Introducing Secure PumpPAY A Payment Security solution for your existing fuel dispensers from VeriFone - PowerPoint PPT Presentation

1 / 47
About This Presentation
Title:

Introducing Secure PumpPAY A Payment Security solution for your existing fuel dispensers from VeriFone

Description:

[Customer Logo Here] Introducing Secure PumpPAY A Payment Security solution for your existing fuel dispensers from VeriFone [Your Company Name Here] – PowerPoint PPT presentation

Number of Views:355
Avg rating:3.0/5.0
Slides: 48
Provided by: JeffWak1
Category:

less

Transcript and Presenter's Notes

Title: Introducing Secure PumpPAY A Payment Security solution for your existing fuel dispensers from VeriFone


1
Introducing Secure PumpPAYA Payment Security
solution for your existing fuel dispensers from
VeriFone
Customer Logo Here
  • Your Company Name Here

2
Discussion Topics
  • Why Secure PumpPAY ? Why now
  • What our customers are telling us
  • Overview of Secure PumpPAY features
  • Dispenser retrofit kit options available
  • Understanding your fuel dispenser PCI options
  • Common Misconceptions Information you need to
    Know
  • What to expect during installation
  • Other PCI-related solutions you should consider
  • Questions

3
Why Secure PumpPAY, Why Now?
  • Convergence of three key attributes
  • Card usage sharply increased at the pump
  • PCI standards and dates have been cemented
  • Improved security at retail stores and
    restaurants has exposed our industries
    vulnerability
  • Over 1 million fueling positions are prime
    targets

4
Significant rise in card use at petroleum retail
sites
  • Pay at the pump availability has grown steadily
  • Approx. 90 of sites offer pay at the pump
  • Approx. 60 of sites also accept Debit at the
    pump
  • North America has over 700K dispensers (over 1.4M
    fueling points)
  • Cards have surpassed cash as dominant payment
    form at convenience stores
  • Recent rise in fuel costs have driven additional
    card transactions

5
PCI standards and dates have been cemented
  • January 2009
  • New fuel dispensers must support Triple DES
    (TDES) by January 1, 2009.
  • All newly deployed unattended POS PIN acceptance
    devices must contain an EPP that has passed
    testing by a PCI recognized laboratory and is
    approved by Visa for new deployments.
  • Impact TDES-capable PCI certified keypads
    required on new dispensers accepting PIN debit
    transactions.

Visa Security Mandates
  • July 2010
  • Existing fuel dispensers must support Triple DES
    (TDES) by July 1, 2010.
  • All transactions originating at POS PEDs must be
    encrypting PINs using TDES from the point of
    transaction to the Issuer (end-to-end)
  • Impact TDES-capable PCI certified keypads
    required on all dispensers accepting PIN debit
    transactions.

6
Key PCI dates you need to be aware of
7
Improved Security in other industries has exposed
our vulnerability
Thieves Increasing Targeting Fuel Dispensers
100
Degree of Security
0
Retail
Restaurants
Gas Stations
Organized Crime Focus
Using a credit card at a gas station poses more
of a risk for data theft than shopping online, as
point-of-sale terminals at the pump have emerged
as a weak link in the security chain ?
Gartner Group
8
Fuel dispenser skimming is becoming epidemic
7/29/08 Calgary Police estimate 2 or 3 new
"Skim" sites are set up every day in Calgary.
The lead investigator, Constable Darren Hafner
guesses there's up to 50 different stores in
Calgary on any given day with skimmers and
cameras operating.
7/29/08 Under the pretense of needing a nicotine
fix, a man walked into an Edmonton gas station
last week and ran out with a debit-card machine.
7/23/08 OPP investigators believe they've broken
up a fraud operation that involved the use of
"skimming" devices in fuel pumps to collect the
credit card and debit card information of Windsor
and Essex County residents.
7/23/08 Devices used to steal your credit card
number are showing up in the Austin area. Just
last week, Texas Department of Public Safety
troopers say they found one in a man's car.
They're afraid he's part of a much bigger
operation.
7/22/08 In Las Vegas, just in the last month,
we have recovered 4-5 skimmers and a gas station
skimmer that was actually in a pump.
7/9/08 That's what Pennsylvania State Police
said about the thieves who cracked into numerous
Lower Bucks bank accounts by planting a card
skimmer inside gas pumps, including one at a
Bristol Township Wawa.
9
What our Customers are telling us
  • Most customers dont understand what they have to
    do to meet PCI mandates
  • Think the dates will be pushed out again
  • Dont believe these PCI mandates apply to them
  • Are angry with the Card Associations because of
    Interchange Fee Ransoms they are paying
  • There is much confusion about the various options
    available
  • Other companies are misrepresenting their
    capabilities and leading customers to believe
    there are inexpensive, stop-gap solutions that
    are also Secure and will protect them from fraud

10
Overview of Secure PumpPAY
11
Overview of Secure PumpPAY and its Features
32 bit processor Secure embedded Linux OS
Color LCD screen 5.7 ΒΌ VGA
24MB memory 8MB Flash, 16MB DRAM 512K Secure SRAM
8 screenaddressable keys
Contactless Card Reader Integrated into unit
Tamper responsive housing PCI PED certified
Built-in privacy shield Recessed keypad easier to
use
Large key polymer keypad IP65 rated sealed PIN pad
Dip Style Magnetic Stripe Card Reader
Connectivity2 serial ports 1 Ethernet
port Optional PSTN/ISDN port
Software Development Kit APIs and XML/HTML
GUI development tools
Remote key loading
12
Increases fuel dispenser security
  • Extended bezel around unit eliminates or reduces
    ability of cameras being used for capturing PIN
    entries
  • Tactile keypad prevents keyboard overlay skimmers
    from being installed
  • OP4100 housing conceals all cables making
    installation of skimmers more difficult
  • PCI EPP 1.3 certified
  • New keys for doors will make access to Secure
    PumpPAY units more difficult as keys are not
    widely available
  • Canadian version features Secure Card Reader (EMV
    certified) which encrypts message from MSR to EPP
    and door switch
  • VeriShield Protect will further improve security
    by encrypting track data as soon as it is read by
    the MSR

Impact Criminals will target pumps with known
vulnerable DCRs
13
Secure PumpPAY Security Benefits
  • Meets the latest Payment Card Industry (PCI)
    requirements to provide the most secure on-line
    PIN entry as well as Triple DES method of
    encryption at the fuel dispenser
  • Secure PumpPAY housing conceals all cables making
    installation of skimmers more difficult
  • New keys for doors will make Secure PumpPAY units
    more difficult to access as keys are not widely
    available

14
Secure PumpPAY Enhanced Security Benefits
  • Extended bezel around unit reduces or eliminates
    ability of cameras being used for capturing PIN
    entries
  • Polymer tactile keypad prevents keyboard overlay
    skimmers from being installed
  • Remote key load feature allows debit keys to be
    loaded in the field and helps ease the process
    when changing networks

15
Additional Secure PumpPAY Benefits
  • Integrated, all-in-one design simplifies
    installation into existing pumps Retrofit Kits
    available for all major dispenser manufacturers
    and models, and can be done in as little as 30
    minutes.
  • Large color display provides bright
    attention-getting messages that help drive
    customers into the store for high margin sales.
  • Integrated high resolution printer included and
    can prominently highlight graphics such as
    company logos and bar-coded receipts for in-store
    promotions.

16
Additional Secure PumpPAY Benefits
  • Built in Contactless Reader is included which
    future proofs your investment
  • Simplify management and customer interface by
    having the same system at all pumps.

17
Secure PumpPAY vs. other PCI options
18
What are all of my options for pump security?

Replace Dispenser with new product that features
PCI EPP
Very costly

Replace only the Keypad with PCI EPP

Replace the Keypad and Card Reader with PCI EPP
and Secure Card Reader


Replace Keypad, Card Reader and Display with PCI
approved integrated payment terminal
19
Understanding the Risks Current Scenario
Current Payment System Vulnerabilities
Bug on MSR Cable Capture Track Data
Bug in MSR Capture Track Data
Debit Encryption
PIN Pad Tampering Capture Track Data and PIN
Encryption Module (GSM, etc.)
To Point of Sale
Tap on Line Capture PINs and Track Data
20
Understanding the Risks TDES-Only Scenario
TDES-only vulnerabilities Move encryption to the
dispenser
Bug on MSR Cable Capture Track Data
TDES Keypad Debit encryption
Bug in MSR Capture Track Data
PIN Pad Tampering Capture Track Data and PIN
Dummy GSM or Replaced
To Point of Sale
PINs Can NO longer Be captured here
Tap on Line Capture Track Data
21
Understanding the Risks EPP Scenario
Encrypting PIN pad-only solution vulnerabilities
Bug on MSR Cable Capture Track Data
Bug in MSR Capture Track Data
Tamper Resistance Detection
Dummy GSM or Replaced
To Point of Sale
PINs and Track Data Hard to capture
Can STILL Capture Track Data
Tap on Line Capture Track Data
22
Understanding Risks EPP Secure Card Reader
Scenario
EPP and Secure Card Reader Solution
Vulnerabilities
Can NOT Capture Track Data on cable
Bug on MSR Cable Capture Track Data
Bug in MSR Capture Track Data
Tamper Resistance Detection
Dummy GSM or Replaced
To Point of Sale
PINs and Track Data Hard to capture
Can STILL Capture Track Data
Tap on Line Capture Track Data
23
Common Customer Misconceptions
24
Is fuel pump fraud really a problem? (Am I really
at risk?)
Petroleum retailers should be aware that the
number of fuel pump breaches is increasing
dramatically.
  • In the last 2 years, there have been 24 fuel pump
    breaches reported
  • At least 70 stations have reported their pumps
    were breached
  • At least 800 consumers had their cards
    fraudulently used
  • Estimates of the fraud amounts are over 1.5M, or
    2,000 per card average
  • In the past three months, skimming at the pump
    has been reported in
  • Arizona
  • California
  • Delaware
  • Florida
  • Georgia
  • Indiana
  • Ontario
  • Saskatchewan
  • Africa
  • India
  • Australia
  • United Kingdom
  • Illinois
  • Massachusetts
  • Michigan
  • Nevada
  • New Jersey
  • North Carolina
  • Pennsylvania
  • Texas
  • Washington
  • Wisconsin
  • British Columbia
  • Alberta

25
Is fuel pump fraud really a problem? (Am I really
at risk?)
Petroleum retailers should be aware that the
number of fuel pump breaches is increasing
dramatically.
  • Data breaches more than doubled in 2008 first
    quarter
  • Data breaches disclosed by Hannaford Bros
    Supermarket chain, GE Money, and Georgetown
    University are just some of the 167 breaches
    reported during the first quarter of 2008,
    according to the non-profit Identity Theft
    Resource Center.
  • "Using a credit card at a gas station could pose
    more of a risk for data theft than shopping
    online...petroleum and convenience retailers must
    react quickly to avert unnecessary exposure to
    fraud and the mitigation expense they will
    undoubtedly incur if left unchecked." Gartner
    Inc. Analyst

26
Is fuel pump fraud really a problem? (Am I really
at risk?)
Petroleum retailers should be aware that the
number of fuel pump breaches is increasing
dramatically.
  • Most retailer breaches are NOT disclosed, Gartner
    says
  • While nearly half of U.S. retailers have been hit
    with some kind of information security attack,
    only a small percentage of them have actually
    reported breaches to their customers, research
    company Gartner reports.
  • In a new study based on interviews with 50 U.S.
    retailers, Gartner found that 21 of them were
    certain they had a data breach. However, just
    three of the retailers had disclosed the incident
    to the public. (Only 14 of breaches.)
  • If this is true, then the ACTUAL number of fuel
    pump breaches may be
  • 500 fuel dispensers breached
  • Almost 6,000 consumers with fraudulent
    transactions
  • Over 10M in fraudulent transactions

27
Is there a difference between PCI vs. TDES
Other companies are saying all I need to do to
meet PCI mandates is install a TDES keypad, is
that true?
The only current requirement is TDES encryption
at the fuel dispenser beginning on July 1, 2010.
That only encrypts PINs and does nothing to
protect your customers card data and your
business from data thieves.
28
One option I will just stop taking Debit at the
pump
Cant I just stop accepting PIN Debit at the
pump?
Yes, but turning off debit has two key risks
  1. Most Card Association Merchant Services
    Agreements require merchants to accept debit
    along with all other forms of card payments.
  2. Debit usage by consumers is high at fuel stations
    and the trends are that debit usage will continue
    to grow. You will likely lose customers in
    addition to lost sales.

29
Its too expensive. How can I pay for Secure
PumpPAY?

FINANCE
No. Pumps 2 4 6 8 Monthly Finance 220
440 660 880 Price

LEASE
No. Pumps 2 4 6 8 Monthly Lease 210 420
630 840 Price

RENT
No. Pumps 2 4 6 8 Monthly Rental 1,500
3,000 4,500 6,000 Down payment Monthly
Rental 168 336 504 672
30
What about new Standards?
What about new standards that may be coming out?
What else do I need to do to protect my business?
Secure PumpPAY was designed for the European
market it already includes the advanced security
features that are being added to the next set of
PCI requirements.
31
Will I also need software upgrades
Will I have to upgrade my other software to work
with Secure PumpPAY?
Probably not, most customer locations are already
on a POS application software release that is
compatible with Secure PumpPAY
32
Creating Display Content
  • How can I take advantage of the new display?
    Will I need to hire a marketing company to create
    ads and promotions for me?
  • No, Secure PumpPAY includes a tool to load
    graphical content to the display that anyone can
    use. It is windows-based and features drop and
    drag functionality.

33
Creating Display Content
  • Do some graphics come with the unit?
  • Yes, your Secure PumpPAY unit will come with a
    graphics library that includes instructional
    messaging and some promotional messages

34
What do I get when I buy Secure PumpPAY
  • Secure PumpPAY consists of TWO components
  • Payment terminal and accessories
  • OP4100 Payment terminal
  • VeriFone Interface Board (VIB)
  • Power Supply
  • Thermal Printer
  • Cable assembly kit
  • Dispenser door assembly kit
  • Door frame
  • Hinges, locks, mounting brackets
  • Dispenser-specific connectorized cable harness
  • Help Desk included for the first year
  • On-Site Maintenance service provides extended
    warranty coverage

35
Dispenser Models Supported
  • Secure PumpPAY options are currently available
    for
  • Gilbarco Advantage series
  • Dresser-Wayne Vista series
  • Tokheim Premier
  • B- series
  • C- series
  • MMD series
  • Bennett Pacific series
  • Additional options are planned for 2009
    including
  • Gilbarco Encore series
  • Dresser-Wayne Ovation series
  • Others based on customer need
  • Schlumberger 4000 and Centurion

36
What you can expect during Installation
37
The Installation Process
  • Most work will be done at the Installers service
    location
  • Pre-installation or staging activities include
  • Loading the OpenPAY application
  • Loading of the Debit keys
  • Loading of any graphic content you would like and
    have provided
  • Assembly of the Payment terminal and printer into
    the door frame assembly
  • During the day the equipment is being installed
  • The installer will only turn down half of the
    dispensers at a time
  • You will still be pumping fuel from the remaining
    dispensers
  • The old equipment is removed
  • Pre-assembled devices will be installed
  • The new door frame assembly will be installed
  • Technician tests the POS to new equipment
    connection
  • New equipment is activated and now processing
    payments
  • The above process is repeated for the other half
    of the dispensers

38
Gilbarco Advantage Fuel Dispenser after
Installation
Before
After
39
Tokheim Premier B Fuel Dispenser after
Installation
Model 333B with MMD pictured
Before
After
40
Tokheim Premier C Fuel Dispenser after
Installation
Before
After
41
Wayne Vista Fuel Dispenser after Installation
Before
After
42
Bennett Pacific Fuel Dispenser after Installation
43
Installation Complete
Secure PumpPAY processing transactions
44
Servicing Secure PumpPAY
  • Secure PumpPAY includes an initial 1 year parts
    warranty and also includes a one year Help Desk
    support agreement
  • Extended warranties up to five years can be added
    to include On-Site Maintenance
  • Servicing of the Secure PumpPAY units will be
    done by the same VASC technicians who currently
    provide service to your location

45
Removing old DCRs return Maintenance savings
  • Costly to maintain components are removed
  • All of the items below are removed when
    installing Secure PumpPAY eliminating the need to
    service or maintain these costly parts
  • CRIND Logic, printer and display boards and power
    supplies
  • Debit Security modules (GSMs, TEDs, DSMs, etc)
  • Card Reader firmware
  • Improved graphics downloading
  • With Secure PumpPAY, you also improve the
    graphics download time ?5 minutes with SPP vs.
    as much as 45 minutes in a typical VeriFone to
    CRIND scenario.
  • Results in less time your dispensers are offline!

46
Rebranding? No Problem!
  • Servicers can request new encryptions keys for a
    nominal processing fee (12 per key request)
  • The new encryption keys can be loaded in the
    field without having to remove the hardware
  • A significantly less costly proposition
  • Simplifies the process in changing card
    processing networks

47
Secure PumpPAY the only Secure payment solution
Questions?
For the latest information, check out
http//www.securepumppay.com
Write a Comment
User Comments (0)
About PowerShow.com