Secure Retail Payments Web Portal Brought to You by VeriFone
Secure Retail Payments Home Page Payment Security News Payment Security Resources
Payment Security Links Contact VeriFone VeriFone Retail Payments Conference 2007 VeriFone Corporate Web Site
Resources

VeriFone continually evolves its payment solutions to keep up with security standards and mandates, helping our customers to stay up and running. Our payment platforms support the world's most stringent security standards, extending peace of mind to the point of sale. In fact, VeriFone conforms to industry standards and mandates often well before we are required to do so.

This page contains resources you can use to help ensure that your organization implements and maintains the highest possible levels of payment solution security. We will continually update this page to provide you with best practices information available nowhere else, industry updates and presentations to help you run your business, and information on new payment security products and services from VeriFone.

  • VeriShield Protect - Protecting Customer Data - Unfortunately, being PCI DSS compliant doesn’t necessarily mean that a payment network is 100% secure. That’s why VeriFone is proud to introduce VeriShield Protect, a reliable solution for secure data encryption. Only from VeriFone. Click here to access an informative PowerPoint presentation detailing this new solution.
  • VISA PABP Validated Applications - As of March 31, 2008 - The following List of Validated Payment Applications have been assessed for compliance with the Payment Application Best Practices (“PABP”). Click here to view this document in its entirety.
  • PA-DSS Changes from PABP - The Payment Application Data Security Standard has evolved from VISA’s Payment Application Best Practices (PABP). The attached document outlines the changes between the two programs. Click here to view this document in its entirety.
  • Payment Application Data Security Standard Requirements - The requirements for the Payment Application Data Security Standard (PA-DSS) are derived from the Payment Card Industry Data Security Standard (PCI DSS) and the PCI DSS Security Audit Procedures. Click here to view this document in its entirety.
  • PA-DSS Program Overview - The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, other sensitive authentication data or PIN data, and ensure their payment applications support compliance with the PCI DSS. PA-DSS requirements apply to payment applications that are sold, distributed or licensed to third parties. Click here to view this document in its entirety.
  • PCI Security Standards Council Documents - The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has released three PCI DSS documents to the public: the PCI DSS FAQ, Instruction Guidelines, and a presentation on Navigating the PCI DSS Requirements.
  • Important RiTA Security Notice: Payment Card Industry (PCI) Data Security Standard - Users of RiTA Server—VeriFone's enterprise-level software-based payment processing solutions—should download and carefully review this important document that addresses some of the latest security issues related to PCI.
  • American Express Data Security Operating Policy Request for Exception to Quarterly Scanning Requirement/ Self Assessment Checklist - Distributed by American Express: "This form is to be used by Level 2 merchants requesting an annual exception from providing Quarterly Network Scans in accordance with the American Express Data Security Operating Policy (DSOP). This form must be completed and signed by the Chief Executive Officer, Chief Financial Officer or Principal of the merchant identified below. American Express approval of this exception will expire one year from the approval date. You must renew your exception request annually with American Express to meet compliance requirements with the American Express DSOP."
  • What Should I Do About PCI Compliance? - The W. Capra Consulting Group has developed a useful guide entitled "What Should I Do About PCI Compliance?". W. Capra Consulting Group, Inc. is a consulting company focused on identifying, leading, integrating, and delivering retail and payment technology solutions to convenience, petroleum and retail businesses.
  • Safe without Wires: The Value of Securing Wireless Technologies - Today’s retailer uses wireless technologies everywhere. In the store, wireless devices have made for enhanced consumer experience, better customer service, and accurate, cost-effective transmission of transaction and inventory data.
  • Customer Data Security Benchmark Report 2008 - The Customer Data Security Benchmark was conceived from a growing practice within retail to collect consumer-specific information for the purpose of fine tuning merchandising strategies and to offer differentiating value to customers. The study is also based on a growing public concern about the privacy of personal information.
  • MasterCard POS PED Dates Update - The attached update was issued on October 1st, 2007 by MasterCard. It summarizes all of the dates surrounding PCI PED devices from MasterCard's point of view.
  • The 2007 Federal Reserve Payments Study - In 2006, electronic payments comprised over two-thirds of all noncash payments in the United States. Debit card payments now exceed credit card payments. Card payments alone comprised over half of all noncash payments. The number of check payments continued to decrease and did so at a more rapid rate than the previous three-year period. Moreover, check clearing is increasingly electronic. The attached 2007 Federal Reserve Payment Study includes these details and more about the changing payment acceptance in the United States.
  • VeriSign PCI Audit Tips - Issued by VeriSign.
  • 5 Strategies to Achieve PCI Compliance - Dennis Reedy, CTP, managing director, Treasury Operations, Indiana University and Walt Conway, Walter Conway Associates, have written an article titled "5 Strategies to Achieve PCI Compliance".
  • MasterCard Status EPP - Issued by MasterCard.
  • Understanding Risk Management in Emerging Retail Payments - Issued by the Federal Reserve Bank of New York.
  • VISA AFD PIN Security Presentation - Issued by VISA.
  • VISA Payment Application Security Mandates - Issued by VISA.
  • General PED Frequently Asked Questions - Issued by VISA.
  • FRAUD ALERT - NEW CARD SKIMMING DEVICE - Issued by the Peel Regional Police (Ontario, Canada).
  • Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement - The Center for Identity Management and Information Protection at Utica College has issued the attached report, " Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement."
  • VISA Security Brief on Wireless Network Vulnerability - The adoption of wireless technology is on the rise among participants in the payment industry – particularly retailers, many of whom use wireless technology for inventory control systems or checkout efficiency. Because wireless technologies have unique vulnerabilities, all users must carefully evaluate the need for the technology and understand the risks, as well as the security requirements, prior to deploying a wireless system.
  • VISA Security Alert - VISA issued a Security Brief to its members this week and has asked that it be forwarded to all customers. If you have any questions about the alert, how to make your POS system PCI DSS compliant, or how to remove critical customer data from your system, let us know and VeriFone will work with you to achieve compliance with these industry standards.
  • Payment Card Industry PCI Security Requirements - This document contains a complete set of requirements for the secure management, processing and transmission of Personal Identification Number (PIN) data during online and offline payment card transaction processing at ATMs, and attended and unattended point-of-sale (POS) terminals. These PIN security requirements were derived from existing Visa and MasterCard documentation and finalized by a working group formed by the major payment card organizations.
  • State Breach & Notification Laws - Crowell & Moring's Security Breach Table document, detailing the state laws governing security breach notification.
  • Transactions With Your Chip And PIN Terminal - To help all card-accepting businesses better protect themselves and their customers, APACS (the UK-based payment card association) has developed this advice guide to help minimise the chances of being targeted.
  • Mass Security Breach Act - Document from the House of Representatives of the state of Massachusetts: "An Act relative to security freezes and notification of data breaches".
  • Recommended Checklist for Integrated POS Devices - Protect your Pin Pad - Merchant Education Tool Kit Provided by Interac Association.
  • VISA Alert on Automated Fuel Dispenser Fraud - Organized crime rings are increasingly targeting merchants to obtain magnetic stripe data (“track data”) and Personal Identification Numbers (“PINs”). Recently, these attacks have focused on Automated Fuel Dispensers (“AFDs”) typically found at gasoline stations.
  • Hospitality Technology White Paper Series - Learn how to align PCI compliance with business processes for a more streamlined and reliable IT infrastructure with this whitepaper from the IT Compliance Institute, titled "Challenges and Opportunities of PCI".
  • Industry News Flash: PIN Pad Security Best Practices - VeriFone has compiled a list of PIN Pad Best Practices which go beyond current PCI requirements to offer additional protection against potential PIN pad tampering.
  • Industry News Flash: Payment System Security Best Practices - VeriFone has compiled a list of Payment Systems Security Best Practices for merchants.
  • Industry News Flash: PIN Pad Tampering - Update from VeriFone on the latest PIN Pad Tampering stories.
  • Best Practices for Point of Sale Security - The ATM Industry Association (ATMIA), of which VeriFone is a member, has published the Best Practices for Point of Sale Life Cycle Security to assist retailers in protecting consumer information at the point of sale.
  • Green Sheet Article Reprint - Download and read “PIN pad security: Get a grip” by Bulent Ozayaz, Vice President Marketing, North American Finance, VeriFone.
  • Secure Terminal Retirement - VeriFone offers a service to insure PIN pads are retired securely to prevent criminals from obtaining sensitive information, as well as devices to be used in tampering schemes. This service also offers an environmentally friendly method of recycling PIN pad components.
  • Terminal Security Audit - VeriFone’s Secure Terminal Audit service is designed to help retailers deter the criminal element by running either scheduled or random inspections on their credit card terminals and PIN pad devices.
  • Locking PIN Pad Stands - PIN pad Security Best Practices dictate that your payment terminals should be difficult to remove. In virtually all cases of PIN pad tampering today, criminals have removed the existing PIN pad and replaced it with a tampered one. The VeriFone PIN Pad Locking Stand can help deter this from happening. Diagrams of these stands may be downloaded here. For more information, contact your VeriFone Account Executive.
  • VeriFone PIN Pad Best Practices Presentation - Download the presentation from the VeriFone PIN Pad Best Practices Webinar first held on February 26th and repeated on March 23rd.
  • PCI Requirements: Protecting Cardholder Data - Download this presentation presented at the Radiant/ Counterpoint User's Conference in February.
VeriFone's VeriShield Protect