In addition to the obvious benefits of encrypting cardholder data throughout a retailer’s enterprise, VeriShield Protect can assist retailers in improving the security of their systems and achieving PCI DSS compliance in many other ways.
While the PCI DSS requirements to not require cardholder data to be encrypted across private networks, retailers are challenged to maintain compliance with PCI DSS, and protection against breaches, 24x7 across their vast geographically disperse networks. Exploiting gaps in compliance or other weaknesses in retailers’ systems, criminals have been able to install Malware on retailers’ systems to capture cardholder data in transit. In the cat and mouse game of data theft and data protection, most retailers realize now that they need to protect cardholder data at all points in their systems, including data in motion during the authorization approval process. To protect cardholder data in transit, retailers often turn to solutions other than end to end encryption, like SSL connections between devices or software-based encryption schemes within their POS systems.
This presents challenges for many retailers however. Retailers with any of the following issues may find it difficult, if not impossible to provide the additional cardholder data protection they desire to properly protect their customers from the impact of a data breach. These challenges include:
· Retailers with older POS platforms
· Retailers who have mixed POS systems across their chain
· Retailers who are planning POS system upgrades in the next year or two
· Retailers who use public broadband networks for store communications
· Retailers with franchisees that make implementation of common systems difficult
The VeriShield Protect end to end encryption solution can overcome all of these challenges with a minimum of effort or disruption to the existing POS and store systems infrastructure.
Older systems with low processing bandwidth often cannot handle the processing overhead required to support encrypting communications between both the payment terminal and POS terminal, and between the POS terminal and the store server or host computer with SSL. In addition, older payment terminals and the DOS-based POS systems that are still installed usually cannot support SSL at all. VeriShield Protect, which does the encryption in the tamper-resistant security module (TRSM) within the payment terminal, overcomes the SSL limitation of older systems. And because VeriShield Protect uses Format Preserving Encryption (FPE), no changes are required to the POS systems in order to implement it.
Another challenge retailers are often faced with is the need to support multiple POS systems across their stores – due to store or chain acquisitions, different POS systems in different brands, or multi-year POS upgrades, often tied to store remodels. The challenge is the potential cost of implementing a data in transit protection scheme multiple times across each platform. Again, the Format Preserving Encryption of
VeriShield Protect solves this problem because it can be implemented across different POS systems without the need to change the POS system software.
In a similar fashion, VeriShield Protect can solve the challenge retailers who plan to upgrade their POS system in a few years face. These retailers are often reluctant to implement changes on their existing POS systems knowing the life of a project like this will be short, and they may prefer to use their resources getting a new POS system ready to deploy. Because VeriShield Protect can be implemented without any required POS changes, it is a great solution for retailers who want to protect their current system today, and then use the same solution for their new POS system in the future.
While most retailers use private networks, many find that using the public broadband infrastructure meets their requirements. PCI DSS requires that cardholder data which traverses public networks must be encrypted. VeriShield Protect with its transaction monitoring capability and its and secure key management functionality is an excellent way to meet this requirement without any impact on POS systems.
Retailers with franchise operators often face the most challenges of all. They may have multiple POS systems used by their operators and different systems they use in corporate stores. It is not uncommon for these retailers to have some operators access their network over a public broadband architecture. And finally, getting all of the franchise operators to implement common POS or store systems at the same time is usually impossible. By implementing a common payment terminal across all corporate and franchise locations that supports VeriShield Protect, retailers with franchise locations can insure that their customers’ cardholder will be protected whether they pay in a corporate or franchise owned store.
VeriShield Protect solution provides a wide range of benefits for all entities in the payment chain.
First, VeriShield Protect allows retailers to cost-effectively address three of the most difficult and expensive PCI DSS requirements.
· Requirement 3: Protect stored cardholder data
· Requirement 4: Encrypt transmission of cardholder data across open, public networks
· Requirement 5: Restrict physical access to data
Among the other key benefits are:
· Cardholder data is never exposed in the clear in the POS Environment
· Real-time monitoring improves encryption compliance and reduces the impact of costly audits, loss-prevention methods, and potential breaches
· There’s little or no impact on current POS systems and payment networks—no degradation of performance, and no changes required for most existing software
· BIN range checking continues to function as is, and nonpayment cards can be processed without encryption, if desired
· Cardholders are not impacted
For more information about VeriShield Protect and End-to-End Encryption, visit our web site www.verifone.com/verishield and download two white papers: “Protecting Cardholder Information: The Elusive Goal” and “Understanding End-to-End Encryption.”
Wednesday, August 19, 2009
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment