Security Standards
EMV and Triple DES
EMV and Triple DES are the most prominent of the new global security standards for
electronic payment transactions. Both standards minimise the risk of fraud, improving
security for customers, merchants and financial institutions.
EMV - derived from the initiators Europay, Mastercard and Visa
- is a global security standard for the interaction between chip cards and terminals.
Chip cards include an electronic chip in addition to the standard magnetic stripe.
Triple DES - derived from Triple Data Encryption Standard - is
a form of data encryption that scrambles sensitive information such as PIN numbers
before sending it to the bank. This provides a high level of security for the transfer
of sensitive information.
All EFTPOS users in New Zealand must comply with these standards, which are updated
from time to time by the banking institutions.
If you have any further questions please view our
FAQ's or contact us.
Software Versions
Below please find software descriptions and action required
|
Version of ETSL software
|
What is it?
|
What need to happen?
|
|
Version 4.X
|
Hardware is non EMV compliant, software is non EMV and non Triple DES
|
Software needs to be upgraded by 1 Jan 2008
|
|
Version 5.0
|
Hardware is EMV compliant, software is non EMV and non Triple DES
|
Software needs to be upgraded by 1 Jan 2008
|
|
Version 5.05
|
Hardware is EMV compliant, software is non EMV but Triple DES active
|
Software needs to be upgraded by 1 June 2011
|
|
Version 5.1
|
Hardware is EMV compliant, software is EMV and Triple DES active
|
Software needs to be upgraded by 1 June 2011
|
|
Version 5.2
|
Hardware is EMV compliant, software is EMV and Triple DES active.
- 5.2 supports additional functionally such as Offline PIN.
|
Software needs to be upgraded by 1 June 2014
|
Payment Card Industry Data Security (PCI DSS) Standard
The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines,
methods, and controls that were developed by the PCI Security Standards Council
to assist merchants in implementing strong security precautions to ensure safe credit
card usage and secure information storage.
The growth of the e-commerce sector has seen an increase in electronic crime, including
hacking and identity theft, leaving storage devices that contain card data, and
particularly public internet based services, vulnerable to compromise. The PCI DSS
was created in response for the need to secure operating environments in which consumers
engage in electronic transacting and secure e-commerce. Security breaches have become
well known to the public and concerns around the security of electronic payment
are becoming greater as individual's personal information is a valuable commodity
in today's digital age.
In addition to the physical security aspect of the PCI DSS, additional security
compliance has been required relating to PIN Pads. This standard is Payment Card
Industry PIN Entry Device standard, PCI PED.
PCI PED is an updated certification standard in which EFTPOS suppliers need to comply
with to ensure the physical security of the PIN Pad and protection of cardholder
data and PIN during a financial transaction.
|