Payment Security Opportunities for Leadership & Growth Jeff Wakefield

VeriFone Security Opportunities Pre-PED Product Market ChurnPre-PED Product Market Churn Reposition VeriFoneReposition VeriFone Sell Broader Array of SolutionsSell Broader Array of Solutions Become a ‘Trusted Advisor’Become a ‘Trusted Advisor’ Dominate the CompetitionDominate the Competition ProblemOpportunityProblemOpportunityProblemOpportunityProblemOpportunity

VeriFone PCI Solutions PIN PadsPIN Pads CountertopCountertop PortablePortable Multi-LaneMulti-Lane POSPOS UnattendedUnattended SoftwareSoftware

VeriFone PCI Product Dominance

Why VeriFone Supports Standards? VeriFone Has Resources to Support StandardsVeriFone Has Resources to Support Standards Industry BenefitsIndustry Benefits –Enables Better Overall Solution Development –Reduces Overall Implementation Industry Costs –Provides Confidence in the Payment Chain Retailer BenefitsRetailer Benefits –Reduces Integration Costs –Provides Higher Value Solutions –Reduces Proprietary Solutions –Reduces Risk of Data Breaches –Eases Payment Standards Compliance VeriFone Standards Participation PCI Security Standards Council IFSF PCATS: Chair – Payment Systems X9: ANSI Committee W3C: XML Schema Working Group XML Forms Initiative EBT, WIC, ECC

Why VeriFone Supports Standards? VeriFone BenefitsVeriFone Benefits –Raise Barrier to Market Entry –R&D Investment Builds Portfolio Advantages –Provides Opportunity to Become Security Vendor –Raises the Competitive Bar –Establish & Maintain Payment Leadership Position

VeriFone Security Leadership As Industry Leader It Is Our Responsibility to Solve Industry ProblemsAs Industry Leader It Is Our Responsibility to Solve Industry Problems –Member of PCI Security Standards Council Board of Advisors –Published PIN PAD Security Best Practices –Secure Retail Payments Website –Payment Security Newsletter –Retail Payments Security Conference –New Products & Services

PIN Pad Security Best Practices PIN PAD Security Best Practices 1.Weekly Visual Terminal Inspections 2.Serial Number Validation 3.Monitor Pin Pad Problems 4.Secure Terminal Storage 5.Terminal Asset Tracking 6.Repair Technician Verification & Log 7.Mount PIN Pads Securely to Counter 8.Electronic Serial Number Validation 9.Change Default PIN Pad Password 10.Purchase From Authorized Sources 11.Use Authorized Repair Centers 12.Develop a Response Plan! There is a Gap in PIN Pad SecurityThere is a Gap in PIN Pad Security Need Better PIN Pad ControlsNeed Better PIN Pad Controls –Physical Control –Logical Control –Access Control

VeriFone Secure Retail Payments

to Secure Retail Payments Newsletter

Retail Payments Conference

New Security Products & Services Compliance Reporting - TrustwaveCompliance Reporting - Trustwave Compliance Monitoring - ArcSightCompliance Monitoring - ArcSight Secure Terminal RetirementSecure Terminal Retirement Terminal Security AuditTerminal Security Audit Tamper Resistant ShippingTamper Resistant Shipping Locking PIN Pad StandLocking PIN Pad Stand Payment ProductPayment Product $

Need To Eliminate Skimming Consumers Handing Their Cards to Clerks & Waiters Remains a ProblemConsumers Handing Their Cards to Clerks & Waiters Remains a Problem As An Industry We Need to Either:As An Industry We Need to Either: –Develop Solutions and Operating Rules to Eliminate Card Handover Or Or –Make The Information Obtained by Criminals Not Valuable

Degree of Security RetailRestaurantPetro Fuel Dispenser Organized Crime Focus 0% 100% “Using a credit card at a gas station could pose more of a risk for data theft than shopping online, as point-of-sale (POS) terminals at the pump have emerged as a weak link in the security chain” - Gartner Group Fuel Pump Fraud Increases

“Secure PumpPAY” Launch at NACSLaunch at NACS OP4100 & PrinterOP4100 & Printer Retrofit Kits for PumpsRetrofit Kits for Pumps PAYware Device & ContentPAYware Device & Content 900,000 Million Fuel Points900,000 Million Fuel Points TDES by 2010TDES by 2010

PCI’s Biggest Shortcoming Our System Requires Sensitive DataOur System Requires Sensitive Data We Are Building Higher Walls & Wider MoatsWe Are Building Higher Walls & Wider Moats As Long As The Gold is There, Criminals Will Target Retail LocationsAs Long As The Gold is There, Criminals Will Target Retail Locations An Industry-wide Initiative is Required to Eliminate Data That Has Criminal ValueAn Industry-wide Initiative is Required to Eliminate Data That Has Criminal Value

Merchant Compliance Issue Store Back Office Payment Processor In-store LAN Home Office WAN Consumer Facing Devices POS Local Area Network POS Cash Register Home office Server Enterprise Wide Area Network Store Back Office Server Must Protect:

Retailer’s PCI DSS Challenge PCI DSS compliance issues will continue to evolve and as such, represent an ever-increasing cost for Retailers to remain compliant with current industry standards.PCI DSS compliance issues will continue to evolve and as such, represent an ever-increasing cost for Retailers to remain compliant with current industry standards. As long as Consumer Card data resides in Retail Systems, organized crime will continue to focus their data breach efforts on Retailers to obtain that valuable Card data.As long as Consumer Card data resides in Retail Systems, organized crime will continue to focus their data breach efforts on Retailers to obtain that valuable Card data. The solution lies in protecting Consumer Card data before it enters the Retailers payment systems for processing.The solution lies in protecting Consumer Card data before it enters the Retailers payment systems for processing.

PCI Compliance: The Elusive Goal Successful compromises of customer card data are increasing.Successful compromises of customer card data are increasing. The costs associated with these compromises are extremely highThe costs associated with these compromises are extremely high Retailers have the responsibility to protect critical consumer data and are dependent on a number of disparate systems for their POS and EFT solution.Retailers have the responsibility to protect critical consumer data and are dependent on a number of disparate systems for their POS and EFT solution. Costs associated with the changes to these disparate payment systems required to protect this data impact the retailer several ways:Costs associated with the changes to these disparate payment systems required to protect this data impact the retailer several ways: –Certification Cost –Manpower –Opportunity Cost (usurp other projects) Certification costs associated with PCI DSS compliance are expensive and very time consuming and resource intensive.Certification costs associated with PCI DSS compliance are expensive and very time consuming and resource intensive.

The VeriShield DSS™ Solution VeriShield DSS™protects Retailers by encrypting Consumer Card data before it enters the Retailers pos & payment systems Encrypt critical card data in the PIN Pad/TerminalEncrypt critical card data in the PIN Pad/Terminal Completely “cloaks” critical information that protects Mag Stripe data, even if it ends up in the wrong handsCompletely “cloaks” critical information that protects Mag Stripe data, even if it ends up in the wrong hands No changes required at the POS … transaction “Looks” exactly the same to POS but Consumer Card data is completely protected.No changes required at the POS … transaction “Looks” exactly the same to POS but Consumer Card data is completely protected. Few (if any) changes are required at the Retailers host for decryption, depending on the Retailers environmentFew (if any) changes are required at the Retailers host for decryption, depending on the Retailers environment Solution supports cost savings measures offered by PIN encouragement/BIN Management without compromiseSolution supports cost savings measures offered by PIN encouragement/BIN Management without compromise

How it works in the terminal When a card is read, unique algorithms encrypt card data while preserving essential portions for specific purposesWhen a card is read, unique algorithms encrypt card data while preserving essential portions for specific purposes –ISO Prefix for PIN Encouragement –Last 4 digits for receipt printing –DUKPT V eri- S hield

VeriShield DSS™ Magstripe Encryption Store Back Office Payment Processor In-store LAN Encryption Gateway WAN VeriShield™ DSS VeriShield™ Encrypted Cardholder Information Outside of Merchant Enterprise Responsibility to Manage Secret Keys Outside of Retailers Enterprise

VeriShield DSS™ Benefits VeriShield easily secures critical Consumer Card data even if compromisedVeriShield easily secures critical Consumer Card data even if compromised No changes required to the Retailer POS for easy and quick implementationNo changes required to the Retailer POS for easy and quick implementation Instantly achieves a higher standard of security with little if any developmentInstantly achieves a higher standard of security with little if any development Reduces efforts to become and maintain for PCI DSS complianceReduces efforts to become and maintain for PCI DSS compliance Positions VeriFone as the Leader in Secure Payment SolutionsPositions VeriFone as the Leader in Secure Payment Solutions

VeriFone As A Trusted Advisor Recurring Business Increasing Margins Sales Level Commodity-Based Project-Based Consultation-Based Trusted Advisor

Thank You

PAY at the Table Mobile Payments America’s Growth Opportunities WirelessSecurity PCI Compliance Contactless Contactless is paving the road for Mobile Phone Payments and Consumers will finally “get it” VeriFone is already delivering this infrastructure Bringing secure payments & PIN debit to the table has real benefits VeriFone has solutions at the ready for any size restaurant Security is an enormous issue for issuers, acquirers and merchants VeriFone is taking on the role of Trusted Advisor and is delivering comprehensive products and solutions