August 2009 Archives

Touchscreen Technology Website

By Administrator on August 26, 2009 8:26 PM

News from 3M on multi-touch and also launch of new "education" site touchtopics.com which is to explain all various touchscreen technologies be they from 3M or Elo or whomever. Upcoming conferences are in California.

3M Presents "What is Multi-touch" Overview at 2009 Display Conferences
3M Launches Touch Industry Reference Site to Help Establish Touch Nomenclature

Methuen, Mass. - August 26, 2009 - Multi-touch interactivity may be the touch industry's most discussed topic and possibly the most misunderstood when single finger gestures and 10 resolvable touch points are grouped together and called "multi-touch". For software developers writing applications along this 1 to 10 finger touch spectrum and system integrators matching their requirements with existing touch solutions, understanding the multi-touch capabilities of popular technologies is important. To help clarify this touch nomenclature, 3M Touch Systems will be presenting on "Multi-touch" at two upcoming display conferences (DisplayBank U.S. FPD Conference 2009, August 20, 2009, Santa Clara, CA and DisplaySearch Emerging Displays Technology Conference, September 2, 2009, San Jose, CA) and launching a touch industry reference web site at www.touchtopics.com.

"With 25 years of touch industry experience and as a manufacturer who offers touch technologies ranging from single finger touch to 10 resolvable touch points, 3M Touch Systems is in a unique position to help standardize our industry's nomenclature," said Scott Hagermoser, business manager, 3M Touch Systems. "We've seen first hand how a simple misunderstanding of 'what is multi-touch' can create buying confusion and lead customers to select the wrong touch technology for their solution."

PCI Best Practice Supplement for Merchants

By Administrator on August 26, 2009 6:39 PM
August 2009 release of best practice doc, PCI_skimming_prevention_form.pdf, directed at skimming attacks. Illustrates how exposed terminals in POS are targeted by criminals. Wires, connections, ceilings, boxes, cameras and staff problems. It's a good document though worth noting that we find it ironic that the council would provide best practice guidelines for download as a Microsoft doc file. Historically and functionally that is one of the most dangerous files to download and have a user open. Guidelines also include self-assessment forms which are useful.

Chapter 1: Overview

The primary mission of the Payment Card Industry Security Standards Council (PCI SSC) is to ensure the security of payment data and the security of the payment infrastructure that processes that data. PCI SSC is committed to build trust in the payment process and payment infrastructure for the benefit of all constituents. As the threats and vulnerabilities of fraud evolve, payment constituents can and should expect the emergence of further security standards and requirements for terminal types, terminal infrastructure, payment devices, and payment process.

This document was created to assist and educate merchants regarding security best practices associated with skimming attacks. Though currently not mandated by PCI SSC, guidelines and best practices documents are produced to help educate and create awareness of challenges faced by the payment industry. The guidelines are the result of industry and law enforcement understanding of the current and evolving threat landscape associated with skimming. In addition we have incorporated known best practices, currently conducted by many merchants, to mitigate skimming attacks taking place in their respective point-of-sale environments. .

This document contains a non-exhaustive list of security guidelines that can help merchants to:

· Be aware of the risks relating to skimming.

· Be aware of the vulnerabilities inherent the use of point-of-sale terminals and terminal infrastructure.

· Be aware of the vulnerabilities associated with staff that has access to consumer payment devices.

· Prevent or deter criminal attacks against point-of-sale terminals and terminal infrastructure.

· Identify any compromised terminals as soon as possible and notify the appropriate agencies to respond and minimize the impact of a successful attack.

Additional security can--and must--be provided by merchants to enhance the security provided y the current PCI SSC standards and payment terminal vendors. Merchants have an obligation to ensure their respective payment systems and infrastructure are secure. 

Merchants are the firstline of defense for POS fraud and are involved in the execution of the vast majority of controls suggested or required by PCI SSC. Merchants can achieve appropriate security and trust levelsat the point of sale by considering all the factors that can influence overall security in their terminal environment and taking the necessary countermeasures detailed in this document to ensure an appropriate level of security.

Cloud Computing - Does Amazon fail PCI Compliance?

By Administrator on August 20, 2009 5:46 PM
There's an ongoing debate about the ability of cloud computing services to meet enterprise regulatory compliance requirements, including the Payment Card Industry Data Security Standard (PCI DSS) standard that is essential for e-commerce.

End-to-End Tokenized Encryption

By Administrator on August 11, 2009 10:59 PM

EPX now extends data protection to what I call the 'first inch" of a transaction, i.e., from the plastic to the browser/EPX hosted application.  They do that by integrating an encrypting card reader with their BuyerWall solution so that it holds the decryption keys out of the merchant's custody and in a secure system. The PAN data is not decrypted until it is needed for submission directly to the authorization networks, and is never at the merchant anywhere in plain text.


EPX Delivers First Tokenized End-To-End Encryption Solution for Unsurpassed Merchant Security

Wilmington, DE August 10, 2009 - Today Electronic Payment Exchange (EPX) became the first payment processor to offer a true end-to-end solution that endorses and incorporates both tokenization and encryption for securing cardholder data from the card reader through the entire transaction lifecycle. Using encrypted card readers with EPX's BuyerWall™ credit card data tokenization technology, EPX has virtually removed merchants' point-of-sale systems and card readers from the scope of PCI compliance and has substantially eliminated merchant liability associated with the risk of processing, transmitting, and storing sensitive cardholder data.

Encryption built into hardware and software at the point of sale provides strong protection against potential breaches before card numbers enter into the authorization process by immediately encoding credit card numbers upon the card swipe. Further securing the transactions, tokenization provides unsurpassed security against data breaches and identity theft after the initial card swipe by replacing account numbers with values that are meaningless to hackers and identity thieves.

EPX Chief Executive Officer Ray Moyer recognizes the significant advantage in using both tokenization and encryption in a true end-to-end payment processing solution. "There no longer needs to be any debate over encryption versus tokenization. Quite simply, the answer is to use both," says Moyer. "Merchants deserve the best possible solution that incorporates the benefits of both technologies. Rather than creating regulation and expecting merchants to absorb the costs and burdens of securing payment data, we in the payment industry must lead the way in developing and delivering the most secure and cost-effective solutions to facilitate PCI compliance, to protect merchants, and to ultimately enhance consumer confidence."

David Hogan, CIO and senior vice president of retail operations for the National Retail Federation (NRF), sees the value in EPX's solution. "Protecting consumer's credit card data against today's professional hackers is a challenge for all merchants. EPX's announcement of a solution that offers both end-to-end encryption along with tokenization is going to be well received by the entire retail industry," states Hogan.

FasTraxPOS, a retail automation company offering point-of-sale solutions to more than 1,300 convenience and tobacco-related stores, is one of the first organizations to adopt EPX's new tokenized end-to-end encryption solution. FasTraxPOS Chief Executive Officer Darren Schwartz recognizes the impact EPX's solution will have on his merchant customers. "We realize the importance of protecting our customers from the costs and liabilities associated with compromised credit card information," says Schwartz. "Using EPX's processing with our new point-of-sale system will give our merchants affordable protection and virtually ensure PCI compliance."

Dr. David Taylor, founder of the PCI Knowledge Base and a leading authority on PCI compliance, commented on EPX's announcement. "Whether to use encryption or card number tokenization for true end-to-end card data security is one of the most active debates in the PCI compliance community.  In light of major card data compromises at several retailers and a major US processor recently, this hybrid solution could become a significant leap forward. This kind of pragmatic solution seems to give merchants the potential of a lower-cost and more easily implemented alternative to protecting cardholder data along every inch of the transaction process. Our research among both large and smaller merchants suggests there is definite demand for solutions that encrypt data at the reader, then tokenize it through the rest of the transaction flow, so we expect this will generate a lot of interest in the market."

###

 

About Electronic Payment Exchange

Founded in 1979, Electronic Payment Exchange is the global, industry-leading provider of fully integrated, end-to-end payment solutions for merchants across all distribution channels. EPX offers a full range of payment processing services for leading merchants, retailers, etailers, and banks in the United States, Canada, Europe, Latin America, and the Caribbean.

 

EPX is a participating organization of the Payment Card Industry Security Standards Council. EPX is PCI v1.2 compliant, a VISA USA Cardholder Information Security Program (CISP) Compliant Service Provider, and a MasterCard Site Data Protection (SDP) Compliant Service Provider.

 

For more information on EPX, visit www.epx.com or contact EPX at 302-246-3110.

 

Contact:

Steven M. Kendus, Marketing Director

Electronic Payment Exchange

302.246.3091

[email protected]
« July 2009 | Main Index | Archives | September 2009 »


Related Ring Sites:
  GoKIS  |   ThinClient.org  |   keefner.com  |   Visi Kiosk site  |   KIOSK  |   Kis-kiosk.com  |
Resource Sites:
  Elo TouchSystems  |   Acire Inc.  |   Nextep  |   TIO Networks  |   Olea  |   Self-Service Networks  |   Meridian Kiosks  |   Provisio  |   Kioware  |
  Selling Machine Partners  |   Source Technologies  |   Seepoint  |   5Point  |   Nanonation  |   Netkey  |   KioskCom  |   Summit Research  |   NCR  |