Académique Documents
Professionnel Documents
Culture Documents
Blake Laufer
Chief Technology Officer
T2 Systems, Inc.
Today’s Roadmap
Card Association
Issuer Acquirer
Cardholder Merchant
Transaction Authentication
Card Association
Issuer Acquirer
Cardholder Merchant
How the Benjamins Move
Card Association
Issuer Acquirer
Cardholder Merchant
Today’s Roadmap
CVV2
Card Verification Value – This is a 3 or 4 digit
number used for fraud prevention. It’s printed
on the card, but not found in the mag-stripe.
More Acronyms (Payment)
ACH
Automated Clearinghouse – An inter-branch
banking standard for handling large batches of
small transactions.
HTTPS
Hypertext Transfer Protocol (Secure) – The
technology used to ensure web page data can’t
be snooped.
Gateway
Not an acronym, but a common term. It is the
software or application that talks to a processor.
Even More Acronyms (Security)
AVS
Address Verification System – A system to ensure
that the cardholder’s provided address matches
the one on file.
PABP
Payment Application Best Practices – Guidelines
to assist software developers and vendors to
create secure payment applications.
QSA
Qualified Security Assessor – Any company
approved to provide certification of PCI DSS
compliance.
Today’s Roadmap
Software Merchant’s
used for supporting PCI DSS
transaction network and Compliance
processing environment
PCI Compliance Elements
What is a Gateway?
Merchant chooses gateway Acquirer
software to connect one (or
more) Acquirers
Authentication Options:
Dial-up (phone)
Gateway
Dedicated line (phone)
Cellular data (wireless)
Internet (agnostic)
Merchant
Payments
Any one of
these
Something you Something you
alone is
thought of
HAVE KNOW as “weak”
security.
Two (or
more) are
Something you considered
ARE to “strong”
security.
CVV2: the Good, the Bad, and the Ugly
Good
A CVV2 code is a way of trying to ensure
“something you know” in addition to “something
you have”.
Bad
You only have the “something you know” when
you have the “something you have”. So is it
really a second security element?
Ugly
Fraudulent web sites collect and save this data
anyway, sell it on the open market.
Biometrics? No thank you!
Biometrics
Using finger and palm prints, retina and voice
scanning, facial and gait recognition…
Problems:
Not all biometrics are unique (example: twins
have the same fingerprints)
If compromised your biometric is invalid forever –
and you can’t change it!
Today’s Roadmap
Advantages:
Augments usage of existing single-space
meters (and other metering devices)
No additional cost to the parking office to
implement this offering (PbC company
usually provides the signage and
advertising).
Works with multiple zones, rates and tariffs.
Disadvantages
Completely dependent on real-time wireless
handheld enforcement.
PayPal
Thank You!