Protect your customer data. Protect your brand. Protect your business.

“ From an attack pattern standpoint, the most simplistic narrative is as follows: compromise the POS device, install malware to collect magnetic stripe data in process, retrieve data, and cash in. All of these attacks share financial gain as a motive, and most can be conclusively attributed (and the rest most likely as well) to organized criminal groups operating out of Eastern Europe. Such groups are very efficient at what they do; they eat POSs like yours for breakfast...”

2014 Data Breach Investigations Report, Verizon

©2014 Elavon Inc. Elavon is a registered trademark in the United States and/or other countries. All rights reserved. This solution does not remove all financial or fraud risk. PCI compliance is required. Please consult the PCI DSS at www.pcisecuritystandards.com for full information.

With data breaches and other payment-related security concerns in the news on an all too frequent basis, a careful review of the best payment security solution for your business has never been more timely. Complex issues like payment data security often attract new entrants to an industry, so understanding the details of features, system configurations, their downstream implications, and even the financial capability of the vendor can be critical in any selection process.

Elavon draws upon years of commitment to protecting our customers from security incursions, and has invested steadily over the years to build and maintain effective solutions to combat evolving payment fraud challenges. We invite you to scrutinize every aspect of our solution, and are ready to help explain the nuances as you compare options.

Elavon’s mission is to be our customer’s trusted advisor for payment security. We are committed to enabling our customers’ growth while increasing payment security.

Elavon Can Help Protect Payment Data and Your Bottom Line

WAS THE SECURITY SOLUTION BUILT BY MICROS FOR MICROS CUSTOMERS?Does Micros provide first call support for the security delivery?

Is the solution a full security delivery including hardened encryption and tokenization?

IS THE SOLUTION EMV AND MOBILE READY?Can EMV and mobile payments be remotely enabled?

Are EMV certifications required?

Are POS/PMS updates necessary to support EMV? At what cost?

ARE TURNKEY HARDWARE/SOFTWARE SERVICES INCLUDED? Is the equipment able to support near-term technology innovations? Hardware that supports NFC, contactless, EMV and/or PCI PTS V3 can be the long-term cost-ef-fective choice.

EMV IS COMING IN 2015. PCI PTS V3 DEVICES ARE COMPLIANT UNTIL MAY, 2020Does the solution require installation of local services to enable peripheral devices?

HOW PORTABLE IS THE SOLUTION? If an investment in hardware is required (very relevant in light of prepping for EMV roll-out), what are the ramifications of switching providers in the future?

Will migrating tokenized card data require additional investment?

Will encryption enabled peripherals have to be replaced due to new encryption keys?

IS THE TOTAL COST OF PROCESSING CLEAR?Are authorization and settlement charged separately?

HOW IS PCI COMPLIANCE IMPACTED?Does the solution proposed route transaction data through a locally installed driver and through your POS/PMS environment?

Does the solution allow for reversing a token to a full card number? If so, de-tokenizing or reversing a token can increase PCI scope.

ARE YOU PREPARED?Does your team possess the skill set and resource capacity to manage software and keep up with security enhancements?

Are decryption services hosted in house or by third-parties?

Understanding the implications of encrypted data through your POS vs. POS bypass can make a significant difference to your bottom line. Factoring in EMV certification expenses at $2K-$3K per POS application, per end point, per card type can make a material difference when evaluating total cost of competing solutions.

Where is security managed – local software, gateway level, or hardware level?

Is automated key management part of the delivery? Will your staff need to be involved in managing device key rotation?

Key Points of DifferentiationWhen evaluating competing vendors, consider a few key points.

Security Solutions by Elavon SimplifyWe invite you to scrutinize every aspect of our solution, and are ready to help explain the nuances as you compare options.

SYSTEM DESIGN

POS/PMS bypass/isolation from all sensitive card data. No sensitive cardholder data, encrypted or not, ever enters the local POS/PMS.

Sub-second gateway transaction persistence time (1-2 second authorization responses to POS) supported by an enterprise-level switch to ensure maximum uptime and faster transactions.

End point flexibility (Credit, Debit, Gift, Amex) – change end-point(s) without replacing hardware.

Turn-key Hardware/Software deployment, support, and warranty services. One call support for the entire delivery provided by Micros

Micros Payment Gateway delivery enables enterprise-wide reporting.

SOFTWARE

No requirement for locally installed/managed peripheral device enablement software (subject to PA-DSS compliance) or customer/VAR terminal software development (Simply handles everything).

Remote device software upgrade capability for EMV, mobile, and new features/payment types.

TOKENIZATION No ability to obtain a full card number (“reverse a token”). PCI impact if payments can be systematically de-tokenized.

EMV EMV ready delivery with remote device upgrade, enable EMV without replacing hardware.

MOBILITY Contactless/NFC/Mobile Wallet enablement capability

ENCRYPTION

AES format-preserving encryption with included key management.

Point of swipe hardware encryption equipped to encrypt all payment types including mag-stripe, EMV, and NFC.

PHYSICAL SECURITY

PCI PTS V2 and V3 certified devices (compliant to May, 2020) inclusive of tamper resistant software module (TRSM) . Devices will lock down if altered in any way.

Full redundancy for all services supported by dual data centers hosted in separate physical locations with ability for each data center to support 100% of processing load if needed.

All payment switching and security services hosted in primary data centers, no outsourcing to third-parties. Faster authorization responses. No need to contact multiple parties for support.

All services covered by provider’s PCI level I compliance.

FINANCIAL SECURITY

Backed by the strength and stability of US Bank.