SlideShare a Scribd company logo

Heartland Secure PPT

R
Robert Tarrant

The document discusses a comprehensive card data security solution from Heartland Secure that combines EMV, encryption (E3), and tokenization technologies. EMV verifies the authenticity of cards and transactions. E3 immediately encrypts card data at inception. Tokenization replaces card data with tokens, preventing criminal use of data. Together these solutions secure card-present transactions and remove card data from merchants' environments.

1 of 16
Download to read offline
12/16/2014 A comprehensive card data security solution combining three powerful technologies working in tandem to provide merchants with the highest level of security available against card-present data fraud.
12/16/2014 Verizon 2014 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2014/ 285 Number of security breaches that occurred in American restaurants, hotels, grocery stores, gas stations and other brick-and-mortar outlets >1,000 Vast majority breaches occurred against companies with fewer than 1,000 employees 148 POS intrusions accounted for 31 percent of the 148 retail breaches, with payment card skimmers accounting for another six percent 137 POS intrusions accounted for 75 percent of the 137 accommodation sector breaches. Card Data is Not Secure
12/16/2014 Card Data in the Clear Standard Output of a Non-Encrypting MSR Wedge “Clear-Text” Track 1 Card Number “Clear-Text” Track 1 Cardholder Name “Clear-Text” Track 1 Expiration Date “Clear-Text” Track 1 Discretionary Data “Clear-Text” Track 2 Card Number & Expiration Date & Discretionary Data %B 4012002000060016^VI TEST CREDIT ^251210118039000000000396?;4012002000060016=25121011803939600000?+E?
12/16/2014 Introducing Heartland Secure… A Comprehensive Card Data Security Solution Combining Three PowerfulTechnologies  EMV proves that a consumer’s card is genuine and transaction authentic  Heartland’s E3™ end-to-end encryption technology immediately encrypts card data at inception to prevent monetization  Tokenization replaces card data with “tokens” used for returns and repeat purchases, unusable by criminals
12/16/2014 Facts About EMV There are over 15 million magnetic stripe POS devices, 609.8 million credit cards, and 520 million debit cards in circulation in theUS.1 The cost estimated by JavelinStrategy and Research to implement EMV in the US is at least $8 billion for POS systems.2 1 The Nilson Report 2 Ben Woolsey and Matt Schulz, “Credit Card Statistics, Industry Facts, Debt Statistics  Standard governing interoperability of chip cards and payment devices 1  Global interoperability and improved card security are main reasons card brands are migrating the U.S. to EMV  EMV card acceptance is not a government or card brand mandate for merchants or card holders  All EMV cards distributed by U.S. issuers will include a magnetic stripe
12/16/2014 U.S. EMV Timelines Oct-2012 PCI validation relief1 Apr-2013 Processor support for chip processing Oct-2015 POS liability shift, non-AFDs Oct-2017 POS liability shift, AFDs Oct-2016 MC ATM liability shift Oct-2013 MC ADC relief takes effect (50%) 2012 2013 2015 201720162014 1 Applies to Level 1 & Level 2 merchants where 75% of their transactions come from a dual interface, chip-enabled, terminal Oct-2015 MC ADC relief (100%) Oct-2017 Visa ATM liability shiftApril-2014 Visa unattended liability shift Oct-2016 Visa GCAR relief
12/16/2014 Understanding the Liability Shift Visa MasterCard Today After liability shift Today After liability shift Counterfeit Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Lost & Stolen Issuer is liable today Liability remains with issuer Issuer is liable today Liability remains with issuer if:  A lost or stolen mag stripe card is used at a chip terminal  A lost or stolen chip & signature (no PIN support) card is used at a chip & PIN supporting terminal  A lost or stolen chip & PIN card is used at a chip & PIN supporting merchant
12/16/2014 Card Authentication  Authorization Request Cryptogram verifies the card is authentic  Authorization Response Cryptogram verifies the issuer is authentic to the card EMV Card and Security Validating Card Use Transaction Certificate (TC) value that provides evidence to the issuer that the card was present and was used for payment Combating Replays The Application Transaction Counter combat replay attacks Validating the Cardholder Offline or online PIN validate the cardholder
12/16/2014 Where Does EMV Fall Short?  In the event that crimeware has found its way into the retailer’s POS system or network, the cardholder data will be stolen and used fraudulently.  Implementing a payment system using only the EMVco and Card Brand EMV specifications leaves a customer’s primary account number (PAN) and discretionary data exposed and in the clear.
12/16/2014 E3 Safeguards EMV Transactions!  E3 encrypts the EMV transaction in the same way it encrypts a magnetic stripe transaction, protecting the cardholder information.  This end-to-end protection keeps the cardholder’s data safe and prevents criminals from monetizing it
12/16/2014 E3 Encrypted Data E3 Encrypting MSR Wedge Output <E1047311%B 4012001000000016^VI TEST CREDIT ^251200000000000000000000?|Juo1ja9sowQX5yOlrQwd68LAO7TJUvWzR8 CAoFGAgEH1AINShV78RZwb3NAc2VjdXJlZXhjaGFuZ2UubmV009rwLCTKtT+v01IzT3gobnixA3TxjqiuXxfOieON5TNSUxmbYEbz oW6OE1dTAMc6NE7W9KVmu9etcQ/Fe2MctBtL9BW1iel24ReH/CzOMosyzby9rtoo+6Mz6U6dQYn8M3AKnf+MHD/RF5QIvPKPP8 +Ul zx0M1JGPEkS4lgidS0ATmpEfb+WiEs+t6QchtVXrSa+p2tf+sstd5kPiYgLPtN0jzTZ GRyDpugJBbZ47FNgZzqOlOA|11;4012001000000016=25120000000000000000?|9nOnxGjxBnaL9slmqUGfA5wsNFn|00||/wECAQE Obfuscated Track 1 Card Number; 1st 6 & last 4 Left in clear for BIN routing and receipt printing z “Clear-Text” Track 1 Cardholder Name for receipt printing Obfuscated Track 1 Discretionary Data Encryption Block sent in transmission.
12/16/2014 Over 70,000 Merchants in the United States Benefit from E3’s Encryption Security and Our Warranty! 1 https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf 2 Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  E3 removes consumer card data from the merchant’s environment by encryption the cardholder’s primary account number (PAN) and discretionary data  E3 eliminates the risk of hackers monetizing stolen card data. Hackers cannot profit from encrypted card information  E3 is a strong response to “all organizations should assume they’ve been hacked,” as written by the authors of the Cisco 2014Annual Security report 1  E3 reduced a merchant’s PCI scope as documented in a paper written Coalfire 2
12/16/2014 Tokenization Removes Card Data  Tokenization and E3 work together to make an EMV transaction safe  Tokenization removes any direct reference to the card number by substituting the consumer’s card number with a token  As a reference number with the retailer needs to preform a post-sale transaction such as a void or refund  As a representative of the card for future transactions such as card of file, recurring payments or customer analysis
12/16/2014 Magnetic Stripe, E3 and Tokenization Magstripe data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption Magstripe card is swiped at E3 wedge and encrypted Single use token returned to POS (reference number)  E3 encrypts cardholder information at the earliest point of the transaction – at card swipe, key entry, tap or insertion  Tokens eliminate reuse of the card data
12/16/2014 EMV, E3 and Tokenization  E3 offers an additional layer of security for EMV transactions  As the EMVco specifications are presently written, when an EMV transaction is processed at the point of sale the transaction is sent in the clear to the acquirer or processor for authorization  E3 encrypts the EMV transaction in the same way it encrypts magnetic stripe transaction, thus protecting the cardholder information  Tokens eliminate the need to reuse card data Cardholder data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption EMV card is inserted in The terminal and encrypted Single use token returned to POS (reference number)
12/16/2014 Heartland Secure Comprehensive Card Present Security Cisco 2014 Annual Security report https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  EMV and E3 remove ability to skim and monetize card data through combinations of verification and encryption  EMV and E3 eliminate “man-in-the-middle” attacks  E3 and tokenization remove card data from the merchant’s environment  E3 eliminates the risk of monetizing stolen card data  E3 and tokenization are a definitive response to “all organizations should assume they’ve been hacked”  E3 and tokenization reduce a merchant’s PCI scope as per Coalfire’s study

Recommended

EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to Know
Total Merchant Services
 
emv-ebook
emv-ebookemv-ebook
emv-ebook
Richard Dover
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)
Karina Khemani
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
Anil Chaurasiya
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...
Ainsley Ward
 
EMV 201 EMF June 2016
EMV 201 EMF June 2016EMV 201 EMF June 2016
EMV 201 EMF June 2016
Philip Andreae
 

Recommended

EMV: What you Need to Know
EMV: What you Need to KnowEMV: What you Need to Know
EMV: What you Need to Know
Total Merchant Services
 
emv-ebook
emv-ebookemv-ebook
emv-ebook
Richard Dover
 
Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)Emv overview-payscape-2015 (1)
Emv overview-payscape-2015 (1)
Karina Khemani
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
Emv chip card buyers guide
Emv chip card buyers guideEmv chip card buyers guide
Emv chip card buyers guide
3D Merchant powered by CenPOS
 
Introduction to emv
Introduction to emvIntroduction to emv
Introduction to emv
Anil Chaurasiya
 
So you want to be an EMV Issuer...
So you want to be an EMV Issuer...So you want to be an EMV Issuer...
So you want to be an EMV Issuer...
Ainsley Ward
 
EMV 201 EMF June 2016
EMV 201 EMF June 2016EMV 201 EMF June 2016
EMV 201 EMF June 2016
Philip Andreae
 
Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words
Banque Populaire Du Rwanda
 
EMV Overview
EMV OverviewEMV Overview
EMV Overview
Kona Software Lab Limited.
 
Vn online payment
Vn online paymentVn online payment
Vn online payment
action.vn
 
VTC Pay Presentation
VTC Pay PresentationVTC Pay Presentation
VTC Pay Presentation
Lucas Nguyen
 
EMV and Smartcards
EMV and SmartcardsEMV and Smartcards
EMV and Smartcards
NEXTEP Processing
 
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
NAFCU Services Corporation
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
EMV - Is your business ready?
EMV - Is your business ready?EMV - Is your business ready?
EMV - Is your business ready?
Shannon Walcott
 
The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019
JanSobczak5
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
Philip Andreae
 
EMV and Chip-Pin Cards
EMV and Chip-Pin CardsEMV and Chip-Pin Cards
EMV and Chip-Pin Cards
Ryan Thomas, CEBO
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMV
Corral Solutions
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
Mannu Khani
 
BFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4revBFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4rev
Paige Dean
 
EMV Chip Cards
EMV Chip CardsEMV Chip Cards
EMV Chip Cards
txheaven
 
The Cookie Gateway - EMV Overview
The Cookie Gateway - EMV OverviewThe Cookie Gateway - EMV Overview
The Cookie Gateway - EMV Overview
The Cookie Dining
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech support
Kristinajozy
 
Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015
Hannah Murray Duncan
 
Heartland 2014 power point
Heartland 2014 power point Heartland 2014 power point
Heartland 2014 power point
Pella Christian Grade School
 
Introduction To Confirm Pay
Introduction To Confirm PayIntroduction To Confirm Pay
Introduction To Confirm Pay
toddturner
 

More Related Content

What's hot

Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words
Banque Populaire Du Rwanda
 
EMV Overview
EMV OverviewEMV Overview
EMV Overview
Kona Software Lab Limited.
 
Vn online payment
Vn online paymentVn online payment
Vn online payment
action.vn
 
VTC Pay Presentation
VTC Pay PresentationVTC Pay Presentation
VTC Pay Presentation
Lucas Nguyen
 
EMV and Smartcards
EMV and SmartcardsEMV and Smartcards
EMV and Smartcards
NEXTEP Processing
 
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
NAFCU Services Corporation
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next Steps
Ingenico Group
 
EMV - Is your business ready?
EMV - Is your business ready?EMV - Is your business ready?
EMV - Is your business ready?
Shannon Walcott
 
The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019
JanSobczak5
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow Works
AnnMargaret Tutu (AMT)
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
Halo Metrics
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
Philip Andreae
 
EMV and Chip-Pin Cards
EMV and Chip-Pin CardsEMV and Chip-Pin Cards
EMV and Chip-Pin Cards
Ryan Thomas, CEBO
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMV
Corral Solutions
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
Mannu Khani
 
BFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4revBFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4rev
Paige Dean
 
EMV Chip Cards
EMV Chip CardsEMV Chip Cards
EMV Chip Cards
txheaven
 
The Cookie Gateway - EMV Overview
The Cookie Gateway - EMV OverviewThe Cookie Gateway - EMV Overview
The Cookie Gateway - EMV Overview
The Cookie Dining
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech support
Kristinajozy
 

What's hot (19)

Emv Explained in few words
Emv Explained in few words Emv Explained in few words
Emv Explained in few words
 
EMV Overview
EMV OverviewEMV Overview
EMV Overview
 
Vn online payment
Vn online paymentVn online payment
Vn online payment
 
VTC Pay Presentation
VTC Pay PresentationVTC Pay Presentation
VTC Pay Presentation
 
EMV and Smartcards
EMV and SmartcardsEMV and Smartcards
EMV and Smartcards
 
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
EMV Liability Shift: Why Financial Institutions Should Get Their ATMs in Line...
 
EMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next StepsEMV Migration Webinar / Lessons Learned + Next Steps
EMV Migration Webinar / Lessons Learned + Next Steps
 
EMV - Is your business ready?
EMV - Is your business ready?EMV - Is your business ready?
EMV - Is your business ready?
 
The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019The end of passwords: Two-factor-authentication and biometrics are coming 2019
The end of passwords: Two-factor-authentication and biometrics are coming 2019
 
EMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow WorksEMV Card Migration: How the EMV Transaction Flow Works
EMV Card Migration: How the EMV Transaction Flow Works
 
Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!Data Breach Prevention - Start with your POS Terminal!
Data Breach Prevention - Start with your POS Terminal!
 
What is A Smart Card
What is A Smart CardWhat is A Smart Card
What is A Smart Card
 
EMV and Chip-Pin Cards
EMV and Chip-Pin CardsEMV and Chip-Pin Cards
EMV and Chip-Pin Cards
 
Key Things to Know About EMV
Key Things to Know About EMVKey Things to Know About EMV
Key Things to Know About EMV
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway System
 
BFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4revBFSFCU_Visa_Brochure4rev
BFSFCU_Visa_Brochure4rev
 
EMV Chip Cards
EMV Chip CardsEMV Chip Cards
EMV Chip Cards
 
The Cookie Gateway - EMV Overview
The Cookie Gateway - EMV OverviewThe Cookie Gateway - EMV Overview
The Cookie Gateway - EMV Overview
 
payment gateway for tech support
payment gateway for tech supportpayment gateway for tech support
payment gateway for tech support
 

Viewers also liked

Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015
Hannah Murray Duncan
 
Heartland 2014 power point
Heartland 2014 power point Heartland 2014 power point
Heartland 2014 power point
Pella Christian Grade School
 
Introduction To Confirm Pay
Introduction To Confirm PayIntroduction To Confirm Pay
Introduction To Confirm Pay
toddturner
 
Introduction To Heartland 360 Pos
Introduction To Heartland 360 PosIntroduction To Heartland 360 Pos
Introduction To Heartland 360 Pos
toddturner
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
HNI Risk Services
 
The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15
Robert Carr
 
Geopolitical theory
Geopolitical theoryGeopolitical theory
Geopolitical theory
cindipatten
 

Viewers also liked (7)

Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015
 
Heartland 2014 power point
Heartland 2014 power point Heartland 2014 power point
Heartland 2014 power point
 
Introduction To Confirm Pay
Introduction To Confirm PayIntroduction To Confirm Pay
Introduction To Confirm Pay
 
Introduction To Heartland 360 Pos
Introduction To Heartland 360 PosIntroduction To Heartland 360 Pos
Introduction To Heartland 360 Pos
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15The College of New Jersey Presentation 11 30-15
The College of New Jersey Presentation 11 30-15
 
Geopolitical theory
Geopolitical theoryGeopolitical theory
Geopolitical theory
 

Similar to Heartland Secure PPT

Emv and smartcards
Emv and smartcardsEmv and smartcards
Emv and smartcards
NEXTEP Processing
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
Kerri Lorch
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
Tripwire
 
What Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit CardsWhat Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit Cards
businessforward
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
Dilip Kumar
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
Tom Cooley
 
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADAEMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
MONEXgroup
 
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Smart Payment Association
 
Shift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October DeadlineShift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October Deadline
Constellation Payments
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011
jhatch9418
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
Ken Givens
 
FINAL DRAFT_DEVANSHI GOYAL
FINAL DRAFT_DEVANSHI GOYALFINAL DRAFT_DEVANSHI GOYAL
FINAL DRAFT_DEVANSHI GOYAL
Devanshi Goyal
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote Commerce
Netcetera
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
Anil Jain
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
Lennon808
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar
Ingenico Group
 
EMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionEMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. Fiction
Ingenico Group
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
Donald E. Hester
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
Parking & Traffic Consultants
 
Play It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment TransactionsPlay It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment Transactions
- Mark - Fullbright
 

Similar to Heartland Secure PPT (20)

Emv and smartcards
Emv and smartcardsEmv and smartcards
Emv and smartcards
 
key-trends-in-merchant-security
key-trends-in-merchant-securitykey-trends-in-merchant-security
key-trends-in-merchant-security
 
Hacking Point of Sale
Hacking Point of SaleHacking Point of Sale
Hacking Point of Sale
 
What Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit CardsWhat Businesses Need to Know About Changes to Credit and Debit Cards
What Businesses Need to Know About Changes to Credit and Debit Cards
 
EMV chip cards
EMV chip cardsEMV chip cards
EMV chip cards
 
The Path to Payment Security
The Path to Payment SecurityThe Path to Payment Security
The Path to Payment Security
 
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADAEMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
EMV COMPLIANCE & SECURE EMV CHIP TECHNOLOGY FOR EVERY RETAILER ACROSS CANADA
 
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
Contactless Card Shipments Jump enabling Shoppers Take Advantage of Everyday ...
 
Shift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October DeadlineShift Happens. What You Need to Know About EMV & The October Deadline
Shift Happens. What You Need to Know About EMV & The October Deadline
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011
 
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
EMV - The Chips are Coming - Ken Givens U.S. Merchant Payment Solutions 11-15
 
FINAL DRAFT_DEVANSHI GOYAL
FINAL DRAFT_DEVANSHI GOYALFINAL DRAFT_DEVANSHI GOYAL
FINAL DRAFT_DEVANSHI GOYAL
 
Merchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote CommerceMerchant tokenization and EMV® Secure Remote Commerce
Merchant tokenization and EMV® Secure Remote Commerce
 
Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017Sgsits cyber securityworkshop_4mar2017
Sgsits cyber securityworkshop_4mar2017
 
End-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card ProcessingEnd-to-End Encryption for Credit Card Processing
End-to-End Encryption for Credit Card Processing
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar
 
EMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionEMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. Fiction
 
Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016Payment Card Cashiering for Local Governments 2016
Payment Card Cashiering for Local Governments 2016
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
 
Play It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment TransactionsPlay It Smart with U.S. Chip Payment Transactions
Play It Smart with U.S. Chip Payment Transactions
 

Heartland Secure PPT

  • 1. 12/16/2014 A comprehensive card data security solution combining three powerful technologies working in tandem to provide merchants with the highest level of security available against card-present data fraud.
  • 2. 12/16/2014 Verizon 2014 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2014/ 285 Number of security breaches that occurred in American restaurants, hotels, grocery stores, gas stations and other brick-and-mortar outlets >1,000 Vast majority breaches occurred against companies with fewer than 1,000 employees 148 POS intrusions accounted for 31 percent of the 148 retail breaches, with payment card skimmers accounting for another six percent 137 POS intrusions accounted for 75 percent of the 137 accommodation sector breaches. Card Data is Not Secure
  • 3. 12/16/2014 Card Data in the Clear Standard Output of a Non-Encrypting MSR Wedge “Clear-Text” Track 1 Card Number “Clear-Text” Track 1 Cardholder Name “Clear-Text” Track 1 Expiration Date “Clear-Text” Track 1 Discretionary Data “Clear-Text” Track 2 Card Number & Expiration Date & Discretionary Data %B 4012002000060016^VI TEST CREDIT ^251210118039000000000396?;4012002000060016=25121011803939600000?+E?
  • 4. 12/16/2014 Introducing Heartland Secure… A Comprehensive Card Data Security Solution Combining Three PowerfulTechnologies  EMV proves that a consumer’s card is genuine and transaction authentic  Heartland’s E3™ end-to-end encryption technology immediately encrypts card data at inception to prevent monetization  Tokenization replaces card data with “tokens” used for returns and repeat purchases, unusable by criminals
  • 5. 12/16/2014 Facts About EMV There are over 15 million magnetic stripe POS devices, 609.8 million credit cards, and 520 million debit cards in circulation in theUS.1 The cost estimated by JavelinStrategy and Research to implement EMV in the US is at least $8 billion for POS systems.2 1 The Nilson Report 2 Ben Woolsey and Matt Schulz, “Credit Card Statistics, Industry Facts, Debt Statistics  Standard governing interoperability of chip cards and payment devices 1  Global interoperability and improved card security are main reasons card brands are migrating the U.S. to EMV  EMV card acceptance is not a government or card brand mandate for merchants or card holders  All EMV cards distributed by U.S. issuers will include a magnetic stripe
  • 6. 12/16/2014 U.S. EMV Timelines Oct-2012 PCI validation relief1 Apr-2013 Processor support for chip processing Oct-2015 POS liability shift, non-AFDs Oct-2017 POS liability shift, AFDs Oct-2016 MC ATM liability shift Oct-2013 MC ADC relief takes effect (50%) 2012 2013 2015 201720162014 1 Applies to Level 1 & Level 2 merchants where 75% of their transactions come from a dual interface, chip-enabled, terminal Oct-2015 MC ADC relief (100%) Oct-2017 Visa ATM liability shiftApril-2014 Visa unattended liability shift Oct-2016 Visa GCAR relief
  • 7. 12/16/2014 Understanding the Liability Shift Visa MasterCard Today After liability shift Today After liability shift Counterfeit Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Issuer is liable today Liability shifts to the merchant if a counterfeit chip card is used at a mag stripe terminal Lost & Stolen Issuer is liable today Liability remains with issuer Issuer is liable today Liability remains with issuer if:  A lost or stolen mag stripe card is used at a chip terminal  A lost or stolen chip & signature (no PIN support) card is used at a chip & PIN supporting terminal  A lost or stolen chip & PIN card is used at a chip & PIN supporting merchant
  • 8. 12/16/2014 Card Authentication  Authorization Request Cryptogram verifies the card is authentic  Authorization Response Cryptogram verifies the issuer is authentic to the card EMV Card and Security Validating Card Use Transaction Certificate (TC) value that provides evidence to the issuer that the card was present and was used for payment Combating Replays The Application Transaction Counter combat replay attacks Validating the Cardholder Offline or online PIN validate the cardholder
  • 9. 12/16/2014 Where Does EMV Fall Short?  In the event that crimeware has found its way into the retailer’s POS system or network, the cardholder data will be stolen and used fraudulently.  Implementing a payment system using only the EMVco and Card Brand EMV specifications leaves a customer’s primary account number (PAN) and discretionary data exposed and in the clear.
  • 10. 12/16/2014 E3 Safeguards EMV Transactions!  E3 encrypts the EMV transaction in the same way it encrypts a magnetic stripe transaction, protecting the cardholder information.  This end-to-end protection keeps the cardholder’s data safe and prevents criminals from monetizing it
  • 11. 12/16/2014 E3 Encrypted Data E3 Encrypting MSR Wedge Output <E1047311%B 4012001000000016^VI TEST CREDIT ^251200000000000000000000?|Juo1ja9sowQX5yOlrQwd68LAO7TJUvWzR8 CAoFGAgEH1AINShV78RZwb3NAc2VjdXJlZXhjaGFuZ2UubmV009rwLCTKtT+v01IzT3gobnixA3TxjqiuXxfOieON5TNSUxmbYEbz oW6OE1dTAMc6NE7W9KVmu9etcQ/Fe2MctBtL9BW1iel24ReH/CzOMosyzby9rtoo+6Mz6U6dQYn8M3AKnf+MHD/RF5QIvPKPP8 +Ul zx0M1JGPEkS4lgidS0ATmpEfb+WiEs+t6QchtVXrSa+p2tf+sstd5kPiYgLPtN0jzTZ GRyDpugJBbZ47FNgZzqOlOA|11;4012001000000016=25120000000000000000?|9nOnxGjxBnaL9slmqUGfA5wsNFn|00||/wECAQE Obfuscated Track 1 Card Number; 1st 6 & last 4 Left in clear for BIN routing and receipt printing z “Clear-Text” Track 1 Cardholder Name for receipt printing Obfuscated Track 1 Discretionary Data Encryption Block sent in transmission.
  • 12. 12/16/2014 Over 70,000 Merchants in the United States Benefit from E3’s Encryption Security and Our Warranty! 1 https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf 2 Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  E3 removes consumer card data from the merchant’s environment by encryption the cardholder’s primary account number (PAN) and discretionary data  E3 eliminates the risk of hackers monetizing stolen card data. Hackers cannot profit from encrypted card information  E3 is a strong response to “all organizations should assume they’ve been hacked,” as written by the authors of the Cisco 2014Annual Security report 1  E3 reduced a merchant’s PCI scope as documented in a paper written Coalfire 2
  • 13. 12/16/2014 Tokenization Removes Card Data  Tokenization and E3 work together to make an EMV transaction safe  Tokenization removes any direct reference to the card number by substituting the consumer’s card number with a token  As a reference number with the retailer needs to preform a post-sale transaction such as a void or refund  As a representative of the card for future transactions such as card of file, recurring payments or customer analysis
  • 14. 12/16/2014 Magnetic Stripe, E3 and Tokenization Magstripe data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption Magstripe card is swiped at E3 wedge and encrypted Single use token returned to POS (reference number)  E3 encrypts cardholder information at the earliest point of the transaction – at card swipe, key entry, tap or insertion  Tokens eliminate reuse of the card data
  • 15. 12/16/2014 EMV, E3 and Tokenization  E3 offers an additional layer of security for EMV transactions  As the EMVco specifications are presently written, when an EMV transaction is processed at the point of sale the transaction is sent in the clear to the acquirer or processor for authorization  E3 encrypts the EMV transaction in the same way it encrypts magnetic stripe transaction, thus protecting the cardholder information  Tokens eliminate the need to reuse card data Cardholder data decrypted in Heartland PCI compliant data center for authorization Transaction wrapped in SSL encryption EMV card is inserted in The terminal and encrypted Single use token returned to POS (reference number)
  • 16. 12/16/2014 Heartland Secure Comprehensive Card Present Security Cisco 2014 Annual Security report https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf Heartland Payment Systems E3™ MSR Wedge Technical Assessment White Paper, Coalfire, January 4, 2011  EMV and E3 remove ability to skim and monetize card data through combinations of verification and encryption  EMV and E3 eliminate “man-in-the-middle” attacks  E3 and tokenization remove card data from the merchant’s environment  E3 eliminates the risk of monetizing stolen card data  E3 and tokenization are a definitive response to “all organizations should assume they’ve been hacked”  E3 and tokenization reduce a merchant’s PCI scope as per Coalfire’s study