Reliant Payment Systems Management · Reliant Payment Systems Under Management • Reliant has...

Reliant Payment Systems Management

October 11th, 2018

• Reliant Payment Systems Management

• Merchant Requirements For P2PE Implementation

• Demo & Q/A

Agenda

Reliant Payment Systems Under Management

• Reliant has ~6,150 payment applications/instances under management to date

• 3,100 ACI eSocket.POS

• 2,500 Verifone AJB FiPay/RTS

• 750 Acceo/Tender Retail MCM

Reliant Payment Systems Dataflow

Payment Software

Tender Request:Sale Amount

Setup Transaction

Authorizationrequest w/ payment card data

Authorization& Settlement

Processor(s)

Store Corporate Data Center/Co-Lo Site

Sales DataPricing

InventoryPLU’s, etc.

Central Payment Authorization Engine

Corporate Servers

No Card Holder Data (out of PCI Scope)

Card Holder Data (in PCI Scope or P2PE)

Authorizationresults w/ truncated card data

https://www.google.com/imgres?imgurl&imgrefurl=http://www.sonoma.com.au/news/pay-with-paypal-at-sonoma-cafes/&h=0&w=0&sz=1&tbnid=ejl0EgMrQSBNIM&tbnh=161&tbnw=313&zoom=1&docid=UbazyMIPOEYZNM&ei=IdPKUrGwLKaksQT-w4CADw&ved=0CAIQsCUoAA

Payment Software

Tender Request:Sale Amount

Setup Transaction

Authorizationrequest w/ payment card data

Authorizationresults w/ truncated card data

Host Capture Based Authorization& Settlement Processor(s)

No Card Holder Data (out of PCI Scope)

Card Holder Data (in PCI Scope or P2PE)

Sales DataPricing

InventoryPLU’s, etc.

Corporate Servers

Reliant Payment Systems DataflowStore Corporate Data Center/Co-Lo Site

https://www.google.com/imgres?imgurl&imgrefurl=http://www.sonoma.com.au/news/pay-with-paypal-at-sonoma-cafes/&h=0&w=0&sz=1&tbnid=ejl0EgMrQSBNIM&tbnh=161&tbnw=313&zoom=1&docid=UbazyMIPOEYZNM&ei=IdPKUrGwLKaksQT-w4CADw&ved=0CAIQsCUoAA

Retail Systems & Configuration Management

http://www.google.com/url?sa=i&rct=j&q=ibm+point+of+sale&source=images&cd=&cad=rja&docid=lW6NlnKF2WayGM&tbnid=qE5__AAW9MgibM:&ved=0CAUQjRw&url=http://gsv-service.com/manufacturers/view/42/IBM-Point-of-Sale&ei=RYgmUfzRCO-00QHdv4HoDQ&bvm=bv.42661473,d.dmQ&psig=AFQjCNG5PqL87h65BJhAwE_uOIV4UTLyLA&ust=1361566101766611

http://www.google.com/url?sa=i&rct=j&q=ncr+point+of+sale&source=images&cd=&cad=rja&docid=o3-Ag878vHlQeM&tbnid=pgGWCbW6mWQd1M:&ved=0CAUQjRw&url=http://www.barcodesinc.com/ncr/realpos-25.htm&ei=EYkmUeq2LYPT0wHp7oDAAg&bvm=bv.42661473,d.dmQ&psig=AFQjCNFu_FOr30LY-h30d3ZsVawoCsYBbQ&ust=1361566306224029

http://www.google.com/url?sa=i&rct=j&q=cisco+switch&source=images&cd=&cad=rja&docid=d70ft9b48TFOwM&tbnid=bnR9O8fA5Hox9M:&ved=0CAUQjRw&url=http://importgm.en.alibaba.com/product/557409187-213843087/Brand_New_Cisco_Switch_WS_C2960S_48FPS_L.html&ei=uOcmUf0dkLfSAYKcgegD&bvm=bv.42768644,d.dmQ&psig=AFQjCNEfBLKScgITTozM0R_TZfJKiNao8w&ust=1361590572441102

http://www.google.com/url?sa=i&rct=j&q=guest+wifi&source=images&cd=&cad=rja&docid=w9jB1AdKjBOIVM&tbnid=nvTrZgrBsTTPZM:&ved=0CAUQjRw&url=http://www.shyc.co.uk/membership/&ei=p_AmUeHNL6e50QHohIGoBg&psig=AFQjCNHne6pzr997K-47PbjCNvQW3_eoCw&ust=1361592843301471

http://www.google.com/url?sa=i&rct=j&q=4g+backup+modem&source=images&cd=&cad=rja&docid=dW5tlBPsoNiqzM&tbnid=9TGDm8e1hjg2JM:&ved=0CAUQjRw&url=http://www.slashgear.com/netgear-mbrn3000-and-dgn2200m-wifi-n-routers-get-3g4g-wwan-backup-0668141/&ei=J-kmUeGAJfDU0gGbt4E4&bvm=bv.42768644,d.dmQ&psig=AFQjCNG8AeK5HjSjApw8ZYg2_NxiEdmGGA&ust=1361590940034232

http://www.google.com/url?sa=i&rct=j&q=wireless+acces+points&source=images&cd=&cad=rja&docid=Ssb5goxKrH2ScM&tbnid=V1Ei8c5uRwj9xM:&ved=0CAUQjRw&url=http://www.cdw.com/shop/products/EnGenius-EAP350-wireless-access-point/2571628.aspx&ei=kfEmUbq1Eqj00QHdq4HgCQ&bvm=bv.42768644,d.dmQ&psig=AFQjCNGyPxJ2Yv0OzGHHnv2KjJKRhfeo-g&ust=1361593078467375

http://www.google.com/url?sa=i&rct=j&q=verifone+mx915&source=images&cd=&cad=rja&docid=-6zT9ghFRDhlJM&tbnid=KSaRWQUD5sJavM:&ved=0CAUQjRw&url=http://verifonezone.com/verifone/zone/isoChannelView.do?channelId=-27587&ei=bJ0mUamDDNKG0QGNsIGADw&bvm=bv.42661473,d.dmQ&psig=AFQjCNF-Q1sC0sctgah8Ydw5e_DlX7jhOg&ust=1361571534502484

http://www.google.com/url?sa=i&rct=j&q=ingenico&source=images&cd=&cad=rja&docid=IRt-DHj5wyzlwM&tbnid=MhvQmzuDI5n7mM:&ved=0CAUQjRw&url=http://www.imerchantech.com/product_info.php?products_id=38&ei=AJ4mUcK5McW40QH56IAg&bvm=bv.42661473,d.dmQ&psig=AFQjCNGnGS2XEPdGuImhHvhlpo9PTesk3Q&ust=1361571708512209

The “Payment” Toolset Challenge

Payment Application & Systems Management

Flexible & Open Payment Services Capability• All store level & endpoint management attributes, including lanes,

hostnames, configuration management within application are managed. Includes AJB FiPay EPS package delivery (APARS), BIN management, CM & releases. Ability to segregate micro settings dynamically for lab/QA/prod pilot groups

• New site creation including all acquirer attributes – MID/TID variable site level data. Single UI entry point. Real time or scheduled synchronization of RTS & FiPay EPS updates

• Comprehensive agnostic device management – firmware, OS, XPI/FormAgent packages – granular & completely flexible grouping capabilities

• Application packaging, deployment, and upgrades

• Java JRE configuration management, deployment, and upgrades

• Oracle JDK versus OpenJDK, JDK versus JRE

• >50 configuration options and potential settings

• Ansi SQL database: mysql, hsqldb, derby

• Multiple configuration options and setting

Flexible & Open Payment Services Capability

Flexible & Open Payment Services Capability

• Management of installation workflow and dependencies

• Management of network configuration settings

• Setup of initial configuration values and required database settings

• Managed upgrades and roll-back

Defense In DepthConfiguration Control

Vulnerability Scans

Penetration Tests

Incident Response

Warning Banners

Cryptography

Physical Security

Change Management

Antivirus Software

Strong Authentication

Risk Management

Training

Firewalls

Segmentation

Backups

Auditing

File Integrity Monitoring

Log Review

Intrusion Detection Systems

Risk Assessment

• Hardware Tampering

• Service Providers

• Phishing

• Keyloggers

• Credentials

• Memory Scraping Malware

• Ransomware

• Data Exfiltration

• Disruption & Chaos

Introduction Point To Point Encryption (“P2PE”)

PCI DSS 3.2 & Estate Management Requirements

Merchant P2PE Reporting Requirements

Inventory report for payment devices (POI) needs to contain at least the following:

• Manufacturer, model & PCI PTS reference of device

• Location (site/facility)

• Serial number

• General description (e.g. "mobile payment device”)

• Date of last physical inspection

• Firmware version

• Hardware version/Part number (P/N)

• Current Device Status

• Hardware Manufacturer & 3rd Party Service Provider Agnostic

• Payment Application Independent

• Easy To Use File Importer Plus Open API Capability

• Fully scalability with integration options for other endpoints

OverviewManages the device locationStores the device serial numberOrganizes the devices on the estate Remove devices from the estateTrack the history of the deviceConfiguration change historyTrack devices that have been submitted for repairSupport the depot(ing) of devices that are in

the estate but not provisioned to a location.

Managing The Entire “Payment” Estate

Reliant Payment Systems Management Demo

Reliant Payment Systems Management · Reliant Payment Systems Under Management • Reliant has...

Documents

Transcript of Reliant Payment Systems Management · Reliant Payment Systems Under Management • Reliant has...