Verifone PCI 3 End of Life Terminals

Did you know terminals have their own Payment Card Industry or PCI certification? The standards are part of the overall merchant requirements to maintain the security of cardholder data. Those rules change over time and a bunch of Verifone equipment is expiring, including the popular Vx520 countertop terminal and Vx820 pinpad.

Last August, Verifone issued end of life notification on their PCI 3 range of payment devices in compliance with the PCI Security Standards Council PCI 3 expiration date of April 30, 2020. Often merchants will get notifications like this from their acquirer on their merchant statement.

Which Verifone terminals are impacted?

  • Vx520
  • Vx805 – M280-703-0X-XXX-X
  • Vx820 pin pad
  • Vx675, Vx680, Vx685, Optimum M5
  • Mx915 (PN 132-XX…), Mx925 (PN 132-XX…)
  • H5000
  • This list may not include all devices. Merchants should check with their providers especially if using a non-EMV device or if you were an early EMV chip adopter.

What does End of Life mean?

  • Final date for new terminal sales (fall 2019)
  • End of Development- Improvements or changes have stopped
  • End of Support Date- Verifone will not issue software updates after April 2020, except that, until April 2023 they will continue to provide error corrections for Severity 1 (Critical) software errors, including security vulnerabilities.
  • End of Service Date- April 2023. Verifone will honor any extended support contracts to their term. Subject to component availability and other factors, Verifone will also continue to provide repair.

Are merchants PCI Compliant if they continue to use PCI 3 terminals after April 2020? I’d be concerned about liability and the ability to prove PCI compliance, especially in the event of a data breach. Verifone will not issue software updates or provide development support after April 2020. If security vulnerabilities or exploits are identified by the processors after April 2020, and you’re using the terminals, who’s to say when or even if a solution could be found to fix it?

How disruptive would it be for your business to have to shut down using them and get another solution? There are always people who procrastinate making changes. And when something goes wrong, phone calls to processors explode, so change is usually not as swift as you’d like.

Note, only employees and PCI QIR certified individuals can install or touch your credit card terminals. Terminals are one of the most important factors determining rates you pay and chargeback risk. Why? Call now to learn more.

TIP for Christine Speedy Verifone Mx915 customers: If you have a part number that starts with this “PN 132”, replace the terminal. If you were an early adopter and had your terminals deployed prior to the EMV chip liability shift in October 2015, there’s no need to check part numbers; They need to be replaced. Please contact me directly to consult on replacement options.

Call Christine Speedy , PCI QIR certified, for new PCI 5 terminals, technology review and or merchant account review to maximize profits and improve your customer experience. 954-942-0483, 9-5 ET

Verifone VX terminal reboot: urgent update

All Verifone VX terminals must be updated by June 25, 2019 or merchants risk problems where the terminal is stuck in a reboot and cannot accept credit cards. Verifone posted an advisory on their support web site June 3. Hopefully owners will be notified by their acquirers before they have hard failure. The VX series is very popular so it could be problematic if many thousands of VX terminal owners try and download the update at the same time.

Action is required for all customers using VX (all VX) or e-Series Devices (limited to e315, e315m and e355) on any version of CommServer prior to 544 or 5441 who have not downloaded the recovery utility. This action is for both customers who have successfully recovered their devices from a reboot loop, those who may be in a reboot loop, and those that did not experience issues at all on or around May 25, 2019. Read the entire alert on the Verifone support web page here.

The advisory impacts all Verifone VX terminals, so per my search, that would include the VX 520, VX 680, VX 805, and VX 670. Are you in need of a new or replacement terminal?

The Christine Speedy difference. Find out what terminal is best for your credit card processing situation. Call someone who knows the rules and can help you optimize for the lowest interchange rate qualification. Terminal choice matters! B2B expert. 954-942-0483, 9-5 ET.

CenPOS Announces its Relationship Renewal with Verifone and the MX Line

CenPOS renews their relationship with Verifone and MX link by purchasing 5,000 Verifone MX 915 devices.

Integrated payment services and gateway provider, CenPOS, purchased 5,000 Verifone MX 915 devices and is deploying point-to-point encryption and advanced data security to auto dealers of all sizes, higher-education, law firms, insurance, manufacturing and distribution.

CenPOS SECURE is a suite of solutions designed to remove sensitive cardholder data from software applications like the merchant’s primary ERP, POS, PMS, DMS, etc. The suite consists of point-to-point encryption, tokenization and encrypted virtual PIN Pads that protect software systems by securing data in-flight and at rest.

When using CenPOS SECURE, merchants can reduce the time requirement and scope of their PCI DSS assessments. The Verifone MX line of products encrypts data at the point of interaction and facilitates a robust shopping experience for the consumer that includes secure PIN entry and signature capture.

“Merchants have enjoyed the CenPOS omni-channel shopping experience and the security that comes from it for the last 8 years. Verifone’s platform was the right choice for CenPOS. Their team of professionals have worked well with CenPOS to incorporate the next level of data security into the solution,” said Christopher Justice, CEO of CenPOS. “We’re pleased with the collaboration and diligence of the technology teams to launch these advancements.”

The Verifone MX line of products provides solid capabilities at the point-of-sale. Its design and attractive styling deliver a comfortable checkout experience while the state-of-the art technology provides added security.

“As a global payments and commerce solutions provider, Verifone’s goal is to create a world-class platform capable of supporting the ingenuity that’s constantly shaping the future of commerce. In a shared effort with CenPOS, we work to bring the highest level of security to transactions,” said Joe Mach, President, Verifone North America.

CenPOS Secure protects card present, eCommerce, mobile, mail order/phone order, and portable device transactions at the point of interaction with multiple layers of security. Integrated into the merchant’s software applications, no sensitive data is ever processed nor stored by those applications eliminating them from the scope of PCI DSS.

To better understand how CenPOS SECURE can help your business, call 877-630-7960 Or visit our website.

About CenPOS:
CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships.
| CenPOS | @CenPOS

About Verifone:
Verifone is transforming everyday transactions into opportunities for connected commerce. We’re connecting payment devices to the cloud—merging the online and in-store shopping experience and creating the next generation of digital engagement between merchants and consumers. We are built on a 35-year history of uncompromised security with approximately 30 million devices and terminals deployed worldwide. Our people are trusted experts that work with our clients and partners, helping to solve their most complex payments challenges. We have clients and partners in more than 150 countries, including the world’s best-known retail brands, financial institutions and payment providers.
Verifone.com | @verifone

###

Blog author Christine Speedy, CenPOS global sales and integrated solutions, can be reached at 954-942-0483.

US EMV Verifone MX 915 for BB&T TSYS

Yes, we provide US EMV with chip and pin for BB&T customers wanting to use Verifone MX 915 terminals. BB&T merchants are on the First Data platform. One unique benefit of our solution on First Data is we can process retail, MOTO (mail order/telephone order), and ecommerce, including electronic bill presentment and payment (EBPP), all in a single merchant account, with proper representment to mitigate chargeback risk and maximize profits.

The transaction process is different for EMV than magnetic swipe transaction, in order to support the different flow for processing chip cards.

To use CenPOS as shown in the video, merchants need high speed internet, web browser, Verifone MX 915, and CenPOS account. No other software is needed. CenPOS can be used standalone or integrated. Integrated solutions include Infor, SAP, Dynamics AX, Quickbooks etc. In all cases, CenPOS segregates payments from the application to reduce PCI Compliance scope and improve security.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps.

If you do not own a Verifone terminal, do not purchase one on your own via EBAY or some other source. For PCI Compliance, and overall security, the purchasing and installation process must be tightly controlled.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Verifone Investigating Data Breach

Reported by Krebs on Security, Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Read the full article here https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/