Source: VeriFone
VeriFone Systems, Inc. (NYSE: PAY), today announced a new layer of PIN entry device (PED) security designed to thwart criminal installation of compromised devices at retail locations. The VeriFone PED Authentication Service (VPAS) adds an exclusive layer of on-site security to monitor devices in use to ensure they are legitimate.
While today's PCI-approved PED devices are significantly enhanced to resist attacks, criminals are taking advantage of often-mixed environments that incorporate differing levels of hardware security. Increasingly sophisticated attacks focus on stealing legitimate devices and replacing them on-site with seemingly identical but compromised systems that are equipped with electronic "bugs" or "skimmers" to capture data.
"No merchants are immune from these increasingly sophisticated criminal assaults that exploit the lengthy upgrade cycle from older, less secure devices," said Paul Rasori, VeriFone senior vice president of marketing. "Adherence to ever-changing security standards is the first line of defense, but VPAS augments that strategy with real-time compromise detection as a last line of defense."
The potential compromise of payment devices is an issue worldwide. Criminals are increasing their investments in efforts to cash in on purloined account data and PINs and are targeting payment devices on all fronts: at the network level, the device level, and the retail environment itself. An alarming number of recent PED compromises on older, yet still 'compliant' devices, demonstrates that retaining merchant and consumer trust requires efforts beyond minimal compliance to rules and requirements. By utilizing VPAS with established PIN pad security best practices, merchants and service providers are able to significantly upgrade their level of protection.
The VPAS service will initially be available with VeriFone's VX Series, MX Series, SC 5000 and Omni 3700 series devices. These systems already feature a unique secret inserted at the time of manufacture - a Unique Manufacturers Authentication Key (UMAK) - that can bind each device to a physical location at the point of sale. Devices transmit their UMAKs at frequent intervals so that VPAS is able to detect installation of rogue devices.
VeriFone, the leader in payment security and founding member of the Secure POS Vendor Alliance, is the only payment solutions provider to offer this unique layer of security. Customer engagement services are available immediately.