Transcript Slide 1
VeriShield Protect Revolutionary end-to-end encryption technology that simplifies PCI DSS compliance with no system upgrades “[It is recommended that] Enterprises that accept, process or transmit cardholder data implement end-to-end card data encryption and stop transmitting sensitive card data ‘in the clear’.” Avivah Litan, Gartner Analyst Gartner Briefing, January 23, 2009 “We have industry-leading encryption, but the data has to be unencrypted to request the information. The sniffer was able to grab that authorization data at that point.” President/CFO A Large Processor In particular, the standards require companies to encrypt data that travels over computer networks “that are easy and common for a hacker to intercept”. Whether certain internal networks are “easy and common” to crack is a matter of judgment, so Navetta believes Hannaford may have erroneously felt safe leaving data unencrypted in a spot that turned out to be vulnerable. David Navetta, President InfoSec Compliance LLC Cost to Comply — Cost of a Breach For merchants who have become compliant: Merchant Type Level 1 Level 2 Level 4 Acquirers PCI Compliance Recurring Costs .02-.07/tx .05-.15/tx .0 -.25/tx $5/account TJX Case Cost of Breach $240 million front end $36 million recurring** (.102/tx) Plus the growing # of breaches = NEED A SOLUTION! $25-$75 per record stolen Merchant’s Security Challenge Difficult for organizations to meet PCI DSS security compliance Recent events show that maintaining compliance may be even more difficult Contributing Factors Too many points of failure Audit oversight on complex networks Monitoring the security level of POS systems is difficult and costly Costly prevention methods Acquirer’s Security Challenge Monitoring and verification of compliance for complete portfolio – Level 1 to Level 4 Level 1 and 2 merchants can have complex systems Volume of Level 4 merchants and their general lack of knowledge on data security Liability placed on acquirers to ensure Level 4 merchants are compliant SECURITY FACT 80% of identified compromises since Jan. 1, 2005 have occurred at Level 4 merchants Current day retail scenario … PIN pad Full card track data traverses network in the clear until last connection to the processing host. TRANSACTION PROCESSING 45122113133121=12311331 Points of Potential Compromise Secure Frame Connection Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host How to address the security dilemma … 298101 20017632108900331272 Encryption at the569982 Point of Swipe 98740300023954232128 218934 32398566120907612778 VeriShield Protect uses VeriShield Encryption™ 009321 Hidden55623210799095496331 (VHE), a patented format-preserving technology that 677882 65678823224350116785 reformats the data in a manner system network 395864that the POS 23900934586793456821 still receives the track data format it was54673122093459968312 expecting ... 212988 320023 78001239248290434298 983277 09123963364327496032 928383 52919951005333143465 435688 760033 012398 1588= 08119212884426940234 91119923884252413148 455781 02125952110177320187 BIN Routing 395684 H-TDES Last Four 93348955819021759690 Track Data Resident on Card 887154 12561963091370437047 435688 298101 760033 1588= 20017632108900331272 08119212884426940234 Track Data encrypted with VeriShield Hidden Encryption (VHE) VeriFone PIN pad PLEASE SLIDE CARD PIN pad Card data is encrypted at the payment device and delivered through same transaction channel without upgrade to current systems ENCRYPTION AT DEVICE? Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host PIN pad secured by VeriShield Protect Track DataProtect is VeriShield encrypted at in PINpad delivers data in manner that The encrypted same format as data POS allows to use at is then itis decrypted System expecting. current POS host. the processing infrastructure. ENCRYPTED TRANSACTION PROCESSING 4356882981011588=200176 Transaction Data Encrypted and Secure Store A Multilane POS System Store A Back Office Server Company Network Servers Processing Host VeriFone Vx 570 This solution is now available on Vx Solutions VeriFone Vx 570 secured by VeriShield Protect This solution is now available on Vx Solutions 4356882981011588=200176 Transaction Data Encrypted and Secure Processing Host VeriShield Protect Now Offered in Multiple Ways Enterprise Processor hosted Merchant hosted Managed VeriFone hosted VeriShield Protect Now Offered in Multiple Ways Enterprise Processor hosted Merchant hosted Managed VeriFone hosted VeriShield Protect Now Offered in Multiple Ways Enterprise – Processor Encryption is transparent through processing Transparent to merchant systems Data decrypted at secure host processing facility No impact to merchants VeriShield Protect Now Offered in Multiple Ways Enterprise Processor hosted Merchant hosted Managed VeriFone hosted VeriShield Protect Now Offered in Multiple Ways Enterprise – Merchant HQ Solution for large retailer customers Gives total control to the retailer Offers immediate protection; more rapid time to market Data decrypted at merchant central facility Secure transmission from HQ to processor VeriShield Protect Now Offered in Multiple Ways Enterprise Processor hosted Merchant hosted Managed VeriFone hosted VeriShield Protect Now Offered in Multiple Ways Managed On VeriFone’s Gateway Data decrypted at VeriFone’s gateway and securely transmitted to processor Direct and reseller models Already certified by all the major processors; more rapid time to market for merchant and reseller Single interface for reporting and terminal management Transaction consolidation for merchants across multiple terminal/comm types End-to-End Encryption Explained Data Encryption Zone Merchant Device Merchant Data Center Good POS device level applications that encrypt card data Acquirer/ Processor Gateway Better Visanet Issuer Best Network level applications that decrypt and monitor VeriFone deploys technologies at the “end points” of the card payment processing chain, hence “end-to-end” encryption. VeriShield Hidden Encryption Versus Competition VeriShield Hidden Encryption Clear Data 4356882981011588=20017632108900331272 Track Data encrypted with VeriShield Hidden Encryption (VHE) 4356887600331588=08119212884426940234 Clear Track 2 or Equivalent Data Triple DES 0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8 +37% Payload AES 5d1ef20dced6bcbc12131ac7c54788aa6743C3D1519AB4F2CD9A78AB09A511BD +70% Payload Incompatible with current integrated systems. Requires new development to make compatible. Web Based Monitoring / Reporting The VeriShield Protect solution incorporates access to a Secure Device Management Service (VSDMS) that provides a real-time status and alert system to monitor compliance of each and every transaction as it occurs. A highly sophisticated monitoring system Security assurance and forensics for every card transaction within the enterprise Delivered in real time VSDMS Dashboard VSDMS as Definitive Monitoring Tool VeriShield Secure Device Management (VSDMS) Key Features and Why They Matter… Real Time vs. Everything Else When a breach occurs, time lag to awareness is the critical measure of survivability. Real time means real mitigation. Real time means the Acquirer is the first to know. Actionable Data vs. Foggy Data Security status should not be an argument. VSDMS empirical data (vs. analytics) makes it crystal clear if you are secure or not secure. Auditing vs. Reporting Security monitoring is no place for conflicts of interest. Compliance teams need reporting that is auditable to SAS 70 standards. Value Proposition Delivers true end-to-end encryption to the merchant Takes merchant out of the data security business Best opportunity for PCI DSS “de-scoping” Superior security investment ROI VeriShield Hidden Encryption 4356882981011588=20017632108900331272 Track Data encrypted with VeriShield Hidden Encryption (VHE) Triple DES 0xb524190b811cbe5cd550892da8168a4c7d5d651f50892da8 +37% Payload Incompatible with current integrated systems. Requires new development to make compatible. VeriShield Protect Value Proposition VHE™ delivers encryption in a way that is transparent to the merchant’s receiving systems Rapid deployment Low disruption No POS system impact 435688 760033 1588= 08119212884426940234 BIN Routing H-TDES Last Four Track Data Resident on Card 435688 298101 1588= 20017632108900331272 Track Data encrypted with VeriShield Hidden Encryption (VHE) VeriShield Protect Value Proposition Ensures that if the merchant is breached, they will not suffer harm NO USEABLE DATA means NO HARM VeriShield Protect Value Proposition Monitors all systems in real time at the device level (VSDMS) Far superior to audit based approach Definitive, real-time security assurance For More Information Visit www.verifone.com/definitivesecurity