PCI PED Information

The July 1, 2010 deadline for PCI PED compliance is right around the corner. Why wait and risk getting fined, when you can have the peace of mind of being compliant with the latest security standards? It’s our goal to make upgrading merchants’ payment acceptance devices as simple as possible and provide the widest range of product choices.

We have designed this web page as a resource to help you navigate your way around PCI PED compliance for your business. You will find information on the most appropriate PCI PED replacement solutions and valuable information about PCI requirements all in one place.

If you have additional questions, complete the form on the right and your VeriFone representative will contact you.

Top five things you’ll take away from the PCI PED Deadline Looms white paper:

A clear analysis of the PCI PED mandate and why you and your merchant should take action now
Tips on how to move your merchants to compliance prior to the PCI PED deadline
A replacement chart for VeriFone PCI PED devices
A better knowledge of the evolution of PED standards and three classes of PED devices
Key dates for PCI PED implementation and mandates

PCI PED Toolkit for Acquirers
An overview of the latest PCI PED security requirements and the tools we have created to help ISOs, partners, and resellers move to PCI compliant payment solutions and fully protect cardholders from compromise.

View the PCI PED Toolkit eBrochure

WHAT IS PCI PED?

PCI PED for Acquirers

PCI PED for Merchants

QUICK LINKS

The PCI PED standard applies to companies that make devices that accept PIN entry. Certified PED (PIN Entry Device) laboratories validate adherence to the PED standard, which has requirements for device characteristics and management. Merchants and service providers should ensure that they are using certified PED devices.

Learn more at: www.pcisecuritystandards.org

PCI PED is a targeted program specifically designed to protect consumer PIN data from theft. This program is also intended to enforce hardware security of devices that accept consumer PINs and house secret encryption keys of the acquirer, including how the PIN Entry Device (PED) is produced, controlled, transported, stored and used throughout its life cycle.

The card brands mandated that, as of December 31, 2007, acquirers and merchants only deploy PCI PED approved devices. Furthermore, Visa set July 1, 2010, as the date by which unapproved devices must be removed from service.

While Visa will not fine acquirers until July 1 2012, acquirers can fine ISOs and Merchants any time after the July 1, 2010 deadline. Why take that risk? Upgrade now and have peace of mind that you will not only avoid fines but are also doing your part to help protect consumers from theft.

In addition, if there is a breach of an unapproved device after the July 1, 2010 date, liability for the breach transfers from the issuer to the acquirer and the merchant. Can your business afford this cost?

PCI PED Upgrade Chart

Please refer to the chart on the right to see the most popular PIN entry devices in the market today, and the recommended PCI PED-compliant VeriFone solution.

More Information

To make the migration to compliant payment solutions as simple as possible for you and your merchants, we’ve created a number of selling tools for you:

PCI PED Upgrade Chart

VeriFone understands that merchants have a lot of things to worry about and that the ever changing security standards are hard to keep up with and often times difficult to understand.

To review, there are three different mandates from Visa that must be met by US merchants by July 1, 2010.

All never approved payment devices on which PIN debit transactions are conducted must be removed from service. This includes any device that is not either VISA PED or PCI PED.
All debit card PINs must be encrypted in TDES from the payment device
All applications that “store, process, or transmit cardholder information” must be PA-DSS or PABP compliant

Acquirers can start fining merchants anytime after the July 1, 2010 deadline. Fees and fines can be administered not only if there is a breach but simply if a merchant uses never approved PIN-entry devices.

Please refer to the chart on the right to see the recommended PCI PED-compliant VeriFone Consumer-Facing solutions.

Payment Application Security - PA-DSS Whitepaper
List of PCI PED Compliant Devices: - www.pcisecuritystandards.org
VeriFone Security Page
Secure Retail Payments
PCI PED Website
Visa
Visa Partner Network – PIN Entry Devices

PCI PED COUNTDOWN


Days	Hours	Minutes	Seconds

CALCULATE YOUR RISK

DOWNLOAD THE WHITEPAPER

Get a clear analysis of the PCI PED mandate and why you and your merchants should take action now.

First Name: *

Last Name: *

Title:

Company: *

Email: *

Country: *

Tell Us About You:*

Annual POS Equipment Purchased:

Have a VeriFone representative contact me.

* = required field