SlideShare a Scribd company logo

Out of Scope Whitepaper

Mark Moreno
Mark Moreno

Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV: What you need to know by Mike English Executive Director, Product Development Heartland Payment Systems

Business
1 of 6
Download to read offline
© 2015 Heartland Payment Systems, Inc. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. January 2015 Mike English Executive Director, Product Development Heartland Payment Systems What you need to know Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV:
Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 2 EMV Is Here and Is Costly to VARs, ISVs and Businesses with “Homegrown” POS With EMV1 timelines quickly approaching for the restaurant, retail, petro and convenience industries, POS system providers, pump providers, merchants and businesses are preparing for the October 2015 liability shift for in-store systems and the October 2017 liability shift for automated fuel dispensers (AFDs). As businesses become acquainted with EMV and the necessary system enhancements to support EMV, they soon learn that EMV can be a time-intensive and costly endeavor. In a traditional configuration, after integrating EMVCo- certified payment peripherals and updating systems to accept and manage EMV transactions, the merchant or vendor will connect to the acquirer or processor’s certification environment, which is linked to the EMV certification test systems for Visa, MasterCard, American Express and Discover. Using an EMVCo-certified Level I and II device, the vendor or merchant will need to run about 120 test transactions for contact EMV and 150 test transactions for EMV contactless to obtain certifications. For a POS system, costs include the first contact-only EMV POS certification fees, plus any fees charged by a processor to support the certification. This does not include the cost of EMV transaction management code development, POS upgrades, installation, or other necessary expenditures. Optimistically, the time frame to code, test and certify for EMV is more than seven and a half months. However, the initial development and certification will likely take longer because of the intricacies in online and offline PIN management that take time to code and test. Also, many parts of this certification process and cost need to be repeated for each processor and each card brand to which the POS system certifies. To a degree, each POS or AFD configuration must also be repeated. The time frame indicated includes only EMV credit because open questions related to EMV debit haven’t been resolved by the industry. The cost for EMV certification is staggering—tens of thousands of dollars. 1 EMV stands for Europay, MasterCard and Visa, a global standard for   interoperation of integrated circuit cards (IC cards or “chip cards”) and IC   card-capable point-of-sale (POS) terminals and automated teller machines   (ATMs), for authenticating credit and debit card transactions. There are four major concerns every Value-Added Reseller (VAR), Independent Software Vendor (ISV), and businesses with “homegrown” POS systems that accept cards has today: ƒƒ The high cost of achieving and maintaining PCI, specifically PA-DSS validation and compliance ƒƒ Keeping current with changes in payment technology and mandates ƒƒ The risk of having your customers’ card data hacked/stolen ƒƒ The high cost and complexity of developing and certifying EMV Heartland has solutions for VARs, ISVs and businesses accepting cards that eliminate the risk of stolen data and eliminate a POS system’s PA-DSS scope as well as pave a road to seamlessly implementing EMV. This paper offers third-party POS providers, VARs, ISVs, and businesses with “homegrown” payment acceptance the information they need to manage cost and compliance.
Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 3 There Is a Better Road to EMV Fortunately, there is a way to eliminate the cost, time and complexity of EMV development and compliance. While not new, an Out-of-Scope approach to in-store payment has taken on new value as a solution for EMV acceptance and as a way to take a POS system out of PA-DSS scope. In a traditional POS system configuration, the PIN pad is directly connected to the POS system and sends the payment information to the POS for authorization. The POS system receives the authorization back from the acquirer or processor and concludes the transaction. In this configuration, the POS system is in PCI PA-DSS scope and the POS system is responsible for EMV certifications. Traditional Payment Configuration Out-of-Scope Configuration In an Out-of-Scope configuration, the PIN pad or signature capture/PIN pad receives a prompt from the POS system to start payment acceptance, and instead of sending the payment information to the POS, the PIN pad sends the transaction directly to the acquirer for approval. In this configuration, manual entry can be done on the PIN pad to keep the POS system out of PA-DSS scope. The PIN pad receives the authorization response back from the acquirer or processor and passes it on to the POS system. This configuration takes the POS system out of the payment authorization process. The POS is notified of the transaction, but no cardholder data is sent to the POS, thus taking the POS system out of PA-DSS scope. Heartland Payment terminal sends cardholder data to POS system 1 POS sends transaction data (cardholder data) to processor Processor returns authorization response to POS system 2 3 POS Terminal POS System is in scope for PCI PA-DSS POS System is out of scope for PCI PA-DSS Heartland POS Terminal POS system sends request to EMV terminal for payment acceptance EMV terminal sends transaction request (cardholder data) directly to processor for authorization 1 Processor returns authorization— terminal passes response to POS system to finish transaction 2 3 or or
Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 4 Getting and Staying PCI Out of Scope An Out-of-Scope configuration eliminates the POS system’s PCI scope, specifically PA-DSS2 scope. When payment services are provided as part of the POS system, the POS system provider incurs costs to become PA-DSS validated as well as continual costs to maintain card brand mandates. In the case of an Out-of-Scope configuration, PCI scope is maintained by Heartland and our solution partners, alleviating that burden from the POS system. ƒƒ Eliminates POS system’s PA-DSS scope by removing acceptance and management of card data ƒƒ The VAR or ISV’s scope is eliminated if all card acceptance and processing are completed at the acceptance device ƒƒ Without card data, the POS is no longer considered a payment application Eliminating card data does not take a merchant out of PCI scope, but does significantly reduce their PA-DSS scope. The merchant’s PCI scope is reduced when encrypting card data and eliminating PA-DSS. The number of PCI SAQ P2PE-HW questions to which a business need to respond from 230 to 18!4 For businesses with an in-house POS solution, Heartland Secure and an Out-of-Scope configuration take major portions of your infrastructure out of PA-DSS scope and minimize PCI compliance to the very basics of perimeter security. Providing that the business no longer has access to any clear text card data, overall PCI scope and associated costs are reduced by 70-80%. 2 Payment Application Data Security Standard (PA-DSS) is a set of requirements that   are intended to help software vendors develop secure payment applications that   support PCI DSS compliance. 3 http://pciguru.wordpress.com/2010/04/10/open-source-pa-dss-certification/ 4 http://pcisecuritystandards.org/documents/PCI_SAQ_P2PE-HW_v2.pdf The value of an Out-of-Scope configuration for a POS provider and the merchant is immense. When integrating EMV support with acquirers and processors, third parties and merchants incur a high cost per endpoint to become EMV-certified. The Out-of-Scope configuration eliminates the need for the POS system to code for EMV, as well as removes the need to certify the POS system to the card brands for EMV. Why? Whoever wrote the payment application residing on the PIN pad in an Out-of- Scope configuration is responsible for EMV certification. The POS system may still need to be certified to the acquirer or processor, but the process takes far less time and not for EMV. The POS system simply makes calls to the payment device to begin the payment acceptance process. Seamlessly Implementing EMV Has Immense Payback ƒƒ Our Out-of-Scope offerings eliminate the need for POS systems to develop for EMV acceptance and incur card brand certification costs ƒƒ Speeds time to market and greatly reduces development costs associated with EMV support ƒƒ Eliminates the POS systems’ need to support current and future payment mandates ƒƒ Solution can get VARs, ISVs and businesses with a “homegrown” POS system to market with an EMV solution quicker than their competitors “…most PA-DSS certifications cost at least $30,000 or more depending on the complexity of the application and the number of platforms involved…”3
Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 5 The vast majority of breaches occurred at businesses with fewer than 1,000 employees. The average cost per breach for an SMB is up to $500,000, forcing many out of business. Heartland Secure protects a business and their customers’ card data from breaches through end-to-end encryption, EMV and tokenization. Heartland Secure At the core of this powerful PCI avoidance offering—and seamless manner of implementing EMV—is Heartland Secure. Heartland Secure consists of E3 end-to-end encryption, EMV and tokenization. It eliminates PCI scope by encrypting card data within a secure acceptance, thus taking the card data out of the transaction and the business’s ecosystem. Heartland Secure is what PCI was meant to be—helping merchants and businesses manage the risk of payment acceptance through the removal of card data from the merchant’s network. Heartland Secure. No card data. No risk. Encryption’s Impact on PCI Scope Reduction Heartland Secure and our Out-of-Scope solutions do not remove a merchant from the requirement to be PCI compliant. A merchant is responsible to validate compliance to their acquirer, often through a qualified QSA or ISA. As stated earlier, the merchant’s PCI scope is greatly reduced when encrypting card data and eliminating PA-DSS. These actions reduces the number of PCI SAQ P2PE-HW questions to which a business needs to respond from 230 to 18! It is important to note that PCI DSS always applies to any and all merchants that accept card data. All applicable PCI DSS requirements for card data in scope apply if the following is true: ƒƒ If encrypted cardholder data is stored on a system, media or environment that also contains the decryption key ƒƒ If encrypted data is accessible to an entity that also has access to the decryption key When Is Encrypted Cardholder Data Out of Scope? Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable in order to meet PCI DSS Requirement 3.4. The PCI SSC states, “Encrypted data may be deemed out of scope if, and only if, it has been validated by a QSA or ISA that the entity that possesses encrypted cardholder data does not have the means to decrypt it.” If a merchant encrypts cardholder data but does not possess the means to decrypt it, the cardholder data is not considered in scope once it has been encrypted. The best means to encrypt cardholder data is within a terminal or PIN pad that is PCI PIN Transaction Security (PTS) certified. ƒƒ An encrypted PAN is still defined as cardholder data and in scope for PCI DSS compliance if the merchant has access to key and ability to decrypt data ƒƒ If a merchant has no ability to decrypt encrypted data, the encrypted data is not card data and is NOT in scope of PCI ƒƒ Systems that transmit, process and store such encrypted data are not in scope ƒƒ Encryption removes clear text card data at point of entry to eliminate PCI scope risk ƒƒ By removing clear card data from the merchant’s environment, the opportunity for monetization of the card data is also eliminated
Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 6 5 https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_  Info_Supplement.pdf 6 https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_  Info_Supplement.pdf Tokenization’s Impact on PCI Scope Reduction Tokenization, which is a way of replacing sensitive data like credit card numbers with tokens, is one of the data protection and audit scope reduction methods that is recommended by PCI DSS.5 The use of tokens for post-authorization operations such as returns, chargebacks, recurring payments, sales reports, analytics or marketing programs eliminates the storage of the PAN and subsequent use of the PAN. Tokenization takes applications and systems for these business processes out of PCI scope. However, per the Information Supplement: PCI DSS Tokenization Guidelines that were published by PCI in August 2011, “Tokenization solutions do not eliminate the need to maintain and validate PCI DSS compliance, but they may simplify a merchant’s validation efforts by reducing the number of system components for which PCI DSS requirements apply.”6 Per the PCI DSS Tokenization Guidelines, PCI Data Security Standard (PCI DSS), Version 2, published in August 2011: In PCI scope… ƒƒ All elements of the tokenization system and tokenization process, including de-tokenization and PAN storage, are considered part of the cardholder data environment (CDE) and are in scope for PCI DSS ƒƒ Any system component or process with access to the tokenization system or the tokenization/de-tokenization process is considered in scope Out of PCI scope are system components that... ƒƒ are adequately isolated from the tokenization system and the CDE ƒƒ store, process or transmit only tokens ƒƒ do not store, process, or transmit any cardholder data or sensitive authentication data ƒƒ may be considered outside of the CDE and possibly out of scope for PCI DSS Heartland’s Comprehensive Breach Warranty Unparalleled in the industry, Heartland is offering merchants the first-ever comprehensive breach warranty. Going beyond breach insurance, Heartland’s warranty protects businesses from being financially liable in case of a breach of card information. To be covered under the warranty, a business must have a Heartland Secure-certified device and process payments through Heartland. The Heartland breach warranty is straightforward. In the case of expenses incurred due to a data breach of card information, Heartland will reimburse the merchant for all costs, compliance fines and penalties a merchant must pay to the card brands, issuing bank or acquiring bank as well the amount paid for a directly related forensic audit conducted by a Qualified Incident Response Assessor. Summary As a leader in secure payment acceptance, Heartland has solutions for VARs, ISVs and businesses accepting cards that eliminate or reduce scope as well as pave the path to seamlessly implementing EMV. We are working with leading hardware vendors as well as strategic third parties to help reduce the cost, complexity and risk associated with PA-DSS compliance and EMV acceptance. Combined with Heartland Secure, our solutions, and our partners’ solutions, we help our customers to be more secure in knowing that Out of Scope is a reality and EMV does not need to be painful.

Recommended

Introduction to e-Commerce Payments
Introduction to e-Commerce PaymentsIntroduction to e-Commerce Payments
Introduction to e-Commerce PaymentsAri Viljakainen
 
MSP Sales & Operations Training Class 2009
MSP Sales & Operations Training Class 2009MSP Sales & Operations Training Class 2009
MSP Sales & Operations Training Class 2009PinnaclePaymentSolutions
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessFrank Steeneken
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSteve Abrams
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayNyros Technologies
 
Semi-Integrated Solution
Semi-Integrated SolutionSemi-Integrated Solution
Semi-Integrated SolutionTotal Merchant Services
 
IBM Payments Gateway
IBM Payments GatewayIBM Payments Gateway
IBM Payments GatewayKillian Delaney
 

Recommended

Introduction to e-Commerce Payments
Introduction to e-Commerce PaymentsIntroduction to e-Commerce Payments
Introduction to e-Commerce PaymentsAri Viljakainen
 
MSP Sales & Operations Training Class 2009
MSP Sales & Operations Training Class 2009MSP Sales & Operations Training Class 2009
MSP Sales & Operations Training Class 2009PinnaclePaymentSolutions
 
A Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessA Complete Model of the Payment Service Business
A Complete Model of the Payment Service BusinessFrank Steeneken
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksAnnMargaret Tutu (AMT)
 
Small_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSmall_Merchant_Guide_to_Safe_Payments
Small_Merchant_Guide_to_Safe_PaymentsSteve Abrams
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayNyros Technologies
 
Semi-Integrated Solution
Semi-Integrated SolutionSemi-Integrated Solution
Semi-Integrated SolutionTotal Merchant Services
 
IBM Payments Gateway
IBM Payments GatewayIBM Payments Gateway
IBM Payments GatewayKillian Delaney
 
EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale- Mark - Fullbright
 
Prepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementPrepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementMUDS Management & Strategic Services
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayHananBahy
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayAshraf Bashir
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
Payment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 UpdatePayment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 UpdateBurhan Khalid
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Danail Yotov
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech supportKristinajozy
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions Internationaljeanieaguilar
 
Ronghan Group how we works
Ronghan Group how we worksRonghan Group how we works
Ronghan Group how we worksRonghan Group
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASWayne Akey
 
EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to KnowTotal Merchant Services
 
Peter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online PaymentsPeter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online PaymentsCiklum Ukraine
 
The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020The Business Fame
 
eZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewayseZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewaysGraham Brookins
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayPiyush Dua
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentationAnurag Vikram
 
Direpay product note
Direpay product noteDirepay product note
Direpay product noteglobalsales123
 
CCAvenue Features Presentation
CCAvenue Features PresentationCCAvenue Features Presentation
CCAvenue Features PresentationPramod Ganji
 
Prepaid Payment Instrument
Prepaid Payment InstrumentPrepaid Payment Instrument
Prepaid Payment Instrumentnarendrainamdar
 
Affordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for RestaurateursAffordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for RestaurateursMark Moreno
 
Order Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US FoodsOrder Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US FoodsMark Moreno
 

More Related Content

What's hot

EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale- Mark - Fullbright
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayHananBahy
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testingAtul Pant
 
Payment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 UpdatePayment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 UpdateBurhan Khalid
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Danail Yotov
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech supportKristinajozy
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions Internationaljeanieaguilar
 
Ronghan Group how we works
Ronghan Group how we worksRonghan Group how we works
Ronghan Group how we worksRonghan Group
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASWayne Akey
 
Peter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online PaymentsPeter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online PaymentsCiklum Ukraine
 
The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020The Business Fame
 
eZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewayseZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewaysGraham Brookins
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayPiyush Dua
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentationAnurag Vikram
 
CCAvenue Features Presentation
CCAvenue Features PresentationCCAvenue Features Presentation
CCAvenue Features PresentationPramod Ganji
 
Prepaid Payment Instrument
Prepaid Payment InstrumentPrepaid Payment Instrument
Prepaid Payment Instrumentnarendrainamdar
 

What's hot (20)

EMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of SaleEMV Payments: Changes at the Point of Sale
EMV Payments: Changes at the Point of Sale
 
Prepaid Payments License - Muds Management
Prepaid Payments License - Muds ManagementPrepaid Payments License - Muds Management
Prepaid Payments License - Muds Management
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
Payment gateway testing
Payment gateway testingPayment gateway testing
Payment gateway testing
 
Payment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 UpdatePayment Gateways in Kuwait - 2014 Update
Payment Gateways in Kuwait - 2014 Update
 
Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...Payment gateway/payment service providers and future trends in mobile payment...
Payment gateway/payment service providers and future trends in mobile payment...
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech support
 
Pay Easy Solutions International
Pay Easy Solutions InternationalPay Easy Solutions International
Pay Easy Solutions International
 
Ronghan Group how we works
Ronghan Group how we worksRonghan Group how we works
Ronghan Group how we works
 
Payment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAASPayment Gateway Integration: Growth Strategy for SAAS
Payment Gateway Integration: Growth Strategy for SAAS
 
EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to Know
 
Peter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online PaymentsPeter Afanasiev - Architecture of online Payments
Peter Afanasiev - Architecture of online Payments
 
The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020The Most Recommended Fintech Solution Providers 2020
The Most Recommended Fintech Solution Providers 2020
 
eZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewayseZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment Gateways
 
Payment gateway
Payment gatewayPayment gateway
Payment gateway
 
Ccavenue presentation
Ccavenue presentationCcavenue presentation
Ccavenue presentation
 
Direpay product note
Direpay product noteDirepay product note
Direpay product note
 
CCAvenue Features Presentation
CCAvenue Features PresentationCCAvenue Features Presentation
CCAvenue Features Presentation
 
Prepaid Payment Instrument
Prepaid Payment InstrumentPrepaid Payment Instrument
Prepaid Payment Instrument
 

Viewers also liked

Affordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for RestaurateursAffordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for RestaurateursMark Moreno
 
Order Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US FoodsOrder Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US FoodsMark Moreno
 
Memorandum Opinion Sysco US Foods Merger / Acquisition
Memorandum Opinion Sysco US Foods Merger / AcquisitionMemorandum Opinion Sysco US Foods Merger / Acquisition
Memorandum Opinion Sysco US Foods Merger / AcquisitionMark Moreno
 
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAWSysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAWMark Moreno
 
The Facts; Busting the Grass-fed Beef Myths
The Facts; Busting the Grass-fed Beef MythsThe Facts; Busting the Grass-fed Beef Myths
The Facts; Busting the Grass-fed Beef MythsMark Moreno
 
Understanding the Different Kinds of Beef in the Marketplace
Understanding the Different Kinds of Beef in the MarketplaceUnderstanding the Different Kinds of Beef in the Marketplace
Understanding the Different Kinds of Beef in the MarketplaceMark Moreno
 

Viewers also liked (6)

Affordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for RestaurateursAffordable Care Act - Next Steps for Restaurateurs
Affordable Care Act - Next Steps for Restaurateurs
 
Order Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US FoodsOrder Granting Preliminary Injunction Sysco US Foods
Order Granting Preliminary Injunction Sysco US Foods
 
Memorandum Opinion Sysco US Foods Merger / Acquisition
Memorandum Opinion Sysco US Foods Merger / AcquisitionMemorandum Opinion Sysco US Foods Merger / Acquisition
Memorandum Opinion Sysco US Foods Merger / Acquisition
 
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAWSysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW
Sysco - US Foods PROPOSED FINDINGS OF FACT AND CONCLUSIONS OF LAW
 
The Facts; Busting the Grass-fed Beef Myths
The Facts; Busting the Grass-fed Beef MythsThe Facts; Busting the Grass-fed Beef Myths
The Facts; Busting the Grass-fed Beef Myths
 
Understanding the Different Kinds of Beef in the Marketplace
Understanding the Different Kinds of Beef in the MarketplaceUnderstanding the Different Kinds of Beef in the Marketplace
Understanding the Different Kinds of Beef in the Marketplace
 

Similar to Out of Scope Whitepaper

FreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityFreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityJeff Vogel
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of SaleTripwire
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process- Mark - Fullbright
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment SecurityTom Cooley
 
Why Payment gateway integration is important.pdf
Why Payment gateway integration is important.pdfWhy Payment gateway integration is important.pdf
Why Payment gateway integration is important.pdfIntegrated IT Solutions
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceNetcetera
 
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Stephanie Gutowski
 
Tokenization credit card processing
Tokenization credit card processingTokenization credit card processing
Tokenization credit card processingamericanusaa
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantMelanie Beam
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Merchants
 
Mako PCI Presentation
Mako PCI PresentationMako PCI Presentation
Mako PCI PresentationAdrian_Pearce
 
Your Reference Guide to EMV Integration:Understanding the Liability Shift
Your Reference Guide to EMV Integration:Understanding the Liability ShiftYour Reference Guide to EMV Integration:Understanding the Liability Shift
Your Reference Guide to EMV Integration:Understanding the Liability Shift- Mark - Fullbright
 
YESpay Corporate Presentation 2009
YESpay Corporate Presentation 2009YESpay Corporate Presentation 2009
YESpay Corporate Presentation 2009guest3e40ef
 
Credit card processing highrisk gateways
Credit card processing highrisk gatewaysCredit card processing highrisk gateways
Credit card processing highrisk gatewayshighrisk gateways
 
Play It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment TransactionsPlay It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment Transactions- Mark - Fullbright
 
eBook__1681292998.pdf
eBook__1681292998.pdfeBook__1681292998.pdf
eBook__1681292998.pdfAneeshKalra1
 
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADAEMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADAMONEXgroup
 

Similar to Out of Scope Whitepaper (20)

FreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_HospitalityFreedomPay_Whitepaper_Solutions_For_Hospitality
FreedomPay_Whitepaper_Solutions_For_Hospitality
 
emv-ebook
emv-ebookemv-ebook
emv-ebook
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
 
Why Payment gateway integration is important.pdf
Why Payment gateway integration is important.pdfWhy Payment gateway integration is important.pdf
Why Payment gateway integration is important.pdf
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote Commerce
 
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
Data Security, Fraud Prevention and PCI for Nonprofit Payment Processors in D...
 
Tokenization credit card processing
Tokenization credit card processingTokenization credit card processing
Tokenization credit card processing
 
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce MerchantECMTA 2009 PCI Compliance and the Ecommerce Merchant
ECMTA 2009 PCI Compliance and the Ecommerce Merchant
 
eCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain MediaeCommerce Summit Atlanta Mountain Media
eCommerce Summit Atlanta Mountain Media
 
Mako PCI Presentation
Mako PCI PresentationMako PCI Presentation
Mako PCI Presentation
 
Your Reference Guide to EMV Integration:Understanding the Liability Shift
Your Reference Guide to EMV Integration:Understanding the Liability ShiftYour Reference Guide to EMV Integration:Understanding the Liability Shift
Your Reference Guide to EMV Integration:Understanding the Liability Shift
 
YESpay Corporate Presentation 2009
YESpay Corporate Presentation 2009YESpay Corporate Presentation 2009
YESpay Corporate Presentation 2009
 
Credit card processing highrisk gateways
Credit card processing highrisk gatewaysCredit card processing highrisk gateways
Credit card processing highrisk gateways
 
Play It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment TransactionsPlay It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment Transactions
 
SBMS EMV Doc
SBMS EMV Doc SBMS EMV Doc
SBMS EMV Doc
 
eBook__1681292998.pdf
eBook__1681292998.pdfeBook__1681292998.pdf
eBook__1681292998.pdf
 
PCI Compliance Process
PCI Compliance ProcessPCI Compliance Process
PCI Compliance Process
 
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADAEMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
 

More from Mark Moreno

FTC Complaint Sysco US Foods Acquisition
FTC Complaint Sysco US Foods AcquisitionFTC Complaint Sysco US Foods Acquisition
FTC Complaint Sysco US Foods AcquisitionMark Moreno
 
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGY
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGYMEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGY
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGYMark Moreno
 
Pos Purchasing Tools
Pos Purchasing ToolsPos Purchasing Tools
Pos Purchasing ToolsMark Moreno
 
Bermar America Put a Sparkle into Wine by the Glass Sales
Bermar America Put a Sparkle into Wine by the Glass SalesBermar America Put a Sparkle into Wine by the Glass Sales
Bermar America Put a Sparkle into Wine by the Glass SalesMark Moreno
 
Restaurant Trends 2014 by Restaurant Briefing
Restaurant Trends 2014 by Restaurant BriefingRestaurant Trends 2014 by Restaurant Briefing
Restaurant Trends 2014 by Restaurant BriefingMark Moreno
 
Food & Water Watch Comment on Proposed Sysco US Foods Merger
Food & Water Watch Comment on Proposed Sysco US Foods MergerFood & Water Watch Comment on Proposed Sysco US Foods Merger
Food & Water Watch Comment on Proposed Sysco US Foods MergerMark Moreno
 
Opt4 Mobile Flyer
Opt4 Mobile FlyerOpt4 Mobile Flyer
Opt4 Mobile FlyerMark Moreno
 
SYSCO AND US FOODS MERGER
SYSCO AND US FOODS MERGERSYSCO AND US FOODS MERGER
SYSCO AND US FOODS MERGERMark Moreno
 
What Makes a Great Cheap Knife?
What Makes a Great Cheap Knife?What Makes a Great Cheap Knife?
What Makes a Great Cheap Knife?Mark Moreno
 
Therma-Tek Range Corporation
Therma-Tek Range CorporationTherma-Tek Range Corporation
Therma-Tek Range CorporationMark Moreno
 
Mercer Cutlery Catalog
Mercer Cutlery CatalogMercer Cutlery Catalog
Mercer Cutlery CatalogMark Moreno
 
Know your knives
Know your knivesKnow your knives
Know your knivesMark Moreno
 
Browne Foodservice Stainless Steel Can Opener
Browne Foodservice Stainless Steel Can OpenerBrowne Foodservice Stainless Steel Can Opener
Browne Foodservice Stainless Steel Can OpenerMark Moreno
 
Browne fs all in one bar caddy - np
Browne fs all in one bar caddy - npBrowne fs all in one bar caddy - np
Browne fs all in one bar caddy - npMark Moreno
 
Sweet Endings Desserts
Sweet Endings DessertsSweet Endings Desserts
Sweet Endings DessertsMark Moreno
 
Manage Your Frying Oil
Manage Your Frying OilManage Your Frying Oil
Manage Your Frying OilMark Moreno
 
Clair de Lune Restaurant Proposal
Clair de Lune Restaurant ProposalClair de Lune Restaurant Proposal
Clair de Lune Restaurant ProposalMark Moreno
 
Kitchen Service Cookware
Kitchen Service CookwareKitchen Service Cookware
Kitchen Service CookwareMark Moreno
 

More from Mark Moreno (20)

FTC Complaint Sysco US Foods Acquisition
FTC Complaint Sysco US Foods AcquisitionFTC Complaint Sysco US Foods Acquisition
FTC Complaint Sysco US Foods Acquisition
 
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGY
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGYMEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGY
MEET THE REVOLUTIONARY VENDING MACHINE WITH TOUCHSCREEN TECHNOLOGY
 
Pos Purchasing Tools
Pos Purchasing ToolsPos Purchasing Tools
Pos Purchasing Tools
 
Bermar America Put a Sparkle into Wine by the Glass Sales
Bermar America Put a Sparkle into Wine by the Glass SalesBermar America Put a Sparkle into Wine by the Glass Sales
Bermar America Put a Sparkle into Wine by the Glass Sales
 
EnerG² Concept
EnerG² ConceptEnerG² Concept
EnerG² Concept
 
Restaurant Trends 2014 by Restaurant Briefing
Restaurant Trends 2014 by Restaurant BriefingRestaurant Trends 2014 by Restaurant Briefing
Restaurant Trends 2014 by Restaurant Briefing
 
Food & Water Watch Comment on Proposed Sysco US Foods Merger
Food & Water Watch Comment on Proposed Sysco US Foods MergerFood & Water Watch Comment on Proposed Sysco US Foods Merger
Food & Water Watch Comment on Proposed Sysco US Foods Merger
 
Opt4 Mobile Flyer
Opt4 Mobile FlyerOpt4 Mobile Flyer
Opt4 Mobile Flyer
 
SYSCO AND US FOODS MERGER
SYSCO AND US FOODS MERGERSYSCO AND US FOODS MERGER
SYSCO AND US FOODS MERGER
 
What Makes a Great Cheap Knife?
What Makes a Great Cheap Knife?What Makes a Great Cheap Knife?
What Makes a Great Cheap Knife?
 
Therma-Tek Range Corporation
Therma-Tek Range CorporationTherma-Tek Range Corporation
Therma-Tek Range Corporation
 
Mercer Cutlery Catalog
Mercer Cutlery CatalogMercer Cutlery Catalog
Mercer Cutlery Catalog
 
Know your knives
Know your knivesKnow your knives
Know your knives
 
Browne Foodservice Stainless Steel Can Opener
Browne Foodservice Stainless Steel Can OpenerBrowne Foodservice Stainless Steel Can Opener
Browne Foodservice Stainless Steel Can Opener
 
Browne fs all in one bar caddy - np
Browne fs all in one bar caddy - npBrowne fs all in one bar caddy - np
Browne fs all in one bar caddy - np
 
Sweet Endings Desserts
Sweet Endings DessertsSweet Endings Desserts
Sweet Endings Desserts
 
Manage Your Frying Oil
Manage Your Frying OilManage Your Frying Oil
Manage Your Frying Oil
 
Clair de Lune Restaurant Proposal
Clair de Lune Restaurant ProposalClair de Lune Restaurant Proposal
Clair de Lune Restaurant Proposal
 
Kitchen Service Cookware
Kitchen Service CookwareKitchen Service Cookware
Kitchen Service Cookware
 
ORECK U2000 eb
ORECK U2000 ebORECK U2000 eb
ORECK U2000 eb
 

Recently uploaded

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noidadlhescort
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 

Recently uploaded (20)

Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 

Out of Scope Whitepaper

  • 1. © 2015 Heartland Payment Systems, Inc. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. January 2015 Mike English Executive Director, Product Development Heartland Payment Systems What you need to know Getting Out of PA-DSS Scope and Eliminating the High Cost of EMV:
  • 2. Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 2 EMV Is Here and Is Costly to VARs, ISVs and Businesses with “Homegrown” POS With EMV1 timelines quickly approaching for the restaurant, retail, petro and convenience industries, POS system providers, pump providers, merchants and businesses are preparing for the October 2015 liability shift for in-store systems and the October 2017 liability shift for automated fuel dispensers (AFDs). As businesses become acquainted with EMV and the necessary system enhancements to support EMV, they soon learn that EMV can be a time-intensive and costly endeavor. In a traditional configuration, after integrating EMVCo- certified payment peripherals and updating systems to accept and manage EMV transactions, the merchant or vendor will connect to the acquirer or processor’s certification environment, which is linked to the EMV certification test systems for Visa, MasterCard, American Express and Discover. Using an EMVCo-certified Level I and II device, the vendor or merchant will need to run about 120 test transactions for contact EMV and 150 test transactions for EMV contactless to obtain certifications. For a POS system, costs include the first contact-only EMV POS certification fees, plus any fees charged by a processor to support the certification. This does not include the cost of EMV transaction management code development, POS upgrades, installation, or other necessary expenditures. Optimistically, the time frame to code, test and certify for EMV is more than seven and a half months. However, the initial development and certification will likely take longer because of the intricacies in online and offline PIN management that take time to code and test. Also, many parts of this certification process and cost need to be repeated for each processor and each card brand to which the POS system certifies. To a degree, each POS or AFD configuration must also be repeated. The time frame indicated includes only EMV credit because open questions related to EMV debit haven’t been resolved by the industry. The cost for EMV certification is staggering—tens of thousands of dollars. 1 EMV stands for Europay, MasterCard and Visa, a global standard for   interoperation of integrated circuit cards (IC cards or “chip cards”) and IC   card-capable point-of-sale (POS) terminals and automated teller machines   (ATMs), for authenticating credit and debit card transactions. There are four major concerns every Value-Added Reseller (VAR), Independent Software Vendor (ISV), and businesses with “homegrown” POS systems that accept cards has today: ƒƒ The high cost of achieving and maintaining PCI, specifically PA-DSS validation and compliance ƒƒ Keeping current with changes in payment technology and mandates ƒƒ The risk of having your customers’ card data hacked/stolen ƒƒ The high cost and complexity of developing and certifying EMV Heartland has solutions for VARs, ISVs and businesses accepting cards that eliminate the risk of stolen data and eliminate a POS system’s PA-DSS scope as well as pave a road to seamlessly implementing EMV. This paper offers third-party POS providers, VARs, ISVs, and businesses with “homegrown” payment acceptance the information they need to manage cost and compliance.
  • 3. Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 3 There Is a Better Road to EMV Fortunately, there is a way to eliminate the cost, time and complexity of EMV development and compliance. While not new, an Out-of-Scope approach to in-store payment has taken on new value as a solution for EMV acceptance and as a way to take a POS system out of PA-DSS scope. In a traditional POS system configuration, the PIN pad is directly connected to the POS system and sends the payment information to the POS for authorization. The POS system receives the authorization back from the acquirer or processor and concludes the transaction. In this configuration, the POS system is in PCI PA-DSS scope and the POS system is responsible for EMV certifications. Traditional Payment Configuration Out-of-Scope Configuration In an Out-of-Scope configuration, the PIN pad or signature capture/PIN pad receives a prompt from the POS system to start payment acceptance, and instead of sending the payment information to the POS, the PIN pad sends the transaction directly to the acquirer for approval. In this configuration, manual entry can be done on the PIN pad to keep the POS system out of PA-DSS scope. The PIN pad receives the authorization response back from the acquirer or processor and passes it on to the POS system. This configuration takes the POS system out of the payment authorization process. The POS is notified of the transaction, but no cardholder data is sent to the POS, thus taking the POS system out of PA-DSS scope. Heartland Payment terminal sends cardholder data to POS system 1 POS sends transaction data (cardholder data) to processor Processor returns authorization response to POS system 2 3 POS Terminal POS System is in scope for PCI PA-DSS POS System is out of scope for PCI PA-DSS Heartland POS Terminal POS system sends request to EMV terminal for payment acceptance EMV terminal sends transaction request (cardholder data) directly to processor for authorization 1 Processor returns authorization— terminal passes response to POS system to finish transaction 2 3 or or
  • 4. Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 4 Getting and Staying PCI Out of Scope An Out-of-Scope configuration eliminates the POS system’s PCI scope, specifically PA-DSS2 scope. When payment services are provided as part of the POS system, the POS system provider incurs costs to become PA-DSS validated as well as continual costs to maintain card brand mandates. In the case of an Out-of-Scope configuration, PCI scope is maintained by Heartland and our solution partners, alleviating that burden from the POS system. ƒƒ Eliminates POS system’s PA-DSS scope by removing acceptance and management of card data ƒƒ The VAR or ISV’s scope is eliminated if all card acceptance and processing are completed at the acceptance device ƒƒ Without card data, the POS is no longer considered a payment application Eliminating card data does not take a merchant out of PCI scope, but does significantly reduce their PA-DSS scope. The merchant’s PCI scope is reduced when encrypting card data and eliminating PA-DSS. The number of PCI SAQ P2PE-HW questions to which a business need to respond from 230 to 18!4 For businesses with an in-house POS solution, Heartland Secure and an Out-of-Scope configuration take major portions of your infrastructure out of PA-DSS scope and minimize PCI compliance to the very basics of perimeter security. Providing that the business no longer has access to any clear text card data, overall PCI scope and associated costs are reduced by 70-80%. 2 Payment Application Data Security Standard (PA-DSS) is a set of requirements that   are intended to help software vendors develop secure payment applications that   support PCI DSS compliance. 3 http://pciguru.wordpress.com/2010/04/10/open-source-pa-dss-certification/ 4 http://pcisecuritystandards.org/documents/PCI_SAQ_P2PE-HW_v2.pdf The value of an Out-of-Scope configuration for a POS provider and the merchant is immense. When integrating EMV support with acquirers and processors, third parties and merchants incur a high cost per endpoint to become EMV-certified. The Out-of-Scope configuration eliminates the need for the POS system to code for EMV, as well as removes the need to certify the POS system to the card brands for EMV. Why? Whoever wrote the payment application residing on the PIN pad in an Out-of- Scope configuration is responsible for EMV certification. The POS system may still need to be certified to the acquirer or processor, but the process takes far less time and not for EMV. The POS system simply makes calls to the payment device to begin the payment acceptance process. Seamlessly Implementing EMV Has Immense Payback ƒƒ Our Out-of-Scope offerings eliminate the need for POS systems to develop for EMV acceptance and incur card brand certification costs ƒƒ Speeds time to market and greatly reduces development costs associated with EMV support ƒƒ Eliminates the POS systems’ need to support current and future payment mandates ƒƒ Solution can get VARs, ISVs and businesses with a “homegrown” POS system to market with an EMV solution quicker than their competitors “…most PA-DSS certifications cost at least $30,000 or more depending on the complexity of the application and the number of platforms involved…”3
  • 5. Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 5 The vast majority of breaches occurred at businesses with fewer than 1,000 employees. The average cost per breach for an SMB is up to $500,000, forcing many out of business. Heartland Secure protects a business and their customers’ card data from breaches through end-to-end encryption, EMV and tokenization. Heartland Secure At the core of this powerful PCI avoidance offering—and seamless manner of implementing EMV—is Heartland Secure. Heartland Secure consists of E3 end-to-end encryption, EMV and tokenization. It eliminates PCI scope by encrypting card data within a secure acceptance, thus taking the card data out of the transaction and the business’s ecosystem. Heartland Secure is what PCI was meant to be—helping merchants and businesses manage the risk of payment acceptance through the removal of card data from the merchant’s network. Heartland Secure. No card data. No risk. Encryption’s Impact on PCI Scope Reduction Heartland Secure and our Out-of-Scope solutions do not remove a merchant from the requirement to be PCI compliant. A merchant is responsible to validate compliance to their acquirer, often through a qualified QSA or ISA. As stated earlier, the merchant’s PCI scope is greatly reduced when encrypting card data and eliminating PA-DSS. These actions reduces the number of PCI SAQ P2PE-HW questions to which a business needs to respond from 230 to 18! It is important to note that PCI DSS always applies to any and all merchants that accept card data. All applicable PCI DSS requirements for card data in scope apply if the following is true: ƒƒ If encrypted cardholder data is stored on a system, media or environment that also contains the decryption key ƒƒ If encrypted data is accessible to an entity that also has access to the decryption key When Is Encrypted Cardholder Data Out of Scope? Encryption of cardholder data with strong cryptography is an acceptable method of rendering the data unreadable in order to meet PCI DSS Requirement 3.4. The PCI SSC states, “Encrypted data may be deemed out of scope if, and only if, it has been validated by a QSA or ISA that the entity that possesses encrypted cardholder data does not have the means to decrypt it.” If a merchant encrypts cardholder data but does not possess the means to decrypt it, the cardholder data is not considered in scope once it has been encrypted. The best means to encrypt cardholder data is within a terminal or PIN pad that is PCI PIN Transaction Security (PTS) certified. ƒƒ An encrypted PAN is still defined as cardholder data and in scope for PCI DSS compliance if the merchant has access to key and ability to decrypt data ƒƒ If a merchant has no ability to decrypt encrypted data, the encrypted data is not card data and is NOT in scope of PCI ƒƒ Systems that transmit, process and store such encrypted data are not in scope ƒƒ Encryption removes clear text card data at point of entry to eliminate PCI scope risk ƒƒ By removing clear card data from the merchant’s environment, the opportunity for monetization of the card data is also eliminated
  • 6. Getting Out of Scope and Eliminating the High Cost of EMV heartlandpaymentsystems.com 6 5 https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_  Info_Supplement.pdf 6 https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_  Info_Supplement.pdf Tokenization’s Impact on PCI Scope Reduction Tokenization, which is a way of replacing sensitive data like credit card numbers with tokens, is one of the data protection and audit scope reduction methods that is recommended by PCI DSS.5 The use of tokens for post-authorization operations such as returns, chargebacks, recurring payments, sales reports, analytics or marketing programs eliminates the storage of the PAN and subsequent use of the PAN. Tokenization takes applications and systems for these business processes out of PCI scope. However, per the Information Supplement: PCI DSS Tokenization Guidelines that were published by PCI in August 2011, “Tokenization solutions do not eliminate the need to maintain and validate PCI DSS compliance, but they may simplify a merchant’s validation efforts by reducing the number of system components for which PCI DSS requirements apply.”6 Per the PCI DSS Tokenization Guidelines, PCI Data Security Standard (PCI DSS), Version 2, published in August 2011: In PCI scope… ƒƒ All elements of the tokenization system and tokenization process, including de-tokenization and PAN storage, are considered part of the cardholder data environment (CDE) and are in scope for PCI DSS ƒƒ Any system component or process with access to the tokenization system or the tokenization/de-tokenization process is considered in scope Out of PCI scope are system components that... ƒƒ are adequately isolated from the tokenization system and the CDE ƒƒ store, process or transmit only tokens ƒƒ do not store, process, or transmit any cardholder data or sensitive authentication data ƒƒ may be considered outside of the CDE and possibly out of scope for PCI DSS Heartland’s Comprehensive Breach Warranty Unparalleled in the industry, Heartland is offering merchants the first-ever comprehensive breach warranty. Going beyond breach insurance, Heartland’s warranty protects businesses from being financially liable in case of a breach of card information. To be covered under the warranty, a business must have a Heartland Secure-certified device and process payments through Heartland. The Heartland breach warranty is straightforward. In the case of expenses incurred due to a data breach of card information, Heartland will reimburse the merchant for all costs, compliance fines and penalties a merchant must pay to the card brands, issuing bank or acquiring bank as well the amount paid for a directly related forensic audit conducted by a Qualified Incident Response Assessor. Summary As a leader in secure payment acceptance, Heartland has solutions for VARs, ISVs and businesses accepting cards that eliminate or reduce scope as well as pave the path to seamlessly implementing EMV. We are working with leading hardware vendors as well as strategic third parties to help reduce the cost, complexity and risk associated with PA-DSS compliance and EMV acceptance. Combined with Heartland Secure, our solutions, and our partners’ solutions, we help our customers to be more secure in knowing that Out of Scope is a reality and EMV does not need to be painful.