touchpoints and security

55
Customer Touch Points & Security Concerns By BSE Institute Mumbai By Mohan Datar 9 th May 2013

Upload: mohan-datar

Post on 14-Jul-2015

108 views

Category:

Technology


0 download

TRANSCRIPT

Customer Touch Points&

Security Concerns

By

Mohan Datar9th May 2013

BSE Institute

Mumbai

By

Mohan Datar9th May 2013

Agenda

• About Customer Touch Points

• What are Basic Security Concerns or Risks

• Security Concerns at Different Touch Points

• What are Basic Risk Mitigation Measures

• Risk Mitigation at Different Touch Points

• Some Regulatory Measures

• Q & A

• About Customer Touch Points

• What are Basic Security Concerns or Risks

• Security Concerns at Different Touch Points

• What are Basic Risk Mitigation Measures

• Risk Mitigation at Different Touch Points

• Some Regulatory Measures

• Q & A

What are customer Touch Points?

• A Point Where– customer Touches a Bank Or Bank Touches a Customer

For

– Service Access or Service Delivery

• Examples of Services– Exchange of Information

– Transactional

– Relationship Development / management

• A Point Where– customer Touches a Bank Or Bank Touches a Customer

For

– Service Access or Service Delivery

• Examples of Services– Exchange of Information

– Transactional

– Relationship Development / management

3

What are customer Touch Points?

• Examples of Physical Touchpoints

4

What are customer Touch Points?

• Examples of Other Touchpoints

– Relationship Manager

– Call Center

– Cheques, Receipts, Account Statements

– Events

– Offerings

– E-mails

– Other correspondence

• Examples of Other Touchpoints

– Relationship Manager

– Call Center

– Cheques, Receipts, Account Statements

– Events

– Offerings

– E-mails

– Other correspondence

5

Why So Many customer Touch Points?

• Technology Driven Causes

– Rapid Innovation

– Rapid Penetration in to all segments of Society

– Rapid Adoption by Variety of Businesses and Government

• Business Driven Causes– Drastic Reduction in Cost of Services

– Competitive Pressures

– Real Danger of Elimination

• Technology Driven Causes

– Rapid Innovation

– Rapid Penetration in to all segments of Society

– Rapid Adoption by Variety of Businesses and Government

• Business Driven Causes– Drastic Reduction in Cost of Services

– Competitive Pressures

– Real Danger of Elimination

6

What are Basic Security concerns ofBanks and Customers?

• THEFT

AND

• DESTRUCTION

• THEFT

AND

• DESTRUCTION

7

What are Basic Security concerns ofBanks and Customers?

• THEFT– DATA

– RESOURCES / ASSETS

• DESTRUCTION– DATA

– RESOURCES / ASSETS

– REPUTATION

• THEFT– DATA

– RESOURCES / ASSETS

• DESTRUCTION– DATA

– RESOURCES / ASSETS

– REPUTATION

8

Some Recent Examples

9

Some Recent Examples

Date Sr no. Security Breach Example28-02-2013 1 14 GB of Bank of America Data hacked.

It contained sensitive information about hundredsof thousands of its employees, globally.

2 Botnets are being legally sold on Internet for aslow as $25 for 1000 hosts

10

2 Botnets are being legally sold on Internet for aslow as $25 for 1000 hosts

06-03-2013 3 Websites of Czech Central Bank and StockExchange crippled by brute force DDOS attack

4 NY police announce that cyber crime is the fastestgrowing crime in NY (more than 50%)Largest no. of crimes consist of

- Rigging of ATMs- Card Skimming

Some Recent Examples

Date Sr no. Security Breach Example06-03-2013 5 According to HP, mobile phones vulnerabilities

rose significantly (68%) from 2011 to 2012

6 Following are highly vulnerable:- Mobile phone payments- Tap and Pay ‘Near Field communication’ (NFC)- Digital Wallets( Source: Samsung, Blackberry, Mcafee)

11

Following are highly vulnerable:- Mobile phone payments- Tap and Pay ‘Near Field communication’ (NFC)- Digital Wallets( Source: Samsung, Blackberry, Mcafee)

08-03-2013 7 Mr Rajesh Aggarwal, IT secretary, Government ofMaharashtra ordered PNB to pay Rs45 Lakhs toMr Manmohansingh Matharu, MD, Poona AutoAncillaries as he lost Rs80L by responding to aphishing email

Some Recent Examples

Date Sr no. Security Breach Example11-03-2013 8 Reserve Bank of Australia’s networks were hacked

repeatedly.It was found to be infiltrated by Chinese malware.

9 Two tech savvy brothers from Mumbai, Mr FazrurRehman(26) and shahrukh(23); both collegedropouts; arrested for Rs 1 cr e-fraud by MulundPolice.They managed to transfer Rs 1cr from the currenta/c of a cosmetics co. to 12 different bank a/cswithin 45 minutes, using just a smartphone..

12

Two tech savvy brothers from Mumbai, Mr FazrurRehman(26) and shahrukh(23); both collegedropouts; arrested for Rs 1 cr e-fraud by MulundPolice.They managed to transfer Rs 1cr from the currenta/c of a cosmetics co. to 12 different bank a/cswithin 45 minutes, using just a smartphone..

Some Recent Examples

Date Sr no. Security Breach Example27-03-2013 10 A new Malware called ‘Dump Grabber’ scans the

memory of POS and ATMs, captures track1 andtrack 2 data and sends to a remote server.The Malware can be installed remotelyIt has affected all major US banks such as Chase,Capitol one, Citibank, Union Bank of California etc.

13

A new Malware called ‘Dump Grabber’ scans thememory of POS and ATMs, captures track1 andtrack 2 data and sends to a remote server.The Malware can be installed remotelyIt has affected all major US banks such as Chase,Capitol one, Citibank, Union Bank of California etc.

28-03-2013 11 Cyber attacks meant for ‘Destruction’ rather than‘Disruption’American Express customers could not accesstheir accounts today for 2 hrs.Last week it happened to J P Morgan Chase.32,000 computers of South Korea banks wereincapacitated last week.

Some Recent Examples

Date Sr no. Security Breach Example25-04-2013 12 A new virus has been found to be spreading widely

in Indian cyberspace. It cleverly steals, bankaccount details, and passwords.This advisory was issued by CERT-IN today.(Computer Emergency Response Team – India)

14

My PC Report on 8th May, 2013

What are Basic Security concerns ofBanks and Customers?

• THEFT

– DATA• Credentials• Account Details• Account Balances• Non Account Balances• Other Data from Customer PCs / Mobiles &• Entire Databases

• THEFT

– DATA• Credentials• Account Details• Account Balances• Non Account Balances• Other Data from Customer PCs / Mobiles &• Entire Databases

16

What are Basic Security concerns ofBanks and Customers?

• THEFT– RESOURCES / ASSETS

• Customer Cash• Bank Cash• Instruments• Cards• POS Terminals• ATMs• Documents• Contents of SD Lockers• Network Components• IT Infrastructure &• Other Assets

• THEFT– RESOURCES / ASSETS

• Customer Cash• Bank Cash• Instruments• Cards• POS Terminals• ATMs• Documents• Contents of SD Lockers• Network Components• IT Infrastructure &• Other Assets

17

What are Basic Security concerns ofBanks and Customers?

• DESTRUCTION– DATA

• Web sites and Portals• Account Details• Account Balances• Non Account Balances• Other Data from Customer PCs / Mobiles &• Entire Databases

• DESTRUCTION– DATA

• Web sites and Portals• Account Details• Account Balances• Non Account Balances• Other Data from Customer PCs / Mobiles &• Entire Databases

18

What are Basic Security concerns ofBanks and Customers?

• DESTRUCTION– RESOURCES / ASSETS

• Customer Cash• Bank Cash• Blank Instruments• Blank Cards• POS Terminals• ATMs• Documents• Contents of SD Lockers• Network Components• IT Infrastructure &• Other Assets

• DESTRUCTION– RESOURCES / ASSETS

• Customer Cash• Bank Cash• Blank Instruments• Blank Cards• POS Terminals• ATMs• Documents• Contents of SD Lockers• Network Components• IT Infrastructure &• Other Assets

19

What are Basic Security concerns ofBanks and Customers?

• DESTRUCTION– REPUTATION

• Reliability• Availability• Credibility• Goodwill• Defamation ( defaced portals, redirected to porn sites etc) &

• Privacy

• DESTRUCTION– REPUTATION

• Reliability• Availability• Credibility• Goodwill• Defamation ( defaced portals, redirected to porn sites etc) &

• Privacy

20

Recap of Basic Security concerns ofBanks and Customers

• THEFT– DATA

– RESOURCES / ASSETS

• DESTRUCTION– DATA

– RESOURCES / ASSETS

– REPUTATION

• THEFT– DATA

– RESOURCES / ASSETS

• DESTRUCTION– DATA

– RESOURCES / ASSETS

– REPUTATION

21

Security concerns atTouch points - ATM

22

Security concerns atTouch points - ATM

THEFT DESTRUCTIONDATA ASSETS DATA ASSETS REPUTATION

Credentials

Card Data

AccountBalances -- Money- Equity- Units- etc

Debit Card

Credit Card

Cash -- Customer- Bank

ATM

Other Fixures

ATM

ATM Center

Cash- Bank

Other Fixtures

Credentials

Card Data

AccountBalances -- Money- Equity- Units- etc

Debit Card

Credit Card

Cash -- Customer- Bank

ATM

Other Fixures

ATM

ATM Center

Cash- Bank

Other Fixtures

23

Security concerns atTouch points - POS

THEFT DESTRUCTIONDATA ASSETS DATA ASSETS REPUTATION

Credentials

Card Data

POS Terminal POS Terminal Retailercredibility withBanks

24

Security concerns atTouch points – Net Banking

THEFT DESTRUCTIONDATA ASSETS DATA ASSETS REPUTATION

Credentials

AccountDetails

AccountBalances

Other datafrom customerPC

customer- Money- Equity- Units- etc

AccountMis-use

IndividualRelated Data

EntireDatabases

Customer PCData

Bank's Portals

NetworkComponents

Networks

Ransomnets

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

Credentials

AccountDetails

AccountBalances

Other datafrom customerPC

customer- Money- Equity- Units- etc

AccountMis-use

IndividualRelated Data

EntireDatabases

Customer PCData

Bank's Portals

NetworkComponents

Networks

Ransomnets

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

25

Security concerns atTouch points – MOBILES

THEFT DESTRUCTIONDATA ASSETS DATA ASSETS REPUTATION

Credentials

AccountDetails

AccountBalances

Other datafrom customermobile

Cash fromdigital ormobile wallets

customer- Money- Equity- Units- etc

AccountMis-use

Mobile unit

SIM Cards

Memory cards

IndividualRelated Data

EntireDatabases

CustomerMobile Data

Bank's Portals

Digital / mobileWallets

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

Credentials

AccountDetails

AccountBalances

Other datafrom customermobile

Cash fromdigital ormobile wallets

customer- Money- Equity- Units- etc

AccountMis-use

Mobile unit

SIM Cards

Memory cards

IndividualRelated Data

EntireDatabases

CustomerMobile Data

Bank's Portals

Digital / mobileWallets

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

26

Security concerns atTouch points – PAYMENT GATEWAY

THEFT DESTRUCTIONDATA ASSETS DATA ASSETS REPUTATION

Credentials

AccountDetails

AccountBalances

Other datafrom customerPC

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

Credentials

AccountDetails

AccountBalances

Other datafrom customerPC

Defamation(DisfiguredPortals)

Availability

Credibility

Reliability

Goodwill

27

Security concerns atTouch points – Bank BranchTHEFT DESTRUCTION

DATA ASSETS DATA ASSETS REPUTATIONCredentials(Signatures)

AccountDetails

AccountBalances

Cheques

Cash- customer- Bank

Safe DepositVaults

Physicaldocuments- FD Receipts- Shares /Debentures- etc

Branch Data ITInfrastructure

Other Branchinfrastructure

Safe depositvaults

Staff

Customers

Premises

Reliability (SDVaults)

Availability(Whenreopen?)

Credibility(Safe to visit?)

Credentials(Signatures)

AccountDetails

AccountBalances

Cheques

Cash- customer- Bank

Safe DepositVaults

Physicaldocuments- FD Receipts- Shares /Debentures- etc

ITInfrastructure

Other Branchinfrastructure

Safe depositvaults

Staff

Customers

Premises

Reliability (SDVaults)

Availability(Whenreopen?)

Credibility(Safe to visit?)

28

Part 2

Basic Risk Mitigation Measuresof

Banks and Customers

29

What are Basic Risk Mitigation Measuresof Banks and Customers?

• PREVENTION

AND

• RECOVERY

• PREVENTION

AND

• RECOVERY

30

What are Basic Risk Mitigation Measuresof Banks and Customers?

• PREVENTION– DETECTION– PREVENTION– UPDATION

• RECOVERY– DATA– ASSETS– BUSINESS CONTINUITY– REPUTATION

• PREVENTION– DETECTION– PREVENTION– UPDATION

• RECOVERY– DATA– ASSETS– BUSINESS CONTINUITY– REPUTATION

31

Risk Mitigation Measures - Prevention• DETECTION

– Physical Surveillance– Electronic Surveillance– Processes and Policies– Audits– Reviews– Logs &– Virus / Malware scans

• DETECTION– Physical Surveillance– Electronic Surveillance– Processes and Policies– Audits– Reviews– Logs &– Virus / Malware scans

32

Risk Mitigation Measures - Prevention• PREVENTION

– Anti Virus– Firewalls– Data Center Security– Application Architecture– Data Architecture– SSL Deployment– WAP / WPA2 Deployment– Anti card skimming devices / designs– Virtual Keyboards &– Technology Standards Compliances

• PREVENTION– Anti Virus– Firewalls– Data Center Security– Application Architecture– Data Architecture– SSL Deployment– WAP / WPA2 Deployment– Anti card skimming devices / designs– Virtual Keyboards &– Technology Standards Compliances

33

Risk Mitigation Measures - Prevention• PREVENTION

– SMS Alerts– OTPs– Multipart authentications– Multipart logins– KYC– Cash and Valuables Strong-room security– Cash in Transit Security &– Cash in ATMs Security

• PREVENTION– SMS Alerts– OTPs– Multipart authentications– Multipart logins– KYC– Cash and Valuables Strong-room security– Cash in Transit Security &– Cash in ATMs Security

34

Risk Mitigation Measures - Prevention• PREVENTION

– Processes and Policies• Dormant account management

– Physical– Online

• Card and PIN dispatches• Card and PIN storage• Password change policy• Password strength policy &• Regulatory standards compliances

• PREVENTION– Processes and Policies

• Dormant account management– Physical– Online

• Card and PIN dispatches• Card and PIN storage• Password change policy• Password strength policy &• Regulatory standards compliances

35

Risk Mitigation Measures - Prevention• RECOVERY

– DATA• Backups• Reconstruction• Recapture

– ASSETS• Police• Replace

• RECOVERY

– DATA• Backups• Reconstruction• Recapture

– ASSETS• Police• Replace

36

Risk Mitigation Measures - Prevention• RECOVERY

– BUSINESS CONTINUITY• DR Site• Redundancy• Hot swappable Devices• DR and BC Policies• Trainings• simulations

– REPUTATION• Publicity• Transparency• Speed of Action• Hard Decisions

• RECOVERY– BUSINESS CONTINUITY

• DR Site• Redundancy• Hot swappable Devices• DR and BC Policies• Trainings• simulations

– REPUTATION• Publicity• Transparency• Speed of Action• Hard Decisions

37

Security and Role of Regulators• Who are the Regulators?

• Why Are they concerned about Security?

• Who are the Regulators?

• Why Are they concerned about Security?

38

What are Basic Security concerns ofRegulators?

• Legal and regulatory issues

• Security and technology issues

• Supervisory and operational issues.

• Impact on Monetary Policy

• Legal and regulatory issues

• Security and technology issues

• Supervisory and operational issues.

• Impact on Monetary Policy

39

What are Basic Security concerns ofRegulators?

• Legal and regulatory issues– The jurisdiction of law– Validity of electronic contract including the question of

repudiation– Gaps in the legal / regulatory environment for electronic

commerce.

• Legal and regulatory issues– The jurisdiction of law– Validity of electronic contract including the question of

repudiation– Gaps in the legal / regulatory environment for electronic

commerce.

40

What are Basic Security concerns ofRegulators?

• Security and Technology Issues– Questions of adopting internationally accepted state of the art

minimum technology standards for• access control,• encryption / decryption ( minimum key length etc),• firewalls,• verification of digital signature,• Public Key Infrastructure (PKI) etc.

– The security policy for the banking industry,– Security awareness and education.

• Security and Technology Issues– Questions of adopting internationally accepted state of the art

minimum technology standards for• access control,• encryption / decryption ( minimum key length etc),• firewalls,• verification of digital signature,• Public Key Infrastructure (PKI) etc.

– The security policy for the banking industry,– Security awareness and education.

41

What are Basic Security concerns ofRegulators?

• Supervisory and Operational Issues.– Risk control measures,– Advance warning system,– Information Technology audit– Re-engineering of operational procedures.– Whether the nature of products and services offered are within

the regulatory framework and– Whether the transactions do not camouflage money-laundering

operations.

• Supervisory and Operational Issues.– Risk control measures,– Advance warning system,– Information Technology audit– Re-engineering of operational procedures.– Whether the nature of products and services offered are within

the regulatory framework and– Whether the transactions do not camouflage money-laundering

operations.

42

What are Basic Security concerns ofRegulators?

• Impact on Monetary Policy.– when and where private sector initiative produces electronic

substitution of money like• e-cheque,• account based cards ,• digital coins,• M-Wallets• Cash Cards• Non account based cards• e-money transfers with physical cash payments etc

• Impact on Monetary Policy.– when and where private sector initiative produces electronic

substitution of money like• e-cheque,• account based cards ,• digital coins,• M-Wallets• Cash Cards• Non account based cards• e-money transfers with physical cash payments etc

43

Some Recent Policy RecommendationsBY RBI

Target Date Sr no. Security Breach Example30-06-2013 1 All new debit and credit cards to be issued only for

domestic usage unless international use isspecifically sought by the customer. Such cardsenabling international usage will have to beessentially EMV Chip and Pin enabled.

44

30-06-2013 2 Issuing banks should convert all existingMagStripe cards to EMV Chip card for allcustomers who have used their cardsinternationally at least once (for/through e-commerce/ATM/POS)

Some Recent Policy RecommendationsBY RBI

Target Date Sr no. Security Breach Example30-06-2013 3 Banks should ensure that the terminals installed at

the merchants for capturing card payments(including the double swipe terminals used) shouldbe certified for PCI-DSS (Payment Card Industry-Data Security Standards) and PA-DSS (PaymentApplications -Data Security Standards)

45

Banks should ensure that the terminals installed atthe merchants for capturing card payments(including the double swipe terminals used) shouldbe certified for PCI-DSS (Payment Card Industry-Data Security Standards) and PA-DSS (PaymentApplications -Data Security Standards)

30-06-2013 4 Banks should ensure that all acquiringinfrastructure that is currently operational on IP(Internet Protocol) based solutions are mandatorilymade to go through PCI-DSS and PA-DSScertification. This should include acquirers,processors / aggregators and large merchants

Some Recent Policy RecommendationsBY RBI

Target Date Sr no. Security Breach ExampleASAP 5 Banks should move towards real time fraud

monitoring system at the earliest.ASAP 6 Banks should provide easier methods (like SMS)

for the customer to block his card and get aconfirmation to that effect after blocking the card.

46

ASAP 7 Banks should provide easier methods (like SMS)for the customer to block his card and get aconfirmation to that effect after blocking the card.

Some Recent Debit CardRecommendations BY RBI

Target Date Sr no. Security Breach ExampleImmediately 1 Banks may issue only online debit cards including

co-branded debit cards where there is animmediate debit to the customers’ account, andwhere straight through processing is involved.

Immediately 2 No bank shall dispatch a card to a customerunsolicited, except in the case where the card is areplacement for a card already held by thecustomer.

47

No bank shall dispatch a card to a customerunsolicited, except in the case where the card is areplacement for a card already held by thecustomer.

Immediately 3 The terms shall put the cardholder under anobligation not to record the PIN or code, in anyform that would be intelligible or otherwiseaccessible to any third party if access is gained tosuch a record, either honestly or dishonestly.

Some Recent Debit CardRecommendations BY RBI

Target Date Sr no. Security Breach ExampleImmediately 4 No cash transactions through the debit cards

should be offered at the Point of Sale under anyfacility without prior authorization of Reserve Bankof India under Section 23 of the BankingRegulation Act, 1949.

Immediately 5 The bank shall ensure full security of the debitcard. The security of the debit card shall be theresponsibility of the bank and the losses incurredby any party on account of breach of security orfailure of the security mechanism shall be borne bythe bank.

48

Immediately 5 The bank shall ensure full security of the debitcard. The security of the debit card shall be theresponsibility of the bank and the losses incurredby any party on account of breach of security orfailure of the security mechanism shall be borne bythe bank.

Immediately 6 The banks should undertake review of theiroperations/issue of debit cards on half-yearlybasis. The review may include, inter-alia, cardusage analysis including cards not used for longdurations due to their inherent risks.

Some Recent Debit CardRecommendations BY RBI

Target Date Sr no. Security Breach ExampleImmediately 7 The role of the non-bank entity under the tie-up

arrangement should be limited to marketing/distribution of the cards or providing access to thecardholder for the goods/services that are offered.

Immediately 8 The card issuing bank should not reveal anyinformation relating to customers obtained at thetime of opening the account or issuing the cardand the co-branding non-banking entity should notbe permitted to access any details of customer’saccounts that may violate bank’s secrecyobligations.

49

The card issuing bank should not reveal anyinformation relating to customers obtained at thetime of opening the account or issuing the cardand the co-branding non-banking entity should notbe permitted to access any details of customer’saccounts that may violate bank’s secrecyobligations.

RBI POLICIES• Ref documents

– RBI Security Feb 28, 2013.pdf– RBI Guidelines Debit cards Dec 24, 2012

50

ATM Security standardsStandard Security Breach Example

PCI PTS POI Standard: PCI PIN Transaction Security Point ofInteraction Security Requirements (PCI PTS POI)Version: 1.0Date: January 2013Author: PCI Security Standards Council

PCI DSS PCI SSC Data Security StandardThe PCI DSS is a multifaceted security standardthat includes requirements for securitymanagement, policies, procedures, networkarchitecture, software design, and other criticalprotective measures. This comprehensivestandard is intended to help organizationsproactively protect customer account data

51

PCI DSS PCI SSC Data Security StandardThe PCI DSS is a multifaceted security standardthat includes requirements for securitymanagement, policies, procedures, networkarchitecture, software design, and other criticalprotective measures. This comprehensivestandard is intended to help organizationsproactively protect customer account data

ATM Security standardsStandard Security Breach Example

PCI PA-DSS PCI SSC Payment Application Data SecurityStandardThis document is to be used by PaymentApplication-Qualified Security Assessors (PA-QSAs) conducting payment application reviews; sothat software vendors can validate that a paymentapplication complies with the PCI DSS PaymentApplication Data Security Standard (PA-DSS). Thisdocument is also to be used by PA-QSAs as atemplate to create the Report on Validation.

52

PCI SSC Payment Application Data SecurityStandardThis document is to be used by PaymentApplication-Qualified Security Assessors (PA-QSAs) conducting payment application reviews; sothat software vendors can validate that a paymentapplication complies with the PCI DSS PaymentApplication Data Security Standard (PA-DSS). Thisdocument is also to be used by PA-QSAs as atemplate to create the Report on Validation.

ATM Security standardsStandard Security Breach Example

PCI PTS PCI PIN Transaction Security StandardThis standard includes security requirements forvendors (PTS POI Requirements), device-validation requirements for laboratories (DerivedTest Requirements), and a device approvalframework that produces a list of approved PTSPOI devices (against the PCI PTS POI SecurityRequirements) that can be referred to by brands’mandates.The PCI PTS list is broken down into the followingApproval Classes of devices: PIN Entry Devices(PEDs—standalone terminals), EPPs (generally tobe integrated into ATMs and self-service POSdevices), Unattended Payment Terminals (UPT),Secure Card Readers (SCRs), and Non-PIN-enabled (Non-PED) POS Terminals.

53

PCI PIN Transaction Security StandardThis standard includes security requirements forvendors (PTS POI Requirements), device-validation requirements for laboratories (DerivedTest Requirements), and a device approvalframework that produces a list of approved PTSPOI devices (against the PCI PTS POI SecurityRequirements) that can be referred to by brands’mandates.The PCI PTS list is broken down into the followingApproval Classes of devices: PIN Entry Devices(PEDs—standalone terminals), EPPs (generally tobe integrated into ATMs and self-service POSdevices), Unattended Payment Terminals (UPT),Secure Card Readers (SCRs), and Non-PIN-enabled (Non-PED) POS Terminals.

Q and A

???

THANK YOU