Mobile payment card acceptance solution using Miura...
2
Secure mPOS solution facilitates card acceptance and lowers costs PSPs can leverage e-commerce infrastructures to offer low cost, face-to-face card acceptance solutions. The solution involves a card reader with a PIN pad that connects wirelessly to a merchant- owned mobile device running a PSP-provided application. Data is encrypted from the card reader to the payment gateway with hardware security modules (HSMs) delivering high assurance security. Merchants benefit from greater security and flexibility, maximizing their sales opportunities. By delivering a solution that is fully PCI-certified, the PSP adds value by reducing the PCI DSS scope for the merchant. How Miura and Thales deliver the win- win for PSPs and Merchants The Miura Shuttle is a secure PCI/EMV approved card reader with an integral PIN pad that meets the highest payment security standards currently required (PCI PTS 3.x) and includes certification for SRED (secure reading and exchange of data). This ensures that the device encrypts cardholder data and the PIN (where Reduce cost and improve logical and physical security of innovative mobile point-of-sale solutions for merchants and payment service providers Solution Benefits • Allows micro merchants and small-to-medium enterprises to replace cash with card transactions • Provides a low cost, secure ”on-the-move” card acceptance capability suitable for all merchants • Increases transaction volumes for existing e-commerce payment service providers (PSPs) by opening up new payment market opportunities • Meets all relevant PCI and EMV standards and certifications using high assurance hardware security modules, enabling PSPs to reduce PCI DSS scope for their merchants Small merchants need new payment acceptance options Many merchants need to accept payments anytime and anywhere, especially where wired connections are unavailable. Gardeners and plumbers, for example, often rely solely on cash because for them a traditional POS terminal is unsuitable both in terms of cost and flexibility – the payment volume is insufficient to justify monthly fees or the device does not work in their customer’s home. For many years, replacing cash, which is not risk-free due to counterfeit and theft issues, with a secure card-based solution for these merchants seemed a distant hope. Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000 thalescpl.com
Transcript of Mobile payment card acceptance solution using Miura...
Secure mPOS solution facilitates card acceptance and lowers costs
PSPs can leverage e-commerce infrastructures to offer low cost, face-to-face card acceptance solutions. The solution involves a card reader with a PIN pad that connects wirelessly to a merchant-owned mobile device running a PSP-provided application. Data is encrypted from the card reader to the payment gateway with hardware security modules (HSMs) delivering high assurance security. Merchants benefit from greater security and flexibility, maximizing their sales opportunities. By delivering a solution that is fully PCI-certified, the PSP adds value by reducing the PCI DSS scope for the merchant.
How Miura and Thales deliver the win-win for PSPs and MerchantsThe Miura Shuttle is a secure PCI/EMV approved card reader with an integral PIN pad that meets the highest payment security standards currently required (PCI PTS 3.x) and includes certification for SRED (secure reading and exchange of data). This ensures that the device encrypts cardholder data and the PIN (where
Reduce cost and improve logical and physical security of innovative mobile point-of-sale solutions for merchants and payment service providers Solution Benefits
• Allows micro merchants and small-to-medium enterprises to replace cash with card transactions
• Provides a low cost, secure ”on-the-move” card acceptance capability suitable for all merchants
• Increases transaction volumes for existing e-commerce payment service providers (PSPs) by opening up new payment market opportunities
• Meets all relevant PCI and EMV standards and certifications using high assurance hardware security modules, enabling PSPs to reduce PCI DSS scope for their merchants
Small merchants need new payment acceptance options
Many merchants need to accept payments anytime and anywhere, especially where wired connections are unavailable. Gardeners and plumbers, for example, often rely solely on cash because for them a traditional POS terminal is unsuitable both in terms of cost and flexibility – the payment volume is insufficient to justify monthly fees or the device does not work in their customer’s home. For many years, replacing cash, which is not risk-free due to counterfeit and theft issues, with a secure card-based solution for these merchants seemed a distant hope.
Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000
thalescpl.com
w w w . t h a l e s - e s e c u r i t y . c o m
Thales e-Security
Mobile payment card acceptance solution using Miura Shuttle and Thales payShield 9000
Solution Benefits • Allows micro merchants and small-to-medium enterprises
to replace cash with card transactions • Provides a low cost, secure ”on-the-move” card acceptance
capability suitable for all merchants • Increases transaction volumes for existing e-commerce
payment service providers (PSPs) by opening up new payment market opportunities
• Meets all relevant PCI and EMV standards and certifications using high assurance hardware security modules, enabling PSPs to reduce PCI DSS scope for their merchants
Reduce cost and impRove logical and physical secuRity of innovative mobile point-of-sale solutions foR meRchants and payment seRvice pRovideRs
Small merchants need new payment acceptance options
many merchants need to accept payments anytime and anywhere, especially where wired connections are unavailable. gardeners and plumbers, for example, often rely solely on cash because for them a traditional pos terminal is unsuitable both in terms of cost and flexibility – the payment volume is insufficient to justify monthly fees or the device does not work in their customer’s home. for many years, replacing cash, which is not risk-free due to counterfeit and theft issues, with a secure card-based solution for these merchants seemed a distant hope.
Secure mPOS solution facilitates card acceptance and lowers costs
psps can leverage e-commerce infrastructures to offer low cost, face-to-face card acceptance solutions. the solution involves a card reader with a pin pad that connects wirelessly to a merchant-owned mobile device running a psp-provided application. data is encrypted from the card reader to the payment gateway with hardware security modules (hsms) delivering high assurance security. merchants benefit from greater security and flexibility, maximizing their sales opportunities. by delivering a solution that is fully pci-certified, the psp adds value by reducing the pci dss scope for the merchant.
Encrypted Cardholder
Data and PIN
Encrypted Cardholder
Data and PIN
Payment Gateway
Point to Point Encryption (P2PE) Zone
Open Network
Customer
Merchant
Acquirer & Payments Network
1
2
3
4
5
6
7
8
9
0-
x
© T
hale
s - A
ugus
t 201
9• E
LC, v
2
applicable) at the point of capture. The Miura Shuttle provides a familiar and trusted transaction process flow so the customer can validate that the payment value being authorized is correct and their PIN if required is entered securely. It connects wirelessly (via Bluetooth) to all types of mobile devices, irrespective of the make or operating system platform. The mobile device runs the PSP payment application and never processes clear text cardholder data, thus taking the merchant out of scope for PCI DSS. Any security vulnerabilities which may occur in the mobile device will not affect the payment value as this is secured by the trusted Miura Shuttle in conjunction with the Thales payShield 9000 hardware security module (HSM).
The Thales payShield 9000 HSM is used by the PSP to provide a card scheme certified method for remotely deploying the cryptographic keys required by the Miura Shuttle device for PIN and data encryption and to perform the secure decryption of the payment transaction data prior to onward transmission to the acquirer. Where online PINs are used, the HSM additionally facilitates a secure PIN translation process to enable the issuer to validate the PIN entered at the Miura Shuttle card reader. PSPs therefore have an off-the-shelf proven solution that can help small merchants accept card payments in a cost-effective manner.
The combined Miura Thales solution has some important attributes that make it easy to install, deploy and maintain, delivering clear benefits to both PSPs and merchants.
> thalescpl.com <
Americas – Arboretum Plaza II, 9442 Capital of Texas Highway North, Suite 100, Austin, TX 78759 USA • Tel: +1 888 343 5773 or +1 512 257 3900 • Fax:+1 954 888 6211 • E-mail: [email protected] Pacific – Thales Transport & Security (HK) Lt, Unit 4101-3, 41/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong • Tel:+852 2815 8633 • Fax:+852 2815 8141 • E-mail: [email protected], Middle East, Africa – Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ • Tel:+44 (0)1844 201800 • Fax:+44 (0)1844 208550 • E-mail: [email protected]
For PSPs• Increases transaction volume and revenue by enabling a
broader community of merchants to accept card payments
• Minimizes merchant installation costs by eliminating the need to inject cryptographic keys prior to delivery of card reader devices to merchants
• Reduces cost to scale internationally by enabling additional data centers and merchant terminals to be managed remotely from a central location
For Merchants• Moves the merchant environment out of scope for PCI DSS
compliance by ensuring that all sensitive data is encrypted using proven and certified hardware-based techniques
• Facilitates payment acceptance anytime and anywhere through a flexible, low cost and secure card-based solution
• Reduces certification costs by eliminating the need for the merchant mobile phone/tablet to undergo any independent security certification
• Minimizes staff and customer training costs by delivering the same cardholder experience as traditional chip and PIN-based POS terminals
Further information on the Miura Shuttle can be found at: www.miurasystems.com
About ThalesThe people you rely on to protect your privacy rely on Thales to protect their data. When it comes to data security, organizations are faced with an increasing number of decisive moments. Whether the moment is building an encryption strategy, moving to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.
Decisive technology for decisive moments.
EncryptedCardholder
Data and PIN
EncryptedCardholder
Data and PIN
Payment Gateway
Open Network
Customer Merchant
Acquirer & Payments Network
Point to Point Encryption (P2PE) Zone
