/tx)
Plus the growing # of breaches =
NEED A SOLUTION!
$25-$75 per
record stolen
Merchant’s Security Challenge
Difficult for organizations to meet PCI DSS
security compliance
Recent events show that maintaining compliance
may be even more difficult
Contributing
Factors
Too many points of failure
Audit oversight on complex networks
Monitoring the security level of POS
systems is difficult and costly
Costly prevention methods
Acquirer’s Security Challenge
Monitoring and verification of compliance
for complete portfolio – Level 1 to Level 4
Level 1 and 2 merchants can have complex systems
Volume of Level 4 merchants
and their general lack of
knowledge on data security
Liability placed on acquirers
to ensure Level 4 merchants
are compliant
SECURITY FACT
80%
of identified compromises
since Jan. 1, 2005
have occurred at
Level 4 merchants
Current day
retail scenario …
PIN pad
Full card track data
traverses network
in the clear until
last connection to
the processing host.
TRANSACTION
PROCESSING
45122113133121=12311331
Points of Potential Compromise
Secure Frame Connection
Store A
Multilane POS System
Store A
Back Office Server
Company Network
Servers
Processing Host
How to address
the security dilemma …
298101
20017632108900331272
Encryption at the569982
Point of Swipe
98740300023954232128
218934
32398566120907612778
VeriShield Protect uses VeriShield
Encryption™
009321 Hidden55623210799095496331
(VHE), a patented format-preserving
technology
that
677882
65678823224350116785
reformats the data in a manner
system network
395864that the POS
23900934586793456821
still receives the track data
format it was54673122093459968312
expecting ...
212988
320023
78001239248290434298
983277
09123963364327496032
928383
52919951005333143465
435688 760033
012398 1588= 08119212884426940234
91119923884252413148
455781
02125952110177320187
BIN Routing 395684
H-TDES
Last Four 93348955819021759690
Track Data Resident on Card
887154
12561963091370437047
435688 298101
760033 1588= 20017632108900331272
08119212884426940234
Track Data encrypted with
VeriShield Hidden Encryption (VHE)
VeriFone PIN pad
PLEASE SLIDE CARD
PIN pad
Card data is encrypted
at the payment device
and delivered through
same transaction
channel without
upgrade to current
systems
ENCRYPTION AT
DEVICE?
Store A
Multilane POS System
Store A
Back Office Server
Company Network
Servers
Processing Host
PIN pad secured by VeriShield Protect
Track DataProtect
is
VeriShield
encrypted
at in
PINpad
delivers
data
in
manner
that
The
encrypted
same
format
as data
POS
allows
to
use at
is then itis
decrypted
System
expecting.
current
POS host.
the processing
infrastructure.
ENCRYPTED
TRANSACTION
PROCESSING
4356882981011588=200176
Transaction Data Encrypted and Secure
Store A
Multilane POS System
Store A
Back Office Server
Company Network
Servers
Processing Host
VeriFone Vx 570
This solution is
now available
on Vx Solutions
VeriFone Vx 570
secured by
VeriShield Protect
This solution is
now available
on Vx Solutions
4356882981011588=200176
Transaction Data Encrypted and Secure
Processing Host
VeriShield Protect
Now Offered in Multiple Ways
Enterprise
Processor hosted
Merchant hosted
Managed
VeriFone hosted
VeriShield Protect
Now Offered in Multiple Ways
Enterprise
Processor hosted
Merchant hosted
Managed
VeriFone hosted
VeriShield Protect
Now Offered in Multiple Ways
Enterprise – Processor
Encryption is transparent through processing
Transparent to merchant systems
Data decrypted at secure host processing facility
No impact to merchants
VeriShield Protect
Now Offered in Multiple Ways
Enterprise
Processor hosted
Merchant hosted
Managed
VeriFone hosted
VeriShield Protect
Now Offered in Multiple Ways
Enterprise – Merchant HQ
Solution for large retailer customers
Gives total control to the retailer
Offers immediate protection; more rapid time to market
Data decrypted at merchant central facility
Secure transmission from HQ to processor
VeriShield Protect
Now Offered in Multiple Ways
Enterprise
Processor hosted
Merchant hosted
Managed
VeriFone hosted
VeriShield Protect
Now Offered in Multiple Ways
Managed
On VeriFone’s Gateway
Data decrypted at VeriFone’s gateway and securely transmitted to processor
Direct and reseller models
Already certified by all the major processors; more rapid time to
market for merchant and reseller
Single interface for reporting and terminal management
Transaction consolidation for merchants across multiple terminal/comm types
End-to-End Encryption Explained
Data Encryption Zone
Merchant
Device
Merchant
Data Center
Good
POS device level
applications that
encrypt card data
Acquirer/
Processor
Gateway
Better
Visanet
Issuer
Best
Network level applications
that decrypt and monitor
VeriFone deploys technologies at the “end points” of the card
payment processing chain, hence “end-to-end” encryption.
VeriShield Hidden Encryption
Versus Competition
VeriShield
Hidden
Encryption
Clear Data
4356882981011588=20017632108900331272
Track Data encrypted with
VeriShield Hidden Encryption (VHE)
4356887600331588=08119212884426940234
Clear Track 2 or Equivalent Data
Triple DES
0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8
+37% Payload
AES
5d1ef20dced6bcbc12131ac7c54788aa6743C3D1519AB4F2CD9A78AB09A511BD
+70% Payload
Incompatible with current integrated systems.
Requires new development to make compatible.
Web Based Monitoring / Reporting
The VeriShield Protect solution incorporates access to a
Secure Device Management Service (VSDMS) that
provides a real-time status and alert system to monitor
compliance of each and every transaction as it occurs.
A highly sophisticated
monitoring system
Security assurance and
forensics for every card
transaction within the
enterprise
Delivered in real time
VSDMS
Dashboard
VSDMS as Definitive Monitoring Tool
VeriShield Secure Device Management (VSDMS)
Key Features and Why They Matter…
Real Time vs. Everything Else
When a breach occurs, time lag to awareness is the critical
measure of survivability. Real time means real mitigation.
Real time means the Acquirer is the first to know.
Actionable Data vs. Foggy Data
Security status should not be an argument. VSDMS empirical
data (vs. analytics) makes it crystal clear if you are secure or
not secure.
Auditing vs. Reporting
Security monitoring is no place for conflicts of interest.
Compliance teams need reporting that is auditable to
SAS 70 standards.
Value Proposition
Delivers true end-to-end encryption to the
merchant
Takes merchant out of the data security business
Best opportunity for PCI DSS “de-scoping”
Superior security investment ROI
VeriShield
Hidden
Encryption
4356882981011588=20017632108900331272
Track Data encrypted with
VeriShield Hidden Encryption (VHE)
Triple DES
0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8
+37% Payload
Incompatible with current integrated systems.
Requires new development to make compatible.
VeriShield Protect Value Proposition
VHE™ delivers encryption in a way that is
transparent to the merchant’s receiving systems
Rapid deployment
Low disruption
No POS system impact
435688 760033 1588= 08119212884426940234
BIN Routing
H-TDES
Last Four
Track Data Resident on Card
435688 298101 1588= 20017632108900331272
Track Data encrypted with
VeriShield Hidden Encryption (VHE)
VeriShield Protect Value Proposition
Ensures that if the merchant is breached,
they will not suffer harm
NO USEABLE DATA
means
NO HARM
VeriShield Protect Value Proposition
Monitors all systems in real time
at the device level (VSDMS)
Far superior to audit based approach
Definitive, real-time security assurance
For More Information
Visit
www.verifone.com/definitivesecurity