DOCSLIB.ORG

EVC PRELAM® Introduction to Battery-Less Dynamic Security Code Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EVC PRELAM® Introduction to Battery-Less Dynamic Security Code Solutions EVC PRELAM® Introduction to Battery-less Dynamic Security Code Solutions ©2020 Linxens. All rights reserved. Reproduction in whole or in part is prohibited without the prior consent of the copyright owner. 2 Title of the presentation Key Drivers of CNP Fraud Retailers report increased fraud incidents despite EMV “The introduction of chip … cards continues to move fraud to the online channel.” — LexisNexis, “The True Cost of Fraud” Global EMV adoption Explosive growth of eCommerce Sales in trillion USD Fraud migrates to path of Statista, March 2018 least resistance True Cost of Fraud to Merchants The cost for each dollar of fraud losses in 2019 is $3.13 per $1 up 6.5% from 2018, crossing the $3 market with of direct fraud expenses related to chargebacks, fees, Up 6.5% from 20181 merchandise redistribution, labor/investigation, legal prosecution and IT/software security. 1. Lexis Nexis, True cost of fraud retail study (July 2019) Timeline Anatomy of CNP Fraud 15+ DAYS Average time before stolen card information is used fraudulently DARKNET Day 1 Stolen card info Day 15+ Card info stolen collection & distribution Fraudulent card use Collection networks, U.S. credit card data are traded Stolen card data is used at least 15 restaurants, bar, mail order, between $7-$10, and between $25-$45 days after collection to make it telephone order, when card is with track data or full cardholder harder to trace back and reduce the handed out… information risk of compromising the point of collection(POC). What is a False Decline? False Declines or false positives occur when good transactions are wrongly rejected due to overcompensation of antifraud systems. As a result, cardholders often elect to abandon a purchase, seek a different store, use an alternative payment card, or payment method. The State of False Declines vs eCommerce Fraud False declines eCommerce Fraud USA Worldwide2 USA vs $25B-$40B $6.4B Est. value of $331B CNP fraud in 20183 Est. value of falsely declined CNP transactions in 20181 1. Merchant Fraud Journal referencing Aite Group - Chargebacks and False Declines: Cards’ Ugly Underbelly , 2. Accenture, The scope of the Card Not Present Problem 3. Creditcards.com, Credit Card fraud and ID Theft statistics Long Term Effects of False Declines $361.98 $159.3 Approved Declined customers customers Average Average per spending order Declined card relegated to Card abandonment or the Reduction in lifetime back of the wallet change payment method 1 post decline value 1 Source: Radial, False Positives White Paper, The monster that’s really killing you and how to survive Trust in Antifraud Solutions Dynamic Card Security Code is the right balance between convenience and security Dynamic Card Security Code Mature solution available from all card manufacturers Protecting card information at the source by changing the security code directly on the card and displaying it for a period of time on a built-in mini-screen. Card-powered by any Standard Reader Battery-free card Card display showing security code updated during EMV transactions Battery-free Technology The 3-digit security number on the card changes during every Card Present EMV transaction • No additional requirements for personalization, leverages personalization of chips with Ellipse Ready applications • Standard credit card format and thickness (ISO 7810 & ISO 10373) • Powered by any EMV reader (POS & ATM) • EVC remains displayed until the next payment • Compatible with all standard card features (Embossing, Magstripe, Hologram…) Battery-free Long service Hot-lamination More No more CNP Frictionless life manufacturing Eco-friendly card reissuing fraud prevention experience EVC Technology Benefits EVC cards obtain their power by leveraging Eliminates card replacements and reduces existing POS terminals and ATMs. A new costs related to fraud management. Eliminates security code is calculated and displayed loss of opportunity and avoids substitution of during each card present transaction. Battery-free No more cards on field while cardholders wait for their card reissuing replacement cards. Innovative battery-free design ensures operation during the entire lifetime of the EVC replaces the static 3 or 4-digit card security card, and eliminates self-discharge, number by a dynamic code, which effectively protects Long providing virtually unlimited shelf life. against card information theft. EVC provides an service life additional layer of security for CNP transactions and CNP card-on-file enrollment. fraud prevention • Tokenizes the card security code • Protects at the source • Protects wallet enrollment EVC cards are produced by employing • Protects payment information updates existing hot lamination process and equipment, similar to dual interface card manufacturing. EVC cards can Hot-lamination accommodate any standard card features Frictionless experience for end users, immediate manufacturing such as embossing, signature panel, and acceptance, and transparent for eMerchants. hologram. Frictionless Works on any device and any channel; no experience plugins or special app required. Battery-free design eliminates related risks, reduces environmental footprint, simplifies More end-of-life product disposal and recycling. Eco-friendly EVC Generation/Verification EVC Generation Contact and contactless modes Card generates a new EVC during every EMV transaction. The process is transparent to the cardholder EMV transaction EVC Verification Card Not Present transaction Current Record Submitted Result f(card data) = 625 625 OK EVC: 625 f(card data) = 301 301 OK f(card data) = 472 258 KO Submitted EVC will be compared with … issuer/processor calculated EVC EVC Verification • EVC is an issuer-only solution that is transparent for the cardholder, has minimal infrastructure impact for the acquirer processor, and the network. • EVC can be easily deployed by enabling existing payment HSMs. • Issuer generated/originated card security value improves trust and reliability for risk scoring Browser Existing payment HSM v NETWORK ISSUER ACQUIRER Issuer PROCESSOR PROCESSOR MOTO Infrastructure Leverages existing No change No change No change No change modification EMV HSM Manufacturing Standard processes: Hot lamination Punching Milling & embedding Full Supply Chain Same existing Dual Interface payment card supply chain Card Manufacturers Flexible Printed Prelaminated Issuer Card Circuits Inlays Processors Issuers EMV Module Cards Embedding Chip agnostic Standard Manufacturing Process PRELAM® Specification OPERATING FREQUENCY 13.56 MHz OPERATING TEMPERATURE -25 °C to +50 °C MATERIAL Outer layers in PVC, coated to aid adhesion during lamination INTERNATIONAL STANDARDS ISO/IEC 7816, ISO/IEC 14443 APPLICATION AREA Dual-interface Payment, 3-digit Electronic Verification Code DIMENSIONS Customer specific NOMINAL THICKNESS 500 µm, tolerance: +30µm/-10µm AVAILABLE IC • Infineon SLC 32PD • NXP P71 • Other Secure Element IC’s on request Example Finished Card Long Standard More service life Hot-lamination Eco-friendly Dimensions: ISO 7810 Dual Interface: YES EMV: Chip agnostic CVV/CVC: Electronic Antenna: Linxens Display: Electronic paper; 3-digit, 7 segments Display Location: Rear Magnetic Stripe: 2 or 3 tracks Signature panel: YES, Secure option Hologram: YES Printing: Full CMYK, glossy, matte, metallic Physical perso: Embossing, laser, indent Summary Simultaneously addresses the needs of issuers, merchants, and end-users Convenience & peace of mind Cost reduction • No card re-issuance Easy deployment, • Lower fraud management cost 100% adoption • Reduced loss of opportunity • Easy to use, frictionless & transparent to cardholders • Zero impact on e-merchants • Works on any device & any channel, no plugins required More secure • Tokenizes card security code • Protects at the source • Protects wallet enrollment Battery-free • Reliable lifetime performance • More eco-friendly • Compatible with all card manufacturers hot lamination process Expand revenue • more CNP interchange revenue • Top of wallet Differentiation • Recruit new customers, increase • Most advanced and complete payment market share Easy implementation card • Increase client approval rate • Issuer-only solution • Improve cardholder confidence • Using existing HSM • Cloud or on-premises platform For design-in process & sample requests, please get in touch with us here. ©2020 Linxens. All rights reserved. Reproduction in whole or in part is linxens.com prohibited without the prior consent of the copyright owner..
Load more

Recommended publications
  • Card Processing Guide Merchant Operating Instructions
    Card Processing Guide Merchant Operating Instructions © 2019 GPUK LLP. All Rights Reserved. CONTENTS SECTION PAGE Welcome 1 Global Payments 1 About This Document 1 An Introduction To Card Processing 3 The Anatomy Of A Card Payment 3 Transaction Types 4 Risk Awareness 4 Card Present (CP) Transactions 9 Cardholder Verified By PIN 9 Cardholder Verified By Signature 9 Cardholder Verified By PIN And Signature 9 Contactless Card Payments 10 Checking Cards 10 Examples Of Card Logos 13 Examples Of Cards And Card Features 14 Accepting Cards Using An Electronic Terminal 18 Authorisation 19 ‘Code 10’ Calls 24 Account Verification/Status Checks 25 Recovered Cards 25 Refunds 26 How To Submit Your Electronic Terminal Transactions 28 Using Fallback Paper Vouchers 29 Card Not Present (CNP) Transactions 32 Accepting Mail And Telephone Orders 32 Accepting Internet Orders 33 Authorisation Of CNP Transactions 35 Confirming CNP Orders 37 Delivering Goods 37 Collection Of Goods 38 Special Transaction Types 39 Bureau de Change 39 Dynamic Currency Conversion (DCC) 40 Foreign Currency Transactions 40 Gratuities 41 Hotel And Car Rental Transactions 41 Prepayments/Deposits/Instalments 43 Purchase With Cashback 43 Recurring Transactions 44 Card Processing Guide © 2019 GPUK LLP. All Rights Reserved. SECTION PAGE Global Iris 47 HomeCurrencyPay 49 An Introduction To HomeCurrencyPay 49 Card Present (CP) HomeCurrencyPay Transactions 50 Mail Order And Telephone Order (MOTO) HomeCurrencyPay Transactions 52 Ecommerce HomeCurrencyPay Transactions 55 Mastercard And Visa Regulations
    [Show full text]
  • A Study on Debit Cards
    Dr. Yellaswamy Ambati, International Journal of Research in Management, Economics and Commerce, ISSN 2250-057X, Impact Factor: 6.384, Volume 08 Issue 02, February 2018, Page 248-253 A Study on Debit Cards Dr. Yellaswamy Ambati (Lecturer in Commerce, TS Model Junior College, Jangaon, Warangal, Telangana State, India) Abstract: A Debit Card is a plastic payment card that can be used instead of cash when making purchases. It is also known as a bank card or check card. It is similar to a credit card, but unlike a credit card, the money comes directly from the user's bank account when performing a transaction. Some cards may carry a stored value with which a payment is made, while most relay a message to the cardholder's bank to withdraw funds from a payer's designated bank account. In some cases, the primary account number is assigned exclusively for use on the Internet and there is no physical card. In many countries, the use of debit cards has become so widespread that their volume has overtaken or entirely replaced cheques and, in some instances, cash transactions. The development of debit cards, unlike credit cards and charge cards, has generally been country specific resulting in a number of different systems around the world, which were often incompatible. Since the mid-2000s, a number of initiatives have allowed debit cards issued in one country to be used in other countries and allowed their use for internet and phone purchases. Keywords: Debit Card, Credit Card, ATM, Bank, Master Card I. INTRODUCTION Debit cards are a great way to get more financial freedom without the risk of falling into debt.
    [Show full text]
  • Deposit Account Disclosures for Business Accounts TABLE of CONTENTS DEPOSIT ACCOUNT AGREEMENT
    Deposit Account Disclosures For Business Accounts TABLE OF CONTENTS DEPOSIT ACCOUNT AGREEMENT . 4 GENERAL TERMS AND CONDITIONS . .5 Account Opening and Verification . 5 How We Communicate with You . .6 Telephone Recording . 6 Privacy, the USA PATRIOT Act, and Opening an Account . 6 Deposits . 6 Deposit Error Correction . 7 Claims . 7 Checks Made Payable to a Business . 7 Withdrawals . .8 Automated Clearing House (“ACH”) . 8 Interest-Bearing Account Information . 9 Interactive Teller Machine (ITM) . 9 Banking Day Cutoff . 9 Abandoned Accounts . 9 Right to Discontinue Accounts . .9 Right to Refuse Any Deposit, to Close Any Account, or to Terminate Account Services . 9 Account Information Services . 10 Agent . 10 Facsimile Signatures . 10 Right of Setoff . 11 Statement Production Date . 11 Statements of Account and Reasonable Care . 11 Security Procedures . 12 What Happens If You Owe Us Money or Cause Us to Sustain a Loss . .12 Fees and Charges . 12 Limits of Liability . 12 Address for Notices . .13 Not Transferable . 13 Confidentiality . 13 Legal Process . 14 Accounts or Services Governed By Special Rules Not Included in this Agreement . 14 Changes to this Agreement . 15 Waivers . 15 Assignment . 15 CUSTOMER REPRESENTATIONS AND WARRANTIES . 15 Valid Business Entity . 15 For Business Purposes Only . 15 Appropriate Business Resolution . 15 CHECKING ACCOUNTS . 15 FDIC Insurance Assessment Monthly Fee . 15 Earnings Credit . 16 Checks . 16 Order of Posting Transactions . 16 Stale Checks . 17 Postdated Checks . 17 Restrictive Legends . 17 Check Imaging . 18 Overdrafts/Insufficient Available Funds . 18 Stop Payments . 18 Preauthorized Drafts . 19 Checking Account Subaccounts . 19 Relationship Pricing . .19 1 SAVINGS ACCOUNTS AND MONEY MARKET ACCOUNTS . 20 Order of Posting Transactions .
    [Show full text]
  • Credit Cards: Guessing CVV, Spoofing Payment and Experiences
    PHDays 2012 (May 30 / May 31 / 2012 / Moscow) Credit Cards: Guessing CVV, Spoofing Payment and Experiences with Fraud Detection Systems Micha Borrmann SySS GmbH May 31, 2012 About my Point of View In most cases I run black box tests against systems and applications I’m employed at a company which is offering professional penetration tests exclusively My point of view is from the attacking perspective; I do neither know the application source code nor detailed network maps All descriptions were found in the course of real professional penetration tests (with strong NDAs): no company names will be published M. Borrmann (SySS GmbH) PHDays 2012 May 31, 2012 2 / 22 First Project Long time ago (2007), a popular website ordered a professional penetration test However, they represented a minority of analyzed sites, as I found no SQL injection and only few of the typical issues But there was a possibility at the website for account verification, which could be used with a valid credit card It means, a valid credit card number had to be typed into the web site to verify an account M. Borrmann (SySS GmbH) PHDays 2012 May 31, 2012 3 / 22 Using a Credit Card on the Web Card Holder Name Credit card number Expiration date Card Security Code (CVV) Card security code The card security code (CSC), sometimes called Card Verification Data (CVD), Card Verification Value (CVV or CVV2), Card Verification Value Code (CVVC), Card Verification Code (CVC or CVC2), Verification Code (V-Code or V Code), or Card Code Verification (CCV) are different terms for security features for credit or debit card transactions, providing increased protection against credit card fraud.
    [Show full text]
  • Payment Card Industry Data Security Standard (PCI DSS)
    ] * * * * * * * [ FIRSTNAME LASTNAME FIRSTNAME 5490 2345 8670 8921 8670 2345 5490 THRU BANK NAME BANK VALID 08/19 Payment Card Industry Data Security Standard (PCI DSS) Protecting Cardholder Data Since our organization handles cardholder data, we have to understand and follow the security regulations known as PCI DSS. This newsletter explains what those standards are and how we must follow them. © SANS Institute 2017 Payment Card Industry Data Security Standard (PCI DSS) Credit cards have become the primary way people make purchases, especially with the growth of online shopping. Credit cards are incredibly convenient, allowing people to make large purchases almost anywhere in the world. However, credit cards also have risks. Cyber criminals are actively trying to steal credit card information. If they steal credit card data, they can create physical copies of the credit card or use the information for online purchases. The more credit cards criminals steal, the more money PCI DSS they can make. As a result, many criminals no longer target individuals, but organizations like ours that store, process, or transfer cardholder data. To reduce credit card fraud, five members of the payment card industry (Visa, MasterCard, American Express, Discover, and JCB) joined together to develop security standards for any organization that stores, transmits, or processes cardholder data. This set of standards is referred to as the Payment Card Industry’s Data Security Standard, or PCI DSS. Since our organization handles cardholder data, we must understand and abide by these rules. Cardholder data includes the payment card number (known as a Primary Account Number, or PAN) and any associated account information, including the cardholder’s name, the payment card’s expiration date, the three or four-digit verification code, and any other authentication data related to the cardholder.
    [Show full text]
  • European Parking Industry Payments Landscape
    European Parking Industry Payments Landscape WHITE PAPER September 2015 Draft V11.8 About this document In 2011, the European Parking Association (EPA) launched an initiative to assist national associations and their members across Europe in their dealings with the complex world of card or e-payment. This White Paper seeks to help operators, both public and private, understand the card payment ecosphere: the powerful forces that are at play and the interface between the world of card payments and the technical infrastructure of the parking industry. The Paper addresses new payment methods involving the use of smartphones or other mobile devices. It also addresses the regulatory issues and security concerns facing the industry. Lastly, the White Paper outlines the case for introducing a standard for the interface between the world of card payments and the parking industry. It briefly describes the IPIPS standard that EPA is promoting and the benefits it would bring to operators. In most European countries the use of e-payment methods to pay for parking sessions is increasingly rapidly. For parking operators in the majority of the northern European countries, these payment methods now constitute over 50% of their turnover, and in some instances over 80%. There are, however, still a number of countries where the figures are between 5% and 8%. In view of the increase in e-payments in other sectors, notably the retail and leisure sectors, it is highly likely that this trend is going to continue and probably accelerate in the parking sector. Parking operators are faced with numerous problems and issues when implementing e-payment solutions to support of their operations.
    [Show full text]
  • Card Processing Guide - MOI 2015.Qxp GP 07/09/2015 17:45 Page 1
    JM3150_Card Processing Guide - MOI 2015.qxp_GP 07/09/2015 17:45 Page 1 CARD PROCESSING GUIDE MERCHANT OPERATING INSTRUCTIONS SERVICE. DRIVEN. COMMERCE JM3150_Card Processing Guide - MOI 2015.qxp_GP 07/09/2015 17:45 Page 2 CONTENTS SECTION PAGE Welcome 1 Global Payments 1 About This Document 1 An Introduction To Card Processing 3 The Anatomy Of A Card Payment 3 Transaction Types 4 Risk Awareness 4 Card Present (CP) Transactions 9 Cardholder Verified By PIN 9 Cardholder Verified By Signature 9 Cardholder Verified By PIN And Signature 9 Contactless Card Payments 10 Checking Cards 10 Examples Of Card Logos 13 Examples Of Cards And Card Features 14 Accepting Cards Using An Electronic Terminal 18 Authorisation 19 ‘Code 10’ Calls 24 Account Verification/Status Checks 25 Recovered Cards 26 Refunds 27 How To Submit Your Electronic Terminal Transactions 29 Using Fallback Paper Vouchers 30 Card Not Present (CNP) Transactions 33 Accepting Mail And Telephone Orders 33 Accepting Internet Orders 34 Authorisation Of CNP Transactions 36 Confirming CNP Orders 38 Delivering Goods 39 Collection Of Goods 39 Special Transaction Types 40 Bureau de Change 40 Dynamic Currency Conversion (DCC) 41 Foreign Currency Transactions 41 Gratuities 42 Hotel And Car Rental Transactions 42 Prepayments/Deposits/Instalments 44 Purchase With Cashback 44 Recurring Transactions 45 Global Iris 48 HomeCurrencyPay 50 An Introduction To HomeCurrencyPay 50 JM3150_Card Processing Guide - MOI 2015.qxp_GP 07/09/2015 17:45 Page 3 SECTION PAGE Card Present (CP) HomeCurrencyPay Transactions
    [Show full text]
  • Dynamic Security Code Cards: a Primer
    A SECURE TECHNOLOGY ALLIANCE PAYMENTS COUNCIL WHITE PAPER Dynamic Security Code Cards: A Primer Version 1.0 July 2020 Secure Technology Alliance ©2020 Page 1 About the Secure Technology Alliance The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT). The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection. The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America. For additional information, please visit www.securetechalliance.org. Copyright © 2020 Secure Technology Alliance. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Secure Technology Alliance. The Secure Technology Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Secure Technology Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report. This white paper does not endorse any specific product or service. Product or service references are provided to illustrate the points being made. Secure Technology Alliance ©2020 Page 2 Table of Contents 1 Introduction .........................................................................................................................................
    [Show full text]
  • The EMV Chip Card Transition: Background, Status, and Issues for Congress
    The EMV Chip Card Transition: Background, Status, and Issues for Congress Patricia Moloney Figliola Specialist in Internet and Telecommunications Policy May 17, 2016 Congressional Research Service 7-5700 www.crs.gov R43925 The EMV Chip Card Transition: Background, Status, and Issues for Congress Summary Consumer financial card fraud due to data breaches of card information is an ongoing problem in the United States. The majority of breaches are carried out against point-of-sale (POS) systems, and are facilitated by what many consider to be the weak link in the U.S. retail sales payment process: the continued use of magnetic stripe cards (also referred to as stripe-and-signature cards). These cards are still what most U.S. consumers think of when referring to financial cards. In much of the rest of the world, cards that provide a much higher level of security for conducting sales transactions have been used for many years: EMV cards, named for the coalition of card brands Europay, MasterCard, and Visa (the EMV Coalition or EMVCo) that developed the specifications for the system in the 1990s. EMV cards store card information on an embedded microchip and are more commonly called chip cards. With these cards, instead of swiping and signing to make a payment, the cardholder inserts the card into the POS machine, then either enters a personal identification number (PIN) or signs to verify the transaction. On October 1, 2015, the liability for fraudulent transactions involving magnetic stripe cards shifted to the entity—card issuer (e.g., bank, credit union) or merchant—that had not yet made the transition.
    [Show full text]
  • CSCIP Module 5
    Module 6/P: Smart Card Usage Models – Payments and Financial Transactions Smart Card Alliance Certified Smart Card Industry Professional Accreditation Program Smart Card Alliance © 2015 CSCIP Module 6/P - Payments and Financial Transactions FINAL – Version 2 – June 15, 2015 1 For CSCIP Applicant Use Only About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org. Important note: The CSCIP training modules are only available to LEAP members who have applied and paid for CSCIP certification. The modules are for CSCIP applicants ONLY for use in preparing for the CSCIP exam. These documents may be downloaded and printed by the CSCIP applicant. Further reproduction or distribution of these modules in any form is forbidden. Copyright © 2015 Smart Card Alliance, Inc. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Smart Card Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report.
    [Show full text]
  • Technologies for Payment Fraud Prevention: EMV, Encryption And
    A SMART CARD ALLIANCE PAYMENTS COUNCIL WHITE PAPER Technologies for Payment Fraud Prevention: EMV, Encryption and Tokenization Publication Date: October 2014 Publication Number: PC-14002 Smart Card Alliance 191 Clarksville Rd. Princeton Junction, NJ 08550 www.smartcardalliance.org About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org. Copyright © 2014 Smart Card Alliance, Inc. All rights reserved. Reproduction or distribution of this publication in any form is forbidden without prior permission from the Smart Card Alliance. The Smart Card Alliance has used best efforts to ensure, but cannot guarantee, that the information described in this report is accurate as of the publication date. The Smart Card Alliance disclaims all warranties as to the accuracy, completeness or adequacy of information in this report. This white paper does not endorse any specific product or service. Product or service references are provided to illustrate the points being made. Smart Card Alliance
    [Show full text]
  • Small Merchant Guide to Safe Payments
    Payment Card Industry Security Standards Council DATA SECURITY ESSENTIALS FOR SMALL MERCHANTS A PRODUCT OF THE PAYMENT CARD INDUSTRY SMALL MERCHANT TASK FORCE Guide to Safe Payments Version 2.0 • August 2018 Data Security Essentials for Small Merchants: Guide to Safe Payments Copyright 2018 PCI Security Standards Council, LLC. All Rights Reserved. This Guide to Safe Payments is provided by the PCI Security Standards Council (PCI SSC) to inform and educate merchants and other entities involved in payment card processing. For more information about the PCI SSC and the standards we manage, please visit www.pcisecuritystandards.org. The intent of this document is to provide supplemental information, which does not replace or supersede PCI Standards or their supporting documents. UNDERSTANDING YOUR RISK UNDERSTANDING YOUR RISK Understanding your risk As a small business, you are a prime target for data thieves. When your payment card data is breached, the fallout can strike quickly. 50% £30 billion Your customers lose trust in your ability to protect their personal information. They take their business elsewhere. OF SMALL BUSINESSES COST TO UK BUSINESS There are potential financial penalties HAVE BEEN BREACHED DUE TO CYBER SECURITY and damages from lawsuits, and your IN THE PAST 12 MONTHS. BREACHES IN 2016 business may lose the ability to accept (Ponemon Institute) (Beaming UK) payment cards. A survey of 1,015 small and medium businesses found 60% of those breached close in six months. (NCSA) ONLY 61% 39% OF BREACHES HIT SMALLER BUSINESSES OF SMALL FIRMS HAVE FORMAL LAST YEAR, UP FROM THE POLICIES COVERING CYBER PREVIOUS YEAR’S 53% SECURITY RISKS IN 2017 (Verizon 2017) (Dept for Culture Media and Sport) Data Security Essentials for Small Merchants: Guide to Safe Payments Copyright 2018 PCI Security Standards Council, LLC.
    [Show full text]