Reliant Payment Systems Management · Reliant Payment Systems Under Management • Reliant has...
Transcript of Reliant Payment Systems Management · Reliant Payment Systems Under Management • Reliant has...
• Reliant Payment Systems Management
• Merchant Requirements For P2PE Implementation
• Demo & Q/A
Agenda
Reliant Payment Systems Under Management
• Reliant has ~6,150 payment applications/instances under management to date
• 3,100 ACI eSocket.POS
• 2,500 Verifone AJB FiPay/RTS
• 750 Acceo/Tender Retail MCM
Reliant Payment Systems Dataflow
Payment Software
Tender Request:Sale Amount
Setup Transaction
Authorizationrequest w/ payment card data
Authorization& Settlement
Processor(s)
Store Corporate Data Center/Co-Lo Site
Sales DataPricing
InventoryPLU’s, etc.
Central Payment Authorization Engine
Corporate Servers
No Card Holder Data (out of PCI Scope)
Card Holder Data (in PCI Scope or P2PE)
Authorizationresults w/ truncated card data
Payment Software
Tender Request:Sale Amount
Setup Transaction
Authorizationrequest w/ payment card data
Authorizationresults w/ truncated card data
Host Capture Based Authorization& Settlement Processor(s)
No Card Holder Data (out of PCI Scope)
Card Holder Data (in PCI Scope or P2PE)
Sales DataPricing
InventoryPLU’s, etc.
Corporate Servers
Reliant Payment Systems DataflowStore Corporate Data Center/Co-Lo Site
Retail Systems & Configuration Management
Flexible & Open Payment Services Capability• All store level & endpoint management attributes, including lanes,
hostnames, configuration management within application are managed. Includes AJB FiPay EPS package delivery (APARS), BIN management, CM & releases. Ability to segregate micro settings dynamically for lab/QA/prod pilot groups
• New site creation including all acquirer attributes – MID/TID variable site level data. Single UI entry point. Real time or scheduled synchronization of RTS & FiPay EPS updates
• Comprehensive agnostic device management – firmware, OS, XPI/FormAgent packages – granular & completely flexible grouping capabilities
• Application packaging, deployment, and upgrades
• Java JRE configuration management, deployment, and upgrades
• Oracle JDK versus OpenJDK, JDK versus JRE
• >50 configuration options and potential settings
• Ansi SQL database: mysql, hsqldb, derby
• Multiple configuration options and setting
Flexible & Open Payment Services Capability
Flexible & Open Payment Services Capability
• Management of installation workflow and dependencies
• Management of network configuration settings
• Setup of initial configuration values and required database settings
• Managed upgrades and roll-back
Defense In DepthConfiguration Control
Vulnerability Scans
Penetration Tests
Incident Response
Warning Banners
Cryptography
Physical Security
Change Management
Antivirus Software
Strong Authentication
Risk Management
Training
Firewalls
Segmentation
Backups
Auditing
File Integrity Monitoring
Log Review
Intrusion Detection Systems
Risk Assessment
• Hardware Tampering
• Service Providers
• Phishing
• Keyloggers
• Credentials
• Memory Scraping Malware
• Ransomware
• Data Exfiltration
• Disruption & Chaos
Merchant P2PE Reporting Requirements
Inventory report for payment devices (POI) needs to contain at least the following:
• Manufacturer, model & PCI PTS reference of device
• Location (site/facility)
• Serial number
• General description (e.g. "mobile payment device”)
• Date of last physical inspection
• Firmware version
• Hardware version/Part number (P/N)
• Current Device Status
• Hardware Manufacturer & 3rd Party Service Provider Agnostic
• Payment Application Independent
• Easy To Use File Importer Plus Open API Capability
• Fully scalability with integration options for other endpoints
OverviewManages the device locationStores the device serial numberOrganizes the devices on the estate Remove devices from the estateTrack the history of the deviceConfiguration change historyTrack devices that have been submitted for repairSupport the depot(ing) of devices that are in
the estate but not provisioned to a location.
Managing The Entire “Payment” Estate