|
The deadline for PCI PED compliance is now.Why wait and risk getting fined, when you can have the peace of mind of being compliant with the latest security standards? It's our goal to make upgrading merchants' payment acceptance devices as simple as possible and provide the widest range of product choices.
We have designed this web page as a resource to help you navigate your way around PCI PED compliance for your business. You will find information on the most appropriate PCI PED replacement solutions and valuable information about PCI requirements all in one place.
|
PCI PED Toolkit for Acquirers
An overview of the latest PCI PED security requirements and the tools we have created to help ISOs, partners, and resellers move to PCI compliant payment solutions and fully protect cardholders from compromise. View the PCI PED Toolkit eBrochure
|
|
PCI PED is a targeted program specifically designed to protect consumer PIN data from theft. This program is also intended to enforce hardware security of devices that accept consumer PINs and house secret encryption keys of the acquirer, including how the PIN Entry Device (PED) is produced, controlled, transported, stored and used throughout its life cycle. The PCI SSC has recently changed the name of this set of standards to PTS (PIN transaction security).
Key Dates:
- As of December 31, 2007, acquirers and merchants must only deploy PCI PED approved devices
- July 1, 2010 is the date by which never approved devices must be removed from service
- December 31, 2014 is the date by which Visa-PED devices must be removed from the market
While Visa will not fine acquirers until August 2012, acquirers can fine ISOs and merchants any time after the July 2010 deadline. Why take that risk? Upgrade now and have peace of mind that you will not only avoid fines but are also doing your part to help protect consumers from theft.
In addition, if there is a breach of a never approved device after the July 2010 date, liability for the breach transfers from the issuer to the acquirer and the merchant. Can your business afford this cost? 
PCI PED Upgrade Chart
Please refer to the chart on the right to see the most popular PIN entry devices in the market today, and the recommended PCI PED compliant VeriFone replacement.
More Information
To make the migration to compliant payment solutions as simple as possible for you and your merchants, we've created a number of selling tools for you:
PCI PED Upgrade Chart
VeriFone understands that merchants have a lot of things to worry about and that the ever changing security standards are hard to keep up with and often times difficult to understand.
To review, there are three different mandates from Visa that must be met by US merchants by July 2010.
These are:
-
All never approved payment devices on which PIN debit transactions are conducted must be removed from service. This includes any device that is not either VISA PED or PCI PED.
-
All debit card PINs must be encrypted in TDES from the payment device
- All applications that "store, process, or transmit cardholder information" must be PA-DSS or PABP compliant
Acquirers can start fining merchants anytime after the July 2010 deadline. Fees and fines can be administered not only if there is a breach but simply if a merchant uses never approved PIN-entry devices.
Please refer to the chart on the right to see the recommended PCI PED-compliant VeriFone Consumer-Facing solutions.
|
INDUSTRY NEWS
DOWNLOAD THE WHITEPAPER
Get a clear analysis of the PCI PED
mandate and why you and your merchants should take action now.
CALCULATE YOUR RISK
Use our interactive tool to learn what a security breach might cost you
Calculate Risk
|
