Verifone Investigating Data Breach

Reported by Krebs on Security, Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.

“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”

Read the full article here https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Distributor EMV Credit Card Terminals – Profit busters, profit boosters

Distributors have special needs for retail credit card processing to maximize profits and mitigate risk. Here we identify credit card terminals that are certain fall short on delivering in an EMV environment. The two most critical retail needs are requiring customers to comply with the highest security supported, and supporting level III processing. Additionally, P2PE, encrypting at the terminal head, is important for a security and compliance.

Only cloud payment solutions have the potential to meet the primary distributor retail processing needs.  This precludes all First Data terminals, one of the most popular brands distributed, and similar devices. DISCLAIMER: comments are specifically regarding business to business needs, not all retail industry needs, and are not in any way intended to imply anything negative about the terminals.

The terminals below DO NOT meet the two most critical distributor needs to maximize profits.

verifone vx520 emv terminal

Verifone vx520

Clover Mini by First Data

Clover Mini by First Data

First Data FD35 EMV pin pad terminal

First Data FD35 EMV PinPad, attaches to a variety of FD terminals.

Ingenico iCT250 emv capable countertop terminal.

Ingenico iCT250 emv capable countertop terminal.

magtek mini card swiper

Magtek mini card swiper.

The terminals below have the POTENTIAL meet the two most critical distributor needs to maximize profits. Special certifications and payment gateway logic is required.

ingenico isc250 signature capture terminal

Ingenico isc250 EMV

 

verifone MX915 EMV terminal

Verifone MX915 EMV chip terminal

Fraud liability review for MasterCard, American Express, and Discover (credit and debit)

  • If the card is chip & sign, and the terminal is EMV only, the card issuer is liable
  • If the card is chip & pin, and the terminal is EMV without pin, or pin debit without EMV, the merchant is liable
  • If the card is chip & pin, and the terminal is EMV with pin, the issuer is liable
  • If the terminal supports EMV & pin, but the customer uses chip & sign, the merchant is liable. Acquirers generally support chip and pin bypass to chip and signature. Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.
  • If the terminal supports EMV & pin, but the customer does chip & sign, the merchant is liable.

Merchants should only use solutions that require the highest security on every transaction, including prohibiting customer bypass.

If you want to enhance your customer experience, make a change that also maximizes profits too.

Christine Speedy, CenPOS global sales and integrated solutions reseller, 954-942-0483. CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS? secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting merchant banking relationships. Keep your processor, upgrade your technology! Quick and easy to implement with no long term contract.

CAPK expired error messages on VeriFone EMV terminals

Getting a VeriFone EMV Vx520, FD55, Vx510, Vx570 CAPK expired error message? Visa has extended the EMV key’s expiration date from 12/31/2015 to 2022, and the terminal must be updated. Chip cards contain the issuers private keys which need to be verified by the card issuer’s public keys during online authorization requests.  The keys come from the Certification Authority Public Keys (CAPK), and they expire periodically. Your card reader will reject transactions (decline) when an incorrect or expired CAPK is used.

VX520 emv NFC verifone terminal

OPTION 1: UPDATE CAPK FILE ONLY via partial download

For the Vx520, Vx510, Vx570, start from the main screen (Sale/Refund/Void):

  • Press the ENTER button
  • Press F2 for setup
  • Enter the password *
  • Press ENTER
  • Press YELLOW Cancel button
  • Press far left PURPLE button (scrolls you through the menu)
  • F3 button should be “EMV Key Update” PRESS F3 (if you don’t see EMV Key Update, continue to scroll to find it)
  • The terminal will connect for the update and reboot to the main screen.

For the FD55, start from the main screen (Sale/Refund/Void):

  • Press the ENTER button
  • Press 1 for setup
  • Enter the password *
  • Press the ALPHA button 5 times
  • Press 3 for EMV Key Update
  • Press 1 to confirm update
  • The terminal will dial out, get the update and reboot to the main screen.

OPTION 1: FULL DOWNLOAD. In some instances the CAPK instructions listed above may cause the terminal to freeze or go into a constant reboot. If this should happen, please perform a full download of your terminal’s application and update the CAPK files immediately thereafter (standard step as part of the download process).

If you haven’t already downloaded the EMV file, then you do not need to download the CAPK update, as the file is included as part of the standard download process. For additional information about downloads, click here for the Verifone VX520 Reference Guide. (PDF download from Verifone web site)

If you still have problems or cannot perform the download, contact your acquirer.

*If you cannot resolve your issue with the information herein, contact your merchant services relationship manager or the help desk phone number on your merchant statement for support. We cannot help you fix your terminal via chat or any other method and that seems to bother some web site visitors.

  1. You’re paying another company to provide you service, not us. If you don’t like your existing credit card processor service from your acquirer and want to explore ours instead, we’d love to hear from you.
  2. We have no relationship with your business and merchant account- it’s not possible to provide you technical support.

ALERT SEPTEMBER 2019- Payment Card Industry (PCI) PIN Transaction Security (PTS) v3, used by the VX520 and many other terminals, expires April 30, 2020. Your terminal may need replacing.

Want to learn about replacement terminals or new merchant account options? Contact us for a consultation to determine the best solution, get a competitive price, and learn about alternative processing options if interested.Call Christine Speedy, 954-942-0483, 9-5 ET or click here.

EMV chip card transaction video – Verifone MX915 with CenPOS Virtual Terminal

Merchants will improve their customer experience accepting chip cards by training all users and cashiers. The transaction process is different for EMV than standard swipe transaction, in order to support the different flow for processing chip cards.

In 60 seconds, CenPOS users can view the new screen prompts for the cashier and the consumer to process a chip and signature and a chip and pin transaction.

TIP:  Having an EMV capable terminal does not mean a merchant is ready to accept chip cards. In the CenPOS environment, if a merchant installed a future proof, EMV capable terminal to get ready for EMV, the next step is to convert to EMV enabled. This always requires turning on EMV at the merchant account level, in addition to other steps. CenPOS has completed certifications for multiple terminals and acquirers to enable merchants to become EMV Compliant today. Contact your relationship manager for assistance.

If you’re not a current CenPOS customer, contact Christine Speedy for sales and integrations at 954-942-0483. Don’t just get ready, get EMV Compliant.

Vantiv US EMV certified terminal solutions

Which US EMV certified terminals can be used with Vantiv today? Merchants have two choices, countertop terminal or multilane terminal. The latter is available only with CenPOS, a merchant centric end to end payment engine. On October 1, 2015, retail merchants that don’t support chip cards will be liable for counterfeit credit card fraud.

Vantiv announced a partnership with Ingenico in 2013, to distribute Ingenico EMV ready terminals. While Vantiv did not specifically state which terminals would be certified, the official PR from Ingenico includes, “The portfolio of Ingenico EMV certified devices includes iCT220 & iCT250 countertop terminals, and iWL220 wireless terminal.”

ict250 ingenico emv terminal

iCT250 ingenico emv terminal

To enable EMV at the merchant level, the following steps are needed:

  • Acquirer completes requirements to process EMV
  • Hardware (each terminal) certified to accept EMV
  • Hardware certified to acquirer
  • Gateway certifies hardware to acquirer (if applicable; required for all multi-lane terminals and integrated solutions)
  • Merchant account enabled for EMV

In May 2015, Vantiv announced, “Ingenico Group Adds Vantiv’s EMV-certified Application to Smart Terminals for Small- and Medium-sized Businesses“. Because every terminal is to individually certified, it’s unclear which terminals have been certified to date since they’re not specified, but the iCT250 is definitely on the list.

With CenPOS, Vantiv merchants can also use the Verifone MX 915, a multilane, signature capture terminal, and enable EMV immediately. To process transactions, merchants use a virtual terminal with a web browser and high speed internet, or optional integrated solution. Additional multi-lane terminal options will be available in the future, including the Ingenico ISC250.

verifone MX915 EMV terminal

Verifone MX915 multilane signature capture terminal

CenPOS is a merchant-centric, end-to-end payments engine that drives enterprise-class solutions for businesses, saving them time and money, while improving their customer engagement. CenPOS’ secure, cloud-based solution optimizes acceptance for all payment types across multiple channels without disrupting the merchant’s banking relationships. CenPOS is available globally. For additional information, contact Christine Speedy, 954-942-0483.