VeriShield Crypto Library

Within the tamper resistant security module inside VeriFone's newest payment devices, lives the VeriShield Crypto Library (VCL). learn more

The VCL contains the intelligence required to take advantage of two different types of encryption depending on the customer's particular needs:

VeriFone's Variable Advanced Encryption Standard (VAES) – The Advanced Encryption Standard (AES), standardized in 2001, is a symmetric algorithm, meaning that the encryption and decryption devices use the same keys. VeriFone uses a format-preserving mode of AES, meaning the plaintext and ciphertext have the same length and character set, reducing the need to modify existing systems and applications.
RSA Public Key Infrastructure (PKI) – The RSA implementation of PKI is an additional card data encryption option for VTP. It uses asymmetric encryption, also known as a public key encryption. At the merchant's location, a public key is downloaded to the payment device and a private key is held at the decrypting location (such as the processor).

When payment is swiped (tapped, scanned, etc.) card data is immediately encrypted using the encryption type present within the payment acceptance device. In both cases, the PAN is never in clear- text within the merchant's environment.

VeriShield Decryption

VeriShield Decryption (VSD) is VeriFone's network level system that supports decryption of VeriShield Total Protect transactions. VeriFone designs, builds, configures, implements and supports the network level functionality needed to support the decryption of transactions encrypted using VeriFone's Variable Advanced Encryption Standard (VAES) and RSA's asymmetric algorithm.
learn more

Designed with low-overhead and low-latency operating parameters, VeriShield Decryption can be installed in a variety of locations depending on business needs and acceptable levels of risk:

Merchant's data center
Gateway
Network Service Provider
Processor's data center

VeriShield Key Management

VeriShield Key Management (VKM) is a set of systems, procedures, and interfaces that provides flexible and robust key management to merchants, gateways, and processors. VeriShield Key Management is designed with both security and business needs in mind and complies with key management industry best practices. learn more

VeriFone's key management methods include the following:

TCP/IP Backchannel
File Delivery
Device Generated Keys from Encrypting Card Capture Device via Multiple Authorization Messages.
Derived Key Method using the Existing Authorization Message Fields.
Derived Key Method using an extra field added to the Existing Authorization Message Fields.
PKI

Tokenization by RSA

Tokenization is a process by which the card PAN is replaced with a randomized data substitute and sent back to the merchant along with the transaction authorization code. VeriShield Total Protect uses tokenization technology developed by RSA. learn more

In addition to being completely unusable by thieves, the returned token also maintains the original structure of the PAN, meaning that it can be stored by the merchant, and reused for chargebacks, returns, customer loyalty tracking or other post-authorization uses.

VeriShield Monitoring and Compliance

VeriShield Monitoring and Compliance (VMC) is VeriShield Total Protect's "Big Brother," remotely monitoring the security status of configured devices and tracking the individual status of every card transaction on those devices. In addition, VMC also provides detailed key management metrics to help merchants and assessors verify compliance with PCI requirements. learn more

Features include:

Internal InfoSec and Assessment Requirements – Maintains records required by assessors to verify compliance with various industry security requirements
Real Time Alerts and Monitoring – Detailed dashboards, customizable email delivery notifications and other features provide real-time awareness of device and transaction security and help you group and manage your device estate by location
Reporting – Detailed reports provide insight into the encryption status of every device and transaction
Not a Point a Vulnerability – Since VMC never stores or displays sensitive card data, it does not create a new point of vulnerability for thieves

VeriShield Merchant Boarding

VeriShield Merchant Boarding (VMB) simplifies the burdensome task for processors of integrating a large merchant with security services. learn more

VMB is made up of the following two components:

Administrative Console – An easy to use graphical user interface for creating and retrieving configuration templates and files, assigning keys to configuration packages and then assigning those packages to merchants, and other one-time tasks associated with merchant integration.
Message Interface – Used to associate templates to objects in a flexible 5-Level Hierarchy.