Countdown to compliance
This presentation is the property of its rightful owner.
Sponsored Links
1 / 34

Countdown to Compliance PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Countdown to Compliance. October 2009. Introduction. This presentation is geared to merchant acquirers and ISOs in the financial services industry that sell to small to mid-sized merchants It is not designed for: Petroleum ISVs Multi-lane retailers VARs Transportation Retail Banking

Download Presentation

Countdown to Compliance

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Countdown to compliance

Countdown to Compliance

October 2009



  • This presentation is geared to merchant acquirers and ISOs in the financial services industry that sell to small to mid-sized merchants

  • It is not designed for:

    • Petroleum ISVs

    • Multi-lane retailers

    • VARs

    • Transportation

    • Retail Banking

  • If you’re in the petroleum space visit:

  • If you’re in the multi-lane retail space visit:



  • Breach Concerns

  • What is PCI PED?

  • Sample Scenarios

  • VeriFone’s PCI PED Campaign

  • Vx Solutions and MX Solutions Overview

  • Q&A

Why worry about a breach

Why worry about a Breach?

  • Industry research indicates that many merchants do not know much about security

  • In fact, Visa research indicates that compliance was lowest among level 4 merchants

  • According to industry research by Verizon, 81 percent of the organizations that experienced a breach “were not Payment Card Industry (PCI) compliant,”

  • 75 percent of the breaches it investigated involved the retail (31 percent), financial services (30 percent) and food & beverage (14 percent) industries

  • More than 80% of breaches since 2005 have happened at small merchants

  • You only hear about the bigger breaches but smaller ones occur every day

Security breaches in the news

Security Breaches In The News

What is pci ped

What is PCI PED?

  • PCI PED requirements are primarily concerned with device characteristics impacting the security of the PIN Entry Device used by the cardholder during a financial transaction.

  • These rules are to protect the consumer from fraud.

  • There are two factors involved in PCI PED requirements.

    • Device characteristics – thephysical and logical security characteristics of the device that deter a physical attack on the device—for example, the penetration of the device to determine its key(s) or to plant a PIN-disclosing “bug” within it or allowing the device to output a clear-text PIN-encryption key

    • Device management considers how the PED is produced, controlled, transported, stored, and used throughout its lifecycle

  • The deadline to remove PCI PED ‘never approved’ devices from the market is July 1, 2010.

    • Most of these devices were manufactured before 2004

  • Visa has issued a tentative removal date of Dec 2014 for all Visa PED approved devices

Ped approval recap

PED Approval Recap

Merchants/Retailers Must Stop PIN use by July 2010

Never Approved

Manufacturers MUST NOT place for PIN after December 2007

And must be removed by December 2014

Visa PED Approved

Manufacturers MUST place for PIN entry after 12/2007

PCI PED Approved



Impact to the retailer merchant

Impact to the Retailer/Merchant

  • There has been much confusion over the impact to a retailer who does not meet the Visa July 1, 2010 mandates for payment security

  • To review, there are three different mandates from Visa that must be met by US merchants by July 1, 2010.  These are:

    • All never approved payment devices on which PIN debit transactions are conducted must be removed from service.  This includes any terminal that is not either VISA PED or PCI PED.

    • All debit card PINs must be encrypted in TDES from the payment device

    • All applications that “store, process, or transmit cardholder information” must be PA-DSS or PABP compliant

Key dates

Key Dates

  • Visa has chosen to implement the following regulations in order to transition to PCI PED compliance:

    • October 1, 2009 —Acquirers must submit to Visa a summary TDES compliance status report and plan to achieve full compliance for sponsored attended POS activity

    • July 1, 2010 —All never approved devices must be removed from service

    • July 1, 2010 — If there is a breach of a never approved device after July 1, 2010, liability for the breach transfers from the issuer to the acquirer and the merchant.

    • August 1, 2012 —Acquirers may be assessed fines for sponsoring any non-TDES compliant merchants or agents

How do i upgrade by merchants

How do I upgrade by merchants?

  • Replace never approved devices with higher-functioning devices

  • Add a compliant PCI PED approved PIN Pad like the PP1000SE

  • Use this opportunity as a way to add value to replace the older device

    • Value added applications

      • Gift card

      • Loyalty

    • PIN debit

    • Faster devices

    • Pay at the point of service

How to upgrade your merchant sample scenario

How to Upgrade Your Merchant - Sample Scenario

  • Type of Retailer:

  • Type of Retailer: Sports Memorabilia Vendor in Mall

  • Scenario: Tim owns a sports memorabilia store in a busy mall.

  • Accepting electronic payments for many years using an Omni 3210 countertop device

  • Being able to accept credit and debit cards is a major plus for his business.

  • Challenge:

  • Has heard about more stringent security requirements which affect his Omni 3210.

  • He calls his ISO rep who refers him to VeriFone’s PCI PED landing page where he finds a wealth of knowledge and easy to understand materials.

  • He also realizes that technology has come a long way and decides that it’s time to upgrade to a wireless device to eliminate the expense of his phone line.

Achieve compliance with the v x 510 gprs

Achieve Compliance with the Vx 510 GPRS

Solution: Upgrade to a higher functioning and PCI PED compliant

Vx 510 GPRS for faster transactions and more flexibility

  • Tim now has the peace of mind knowing that his Vx 510 GPRS is compliant with the latest security requirements.

  • Also has the added benefits of faster transactions and a mobile device

    • The Vx 510 GPRS accepts payments anywhere there is a power source which is great when Tim visits fairs or sets up a mall kiosk.

    • He no longer needs to pay for an extra phone or DSL line which saves him additional money.

    • The ability to accept PIN debit is another plus since debit transactions mean lower overall transaction costs for his business.

Merchant scenario 2

Merchant Scenario #2

  • Type of Retailer: Jewelry Store

  • Scenario: Susie owns a successful jewelry store

  • Accepting electronic payments for many years using a NURIT 2085+ countertop device

  • Being able to accept credit is a major plus for her business since most jewelry purchases are rather expensive.

  • Challenge:

  • She has heard about more stringent security requirements which affect her NURIT 2085+ but is not concerned since she does not accept PIN debit

  • After doing some research she realizes that by offering PIN debit to her customers, she could be saving money due to the lower transaction fees. Plus she’s noticed that more people are using their debit cards due to the current economic conditions.

Merchant scenario 2 conclusion

Merchant Scenario #2 - Conclusion

  • Solution: Susie decides to upgrade to the Vx 670 portable device

  • It can be used anywhere in the store – customers can pay right where they make their jewelry selection and do not have to walk across the store floor.

  • Customers can complete their own transactions and do not have to give up their credit card which gives them peace of mind

  • Susie has all the benefits of a portable device which comes in handy when she visits jewelry shows and fares

  • Ability to accept PIN debit which means lower overall transaction costs.

Feature expansion value

Feature Expansion + Value

  • Multiple Reasons to Focus on Latest Products

    • Higher Value (“More Bang for the Buck”)

    • Lower Cost of Ownership & Reliability

    • Portability – Taking payment to the Point of Service

    • Customer Stickiness + Features

      • Multiple application support

    • Performance & Speed

Now is the time to upgrade your merchants to a higher functioning device

Now Is The Time To Upgrade Your Merchants To A Higher Functioning Device

Shift to Newer Technology

Usability & Security

“Design Focused”

Speed & IP


Pro actively promote security

Pro-Actively Promote Security

  • Educate against unsecure devices for transactions

    • Secure terminals, even if no PIN

    • Replace never approved devices before July 2010

    • Promote new PCI PED approved devices

  • Promote End-to-End Data Encryption

    • VeriShield Protect


Verifone s position

VeriFone’s Position

  • Created the PCI PED upgrade program to help our partners to remove never approved PIN pads and devices out of the market

  • We want to help you leverage the opportunity to move merchants to a new VeriFone product (and even upgrade to a higher functioning device) and replace the old

  • We believe at this phase, education is crucial

Campaign overview

Campaign Overview

  • The expired parking meter is our theme graphic and will be a graphic element on materials

  • Program started July 2009

  • Education very important since topic is complex

  • Creating Acquirer and Merchant specific information

Advertising support

Advertising Support

  • Trade publication advertising for several months will support this campaign

Acquirer collateral

Acquirer Collateral

  • White Paper

  • Flyer

  • FAQs

  • How to upsell your merchants

  • Tool Kit (Interactive PDF)

  • Product Upgrade Chart

  • All materials are available on the landing page

  • And exclusive tools at the VeriFone Zone

Merchant collateral

Merchant Collateral

  • Merchant Educational Package

    • Easy to understand overview, product charts, frequently asked questions, additional resources

  • Merchant Flyer

    • One page sheets with key dates and deadlines

  • Online Resources:

    • PCI Security Council

    • Merchant SAQ

    • (Merchant Tab)

Pci ped landing page

PCI PED Landing Page

  • Breach Calculator

  • Countdown clock

  • Collateral

  • White Paper

  • Product Upgrade Chart

Countdown Clock

Breach Calculator

White Paper


Breach calculator

Breach Calculator




Pci ped compliance chart

PCI PED Compliance Chart

This chart applies to countertop and mobile merchants

Pci ped compliance chart1

PCI PED Compliance Chart

This chart applies to multi-lane retail devices

More tools at www verifonezone com

More Tools at

  • All the tools presented here today are available for download at the VeriFone Zone (

  • There is chart for all VeriFone products that are never approved and PCI PED approved as well as the recommended upgrade

    • This piece is only available at the Zone

V x solutions a platform for now and for the future

Vx Solutions - A Platform for Now and for the Future


  • Consistent user interface

  • Consistent software base

  • Consistent support needs


  • PA DSS accepted applications

  • PCI PED approved

  • Part of a complete end-to-end encryption


  • High-speed processor

  • Multi-application capabilities

  • Many connectivity options


  • Lower cost of sales, ownership and support

  • Easy to understand “up-sell” strategy

  • Opens new markets with little investment

  • Complete line of products and solutions

Compatibility broadens your offering

Compatibility Broadens Your Offering

  • Consistency across form factors offers complete line of solutions for all market segments and customer needs

    • Single function  multi-application

    • Fixed  transportable  portable

    • Customer facing  clerk facing

  • More certifications than any other hardware provider make selling, installing, supporting, and expanding simpler

Mx family solutions for multi lane retailers

MX Family, Solutions for Multi-Lane Retailers

  • Customer facing payment solutions

  • All built on a common,secure platform

  • All run the same applications

  • Share consistent user interfaces

  • All are PCI PED approved

  • Interchangeable and field-upgradable modules future-proof your investment

offer a lower cost of ownership

Pin pad 1000se

PIN Pad 1000SE

  • Number one selling PIN pad in the industry!

  • Easy to use PIN debit entry

  • PCI PED approved to meet the latest standards for secure PIN entry

  • Future-proof payment solution, fully updatable and compatible

  • Provides the best protection against fraud for merchants and consumers;

  • USB option provides another way to connect to a PC software program which minimizes cabling and countertop clutter

Additional resources

Additional Resources

  • PCI PED website

  • PCI PED list of approved devices

  • VeriFone Security Page

  • Secure Retail Payments

  • Visa

Countdown to compliance

Q&A Session

Questions?We want your feedback – please complete the poll at this presentation and the recording

  • Login