You are here
SAN JOSE, Calif. -- VeriFone Systems Inc. introduced a new layer of PIN entry device (PED) security designed to thwart criminal installation of compromised devices at retail locations -- the VeriFone PED Authentication Service (VPAS). It adds an exclusive layer of on-site security to monitor devices in use to ensure they are legitimate, the company reported.
While today's PCI-approved PED devices are significantly enhanced to resist attacks, increasingly sophisticated attacks focus on stealing legitimate devices and replacing them on-site with seemingly identical but compromised systems equipped with electronic "bugs" or "skimmers" to capture data, the vendor stated.
"No merchants are immune from these increasingly sophisticated criminal assaults that exploit the lengthy upgrade cycle from older, less secure devices," said Paul Rasori, VeriFone senior vice president of marketing. "Adherence to ever-changing security standards is the first line of defense, but VPAS augments that strategy with real-time compromise detection as a last line of defense."
The VPAS service will initially be available with VeriFone's VX Series, MX Series, SC 5000 and Omni 3700 series devices. These systems already feature a unique secret inserted at the time of manufacture -- a Unique Manufacturers Authentication Key (UMAK) -- that can bind each device to a physical location at the point-of-sale. Devices transmit their UMAKs at frequent intervals so that VPAS is able to detect installation of rogue devices.
VeriFone is the only payment solutions provider to offer this unique layer of security, according to the company. Customer engagement services are available immediately.
VeriFone Unveils VX Evolution
VeriFone Selects Chase Paymentech as Provider for PAYware Mobile