[Customer
This presentation is the property of its rightful owner.
Sponsored Links
1 / 47

[Your Company Name Here] PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on
  • Presentation posted in: General

[Customer Logo Here]. Introducing Secure PumpPAY A Payment Security solution for your existing fuel dispensers from VeriFone. [Your Company Name Here]. Discussion Topics. Why Secure PumpPAY  Why now What our customers are telling us Overview of Secure PumpPAY features

Download Presentation

[Your Company Name Here]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Your company name here

[Customer

Logo

Here]

Introducing Secure PumpPAYA Payment Security solution for your existing fuel dispensers from VeriFone

[Your Company Name Here]


Discussion topics

Discussion Topics

  • Why Secure PumpPAY  Why now

  • What our customers are telling us

  • Overview of Secure PumpPAY features

    • Dispenser retrofit kit options available

  • Understanding your fuel dispenser PCI options

  • Common Misconceptions – Information you need to Know

  • What to expect during installation

  • Other PCI-related solutions you should consider

  • Questions


Why secure pumppay why now

Why Secure PumpPAY, Why Now?

Convergence of three key attributes:

  • Card usage sharply increased at the pump

  • PCI standards and dates have been cemented

  • Improved security at retail stores and restaurants has exposed our industries vulnerability

    • Over 1 million fueling positions are prime targets


Significant rise in card use at petroleum retail sites

Significant rise in card use at petroleum retail sites

  • Pay at the pump availability has grown steadily

    • Approx. 90% of sites offer pay at the pump

    • Approx. 60%% of sites also accept Debit at the pump

  • North America has over 700K dispensers (over 1.4M fueling points)

  • Cards have surpassed cash as dominant payment form at convenience stores

  • Recent rise in fuel costs have driven additional card transactions


Pci standards and dates have been cemented

PCI standards and dates have been cemented

January 2009

New fuel dispensers must support Triple DES (TDES) by January 1, 2009.

  • All newly deployed unattended POS PIN acceptance devices must contain an EPP that has passed testing by a PCI recognized laboratory and is approved by Visa for new deployments.

    Impact: TDES-capable PCI certified keypads required on new dispensers accepting PIN debit transactions.

Visa Security Mandates

July 2010

Existing fuel dispensers must support Triple DES (TDES) by July 1, 2010.

  • All transactions originating at POS PEDs must be encrypting PINs using TDES from the point of transaction to the Issuer (end-to-end)

    Impact: TDES-capable PCI certified keypads required on all dispensers accepting PIN debit transactions.


Key pci dates you need to be aware of

Secure the forecourt with TDES

Upgrade to PCI PED PIN Pads & TDES

Update Payment Software to PABP

1

2

3

January 2009New dispensers

June 2010Existing dispensers

June 2010Merchants VISA PED or PCI PED Pin Pads and TDES

October 2008 New Stores

July 2010All Stores

July

2008

Oct

2008

Jan

2009

April

2009

July

2009

Oct

2009

Jan

2010

June

2010

July

2010

Key PCI dates you need to be aware of


Improved security in other industries has exposed our vulnerability

Improved Security in other industries has exposed our vulnerability

Thieves Increasing Targeting Fuel Dispensers

100%

Degree of

Security

0%

Retail

Restaurants

Gas Stations

Organized Crime Focus

“Using a credit card at a gas station poses more of a risk for data theft than shopping online, as point-of-sale terminals at the pump have emerged as a weak link in the security chain”  Gartner Group


Fuel dispenser skimming is becoming epidemic

Fuel dispenser skimming is becoming epidemic

7/29/08 Calgary Police estimate 2 or 3 new "Skim" sites are set up every day in Calgary. The lead investigator, Constable Darren Hafner guesses there's up to 50 different stores in Calgary on any given day with skimmers and cameras operating.

7/29/08Under the pretense of needing a nicotine fix, a man walked into an Edmonton gas station last week and ran out with a debit-card machine.

7/23/08OPP investigators believe they've broken up a fraud operation that involved the use of "skimming" devices in fuel pumps to collect the credit card and debit card information of Windsor and Essex County residents.

7/23/08Devices used to steal your credit card number are showing up in the Austin area. Just last week, Texas Department of Public Safety troopers say they found one in a man's car. They're afraid he's part of a much bigger operation.

7/22/08 “In Las Vegas, just in the last month, we have recovered 4-5 skimmers and a gas station skimmer that was actually in a pump.”

7/9/08 That's what Pennsylvania State Police said about the thieves who cracked into numerous Lower Bucks bank accounts by planting a card skimmer inside gas pumps, including one at a Bristol Township Wawa.


What our customers are telling us

What our Customers are telling us

  • Most customers don’t understand what they have to do to meet PCI mandates

    • Think the dates will be pushed out again

    • Don’t believe these PCI mandates apply to them

    • Are angry with the Card Associations because of Interchange Fee “Ransoms” they are paying

  • There is much confusion about the various options available

  • Other companies are misrepresenting their capabilities and leading customers to believe there are inexpensive, stop-gap solutions that are also Secure and will protect them from fraud


  • Overview of secure pumppay

    Overview of Secure PumpPAY


    Overview of secure pumppay and its features

    Overview of Secure PumpPAY and its Features

    32 bit processor

    Secure embedded Linux OS

    Color LCD screen

    5.7” ¼ VGA

    24MB memory

    8MB Flash, 16MB DRAM

    512K Secure SRAM

    8 screenaddressable keys

    Contactless Card Reader

    Integrated into unit

    Tamper responsive housing

    PCI PED certified

    Built-in privacy shield

    Recessed keypad easier to use

    Large key polymer keypad

    IP65 rated sealed PIN pad

    Dip Style Magnetic Stripe Card Reader

    Connectivity2 serial ports

    1 Ethernet port

    Optional PSTN/ISDN port

    Software Development Kit

    API’s and XML/HTML GUI

    development tools

    ** Remote key loading


    Increases fuel dispenser security

    Extended bezel around unit eliminates or reduces ability of cameras being used for capturing PIN entries

    Tactile keypad prevents keyboard overlay skimmers from being installed

    OP4100 housing conceals all cables making installation of skimmers more difficult

    PCI EPP 1.3 certified

    Increases fuel dispenser security

    • New keys for doors will make access to Secure PumpPAY units more difficult as keys are not widely available

    • Canadian version features Secure Card Reader (EMV certified) which encrypts message from MSR to EPP and door switch

    • VeriShield Protect will further improve security by encrypting track data as soon as it is read by the MSR

    Impact: Criminals will target pumps with known vulnerable DCR’s


    Secure pumppay security benefits

    Meets the latest Payment Card Industry (PCI) requirements to provide the most secure on-line PIN entry as well as Triple DES method of encryption at the fuel dispenser

    Secure PumpPAY housing conceals all cables making installation of skimmers more difficult

    New keys for doors will make Secure PumpPAY units more difficult to access as keys are not widely available

    Secure PumpPAY Security Benefits


    Secure pumppay enhanced security benefits

    Extended bezel around unit reduces or eliminates ability of cameras being used for capturing PIN entries

    Polymer tactile keypad prevents keyboard overlay skimmers from being installed

    Remote key load feature allows debit keys to be loaded in the field and helps ease the process when changing networks

    Secure PumpPAY Enhanced Security Benefits


    Additional secure pumppay benefits

    Integrated, all-in-one design simplifies installation into existing pumps — Retrofit Kits available for all major dispenser manufacturers and models, and can be done in as little as 30 minutes.

    Large color display provides bright attention-getting messages that help drive customers into the store for high margin sales.

    Integrated high resolution printer included and can prominently highlight graphics such as company logos and bar-coded receipts for in-store promotions.

    Additional Secure PumpPAY Benefits


    Additional secure pumppay benefits1

    Built in Contactless Reader is included which future proofs your investment

    Simplify management and customer interface by having the same system at all pumps.

    Additional Secure PumpPAY Benefits


    Secure pumppay vs other pci options

    Secure PumpPAY vs. other PCI options


    What are all of my options for pump security

    OPTION

    OPTION

    OPTION

    OPTION

    1

    2

    3

    4

    What are all of my options for pump security?

    Replace Dispenser with new product that features PCI EPP

    Very costly

    Replace only the Keypad with PCI EPP

    Replace the Keypad and Card Reader with PCI EPP and Secure Card Reader

    +

    Replace Keypad, Card Reader and Display with PCI approved integrated payment terminal


    Understanding the risks current scenario

    Understanding the Risks: Current Scenario

    Current Payment System Vulnerabilities

    Bug on MSR Cable – Capture Track Data

    Bug in MSR – Capture Track Data

    Debit Encryption

    PIN Pad

    Tampering – Capture Track Data and PIN

    Encryption

    Module

    (GSM, etc.)

    To Point of Sale

    Tap on Line – Capture PINs and Track Data


    Understanding the risks tdes only scenario

    Understanding the Risks: TDES-Only Scenario

    TDES-only vulnerabilities: Move encryption to the dispenser

    Bug on MSR Cable – Capture Track Data

    TDES Keypad – Debit encryption

    Bug in MSR – Capture Track Data

    PIN Pad

    Tampering – Capture Track Data and PIN

    Dummy GSM

    or Replaced

    To Point of Sale

    PIN’s Can NO longer

    Be captured here

    Tap on Line – Capture Track Data


    Understanding the risks epp scenario

    Understanding the Risks: EPP Scenario

    Encrypting PIN pad-only solution vulnerabilities

    Bug on MSR Cable – Capture Track Data

    Bug in MSR – Capture Track Data

    Tamper Resistance & Detection

    Dummy GSM

    or Replaced

    To Point of Sale

    PIN’s and

    Track Data

    Hard to capture

    Can STILL Capture

    Track Data

    Tap on Line – Capture Track Data


    Understanding risks epp secure card reader scenario

    Understanding Risks: EPP + Secure Card Reader Scenario

    EPP and Secure Card Reader Solution Vulnerabilities

    Can NOT Capture Track Data on cable

    Bug on MSR Cable – Capture Track Data

    Bug in MSR – Capture Track Data

    Tamper Resistance & Detection

    Dummy GSM

    or Replaced

    To Point of Sale

    PIN’s and

    Track Data

    Hard to capture

    Can STILL Capture

    Track Data

    Tap on Line – Capture Track Data


    Common customer misconceptions

    Common Customer Misconceptions


    Is fuel pump fraud really a problem am i really at risk

    In the last 2 years, there have been 24 fuel pump breaches reported

    At least 70 stations have reported their pumps were breached

    At least 800 consumers had their cards fraudulently used

    Estimates of the fraud amounts are over $1.5M, or $2,000 per card average

    Is fuel pump fraud really a problem? (Am I really at risk?)

    Petroleum retailers should be aware that the number of fuel pump breaches is increasing dramatically.

    • In the past three months, skimming at the pump has been reported in:

    Arizona

    California

    Delaware

    Florida

    Georgia

    Indiana

    Illinois

    Massachusetts

    Michigan

    Nevada

    New Jersey

    North Carolina

    Pennsylvania

    Texas

    Washington

    Wisconsin

    British Columbia

    Alberta

    Ontario

    Saskatchewan

    Africa

    India

    Australia

    United Kingdom


    Is fuel pump fraud really a problem am i really at risk1

    Is fuel pump fraud really a problem? (Am I really at risk?)

    • Data breaches more than doubled in 2008 first quarter

      • “Data breaches disclosed by Hannaford Bros Supermarket chain, GE Money, and Georgetown University are just some of the 167 breaches reported during the first quarter of 2008, according to the non-profit Identity Theft Resource Center.”

    Petroleum retailers should be aware that the number of fuel pump breaches is increasing dramatically.

    • "Using a credit card at a gas station could pose more of a risk for data theft than shopping online...petroleum and convenience retailers must react quickly to avert unnecessary exposure to fraud and the mitigation expense they will undoubtedly incur if left unchecked." — Gartner Inc. Analyst


    Is fuel pump fraud really a problem am i really at risk2

    Is fuel pump fraud really a problem? (Am I really at risk?)

    Most retailer breaches are NOT disclosed, Gartner says

    • While nearly half of U.S. retailers have been hit with some kind of information security attack, only a small percentage of them have actually reported breaches to their customers, research company Gartner reports.

    • In a new study based on interviews with 50 U.S. retailers, Gartner found that 21 of them were certain they had a data breach. However, just three of the retailers had disclosed the incident to the public. (Only 14% of breaches.)

    Petroleum retailers should be aware that the number of fuel pump breaches is increasing dramatically.

    If this is true, then the ACTUAL number of fuel pump breaches may be:

    • 500+ fuel dispensers breached

    • Almost 6,000 consumers with fraudulent transactions

    • Over $10M in fraudulent transactions


    Is there a difference between pci vs tdes

    Is there a difference between PCI vs. TDES

    Other companies are saying all I need to do to meet PCI mandates is install a TDES keypad, is that true?

    The only current requirement is TDES encryption at the fuel dispenser beginning on July 1, 2010. That only encrypts PINs and does nothing to protect your customers card data and your business from data thieves.


    One option i will just stop taking debit at the pump

    One option: I will just stop taking Debit at the pump

    Can’t I just stop accepting PIN Debit at the pump?

    Yes, but turning off debit has two key risks:

    • Most Card Association Merchant Services Agreements require merchants to accept debit along with all other forms of card payments.

    • Debit usage by consumers is high at fuel stations and the trends are that debit usage will continue to grow. You will likely lose customers in addition to lost sales.


    Its too expensive how can i pay for secure pumppay

    OPTION

    OPTION

    OPTION

    1

    2

    4

    Its too expensive. How can I pay for Secure PumpPAY?

    FINANCE

    No. Pumps 2 4 6 8

    Monthly Finance $220 $440 $660 $880

    Price

    LEASE

    No. Pumps 2 4 6 8

    Monthly Lease $210 $420 $630 $840

    Price

    RENT

    No. Pumps 2 4 6 8

    Monthly Rental $1,500 $3,000 $4,500 $6,000

    Down payment

    Monthly Rental $168 $336 $504 $672


    What about new standards

    What about new Standards?

    What about new standards that may be coming out? What else do I need to do to protect my business?

    Secure PumpPAY was designed for the European market; it already includes the advanced security features that are being added to the next set of PCI requirements.


    Will i also need software upgrades

    Will I also need software upgrades

    Will I have to upgrade my other software to work with Secure PumpPAY?

    Probably not, most customer locations are already on a POS application software release that is compatible with Secure PumpPAY


    Creating display content

    Creating Display Content

    How can I take advantage of the new display? Will I need to hire a marketing company to create ads and promotions for me?

    No, Secure PumpPAY includes a tool to load graphical content to the display that anyone can use. It is windows-based and features drop and drag functionality.


    Creating display content1

    Creating Display Content

    Do some graphics come with the unit?

    Yes, your Secure PumpPAY unit will come with a graphics library that includes instructional messaging and some promotional messages


    What do i get when i buy secure pumppay

    What do I get when I buy Secure PumpPAY

    • Secure PumpPAY consists of TWO components

      • Payment terminal and accessories

        • OP4100 Payment terminal

        • VeriFone Interface Board (VIB)

        • Power Supply

        • Thermal Printer

        • Cable assembly kit

      • Dispenser door assembly kit

        • Door frame

        • Hinges, locks, mounting brackets

        • Dispenser-specific connectorized cable harness

    • Help Desk included for the first year

    • On-Site Maintenance service provides extended warranty coverage


    Dispenser models supported

    Dispenser Models Supported

    Secure PumpPAY options are currently available for:

    • Gilbarco Advantage series

    • Dresser-Wayne Vista series

    • Tokheim Premier

      • B- series

      • C- series

      • MMD series

    • Bennett Pacific series

      Additional options are planned for 2009 including:

    • Gilbarco Encore series

    • Dresser-Wayne Ovation series

    • Others [based on customer need]

      • Schlumberger 4000 and Centurion


    What you can expect during installation

    What you can expect during Installation


    The installation process

    The Installation Process

    Most work will be done at the Installers service location

    Pre-installation or staging activities include:

    • Loading the OpenPAY application

    • Loading of the Debit keys

    • Loading of any graphic content you would like and have provided

    • Assembly of the Payment terminal and printer into the door frame assembly

      During the day the equipment is being installed

    • The installer will only turn down half of the dispensers at a time

      • You will still be pumping fuel from the remaining dispensers

    • The old equipment is removed

    • Pre-assembled devices will be installed

    • The new door frame assembly will be installed

    • Technician tests the POS to new equipment connection

    • New equipment is activated and now processing payments

      *The above process is repeated for the other half of the dispensers


    Gilbarco advantage fuel dispenser after installation

    Gilbarco Advantage Fuel Dispenser after Installation

    Before

    After


    Tokheim premier b fuel dispenser after installation

    Tokheim Premier B Fuel Dispenser after Installation

    Model 333B with MMD pictured

    After

    Before


    Tokheim premier c fuel dispenser after installation

    Tokheim Premier C Fuel Dispenser after Installation

    After

    Before


    Wayne vista fuel dispenser after installation

    Wayne Vista Fuel Dispenser after Installation

    Before

    After


    Bennett pacific fuel dispenser after installation

    Bennett Pacific Fuel Dispenser after Installation


    Installation complete

    Installation Complete

    Secure PumpPAY processing transactions


    Servicing secure pumppay

    Servicing Secure PumpPAY

    • Secure PumpPAY includes an initial 1 year parts warranty and also includes a one year Help Desk support agreement

    • Extended warranties up to five years can be added to include On-Site Maintenance

    • Servicing of the Secure PumpPAY units will be done by the same VASC technicians who currently provide service to your location


    Removing old dcrs return maintenance savings

    Removing old DCRs return Maintenance savings

    • Costly to maintain components are removed

      • All of the items below are removed when installing Secure PumpPAY eliminating the need to service or maintain these costly parts:

        • CRIND Logic, printer and display boards and power supplies

        • Debit Security modules (GSM’s, TED’s, DSM’s, etc)

        • Card Reader firmware

    • Improved graphics downloading

      • With Secure PumpPAY, you also improve the graphics download time 5 minutes with SPP vs. as much as 45 minutes in a typical VeriFone to CRIND scenario.

      • Results in less time your dispensers are offline!


    Rebranding no problem

    Rebranding? No Problem!

    • Servicers can request new encryptions keys for a nominal processing fee ($12 per key request)

    • The new encryption keys can be loaded in the field without having to remove the hardware

      • A significantly less costly proposition

    • Simplifies the process in changing card processing networks


    Secure pumppay the only secure payment solution

    Secure PumpPAY: the only Secure payment solution

    Questions?

    For the latest information, check out http://www.securepumppay.com


  • Login