Presentation is loading. Please wait.

Presentation is loading. Please wait.

TransArmorSM A Secure Transaction ManagementSM Solution

Published byBernard Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "TransArmorSM A Secure Transaction ManagementSM Solution"— Presentation transcript:

1 TransArmorSM A Secure Transaction ManagementSM Solution
Overview March 2010

2 Impact of Credit Card Fraud
More than 280 million payment card records were breached in alone1 Merchants have collectively spent more than $1B on PCI-DSS compliance as part of their security systems2 The value of credit card numbers make them the most targeted information for theft1 The average cost of coping with a data breach in rose to $6.6 million—a 40 percent increase since 20063 1 Verizon, 2009 Data Breach Investigations Report, Verizon Business RISK Team, 2009 2 Letter to Bob Russo of the PCI Security Standards Council from the National Retail Federation, et. al., June 9, 2009. 3 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009

3 Merchant Fraud Problems and Costs
Merchant-based vulnerabilities appear at almost any point in the card processing environment – in transit, at rest, in use Merchants take on significant risk by collecting and managing credit card data for business and marketing purposes. Costs associated with an incident are unexpected and unknown until something happens, putting Merchants at further financial risk Upfront costs to protect against vulnerabilities and meet PCI standards have escalated rapidly over the past few years Credit card numbers exist in too many places putting merchants at risk

4 Solving the Card Data Problem
Reduce the number of places where card data exists Point-of Sale systems CRM systems MIS databases / reports Remove the burden of protecting payment card data from the merchant Reduce the Card Data Environment and PCI compliance efforts 2008 was a record year for number of records compromised: 285 million. Just three industries—Retail, Financial Services and Food and Beverage—accounted for three-quarters of the 2008 breaches percent of the records were compromised from servers and applications. As a percentage of caseload for the Verizon Business RISK Team, payment card breaches remain near the 80 percent mark and far outnumber the other data types. They consume 98 percent of all records compromised in 2008. Fraudulent use of stolen card data was confirmed in 83 percent of Verizon’s cases. 91 percent of all compromised records were linked to organized criminal groups. In 66 percent of the cases, the breach involved data that the organization didn’t even know was on the system. TransArmorSM, a Secure Transaction ManagementSM Solution

5 Introducing TransArmorSM
The First Data® TransArmorSM solution moves the burden of protecting payment card data from the merchant to First Data using a multi-level defense Combines encryption and tokenization to protect data at every processing stage Complimentary to Card Authentication technologies Removes payment card information from the merchant completely by replacing the Permanent Account Number (PAN) with a ‘Token’ Maintains all the merchant’s business benefits of storing the payment card data without the associated risk Warrants the Token against compromise and fraudulent use

6 How it Works Merchant Environment First Data Datacenter SafeProxy 3 1
First Data Switch Issuer 2 Encryption 4 5 Financial Token 1. Credit Card is swiped at the merchant’s POS 2. PAN/Track data/exp dates encrypted using a Public Key in the POS device and sent to First Data 3. Encrypted Transaction is Decrypted using Private Key in First Data’s HSM 4. Card number is passed to bank for authorization and SafeProxy server for tokenization 5. Authorization and token are returned to the merchant 6. Token is stored in place of the card number in all places 7. Adjustments, refunds, ‘Card not present’, and settlement use the token in place of the card number 6 Merchant Environment First Data Datacenter 4 Transaction Log Settlement Data Warehouse 6 SafeProxy Analytics Anti Fraud 6 6

7 Technologies Leveraged
Two-level approach to protecting data at every point Public/Private Key encryption (Asymmetric) Data encrypted at capture with Public Key and can only be decrypted by the Private Key held by First Data Encryption is only used to protect PAN during transit or offline situations Tokenization Replacement of PAN with a random number (Token) - no key to “crack” or steal Token uses the same number format as the card data - last 4 digits of PAN are retained in the token 1:1 Mapping of token to a PAN - the same card always returns the same token Token replaces the card data in the merchants system

8 Benefits The First Data® TransArmorSM solution removes sensitive payment card data from Merchants’ systems Key Benefits Risk Reduction Increases security of payment card transactions protecting your brand reputation & revenue stream Less complex and more secure than encryption alone Warrants against a compromise on the Token Cost Savings Significantly reduces PCI remediation timelines (up to 50%)1 Significantly reduces PCI compliance scope (up to 80%)2 Operational cost that scales with consumption vs. large, recurrent capital outlays Business Continuity Hardware, card association and merchant acquirer agnostic Integrates with VARs and Third Party solutions Enables continued analytics and reporting capabilities Enables cloud computing scenarios 1Interview with Coalfire Systems 2Interview with Securitymetrics

9 How Can You Get Started? Contact your First Data Sales Representative
Availability in early 2010 Message specifications available soon

10

Download ppt "TransArmorSM A Secure Transaction ManagementSM Solution"

Similar presentations

PCI DSS for Retail Industry

PCI DSS for Retail Industry
HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.

HCE AND BLE UNIVERSITY TOMORROWS TRANSACTIONS LONDON, 20 TH MARCH 2014.
ANSI X9.119 Part 2: Using Tokenization Methods

ANSI X9.119 Part 2: Using Tokenization Methods
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
This refresher course will:

This refresher course will:
ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.

ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.
Trends in Card Processing North Carolina Ecommerce Conference

Trends in Card Processing North Carolina Ecommerce Conference
Protecting Your Customers’ Card Data ASTRA Presentation 05.14.2013 Brian Chapman and Peter O’Rourke.

Protecting Your Customers’ Card Data ASTRA Presentation Brian Chapman and Peter O’Rourke.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.

Credit Card Compliance Regulations Mandated by the Payment Card Industry Standards Council Accounting and Financial Services.
CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.

CLXMGCS.ppt Why Smart Cards System Overview Card Architecture Why CardLogix Smart Cards Overview FY 2001.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Payment Card Industry (PCI) Data Security Standards (DSS) Fundamentals

Payment Card Industry (PCI) Data Security Standards (DSS) Fundamentals
“Electronic Payment System”

“Electronic Payment System”
Travillon Consultants

Travillon Consultants

Similar presentations

Ads by Google