Forward Vision Analytics

What Does PCI Certified Mean?

 

FEIG’s cVEND contactless payment terminals recently received certification from the Payment Card Industry (PCI) Security Standards Organization for compliance with the PCI 4.0 PIN Transaction Security (PTS) standard, as a Secure Card Reader (SCR). cVEND complies with existing SRED (Secure Reading and Exchange of Data) open protocol, the foundation for secure point-to-point encryption. cVEND is the first contactless device to carry the PCI 4.0 certification in addition to EMV Level 1 and 2 certifications. Read the entire specifications in cVEND Security Policy.

In complying with this PCI 4.0 as a non-PIN SCR device, cVEND incorporates permanently active tamper detection mechanisms that monitor for intrusion and responds to such events with the immediate erasure of sensitive information within the device, rendering the device inoperative.

To protect against software intrusion, the system implements a self-test mechanism to verify the integrity of the software, including firmware and user applications running on the secure device. The self-test also covers cryptographic operations, random number generation and a presence check for required cryptographic key. The software self-test is scheduled to run every 24 hours and at each start up, and in the event that the test fails, the system goes into an out-of-service status.

To protect the physical security of the hardware, the device contains mechanisms that will trigger when physical tampering of the device is detected, alerting with a flashing red LED light, an audible buzzer and a tamper message transmitted over the communications interface. Furthermore, in the event of tampering, the device memory is dumped to protect sensitive financial data.

Account data stored in the device is encrypted and the device cannot be configured to enter a state where account data is not encrypted. Public keys that may be implemented in cVEND are protected against change to prevent attacks to compromise the security of the system through an attack vector.

Essentially, the PCI certification means that cVEND is the smart choice for secure, contactless payment transactions. The PCI standard certifies that the security features of the device are not compromised by exposure to changes in environmental conditions. In fact, cVEND devices are rated to withstand ambient operating temperatures ranging from -25° C to +70° C and storage temperatures from -25° C to +80° C.

Ideally suited for mass transit applications, cVEND is a secure card reader for contactless payment transactions without PIN entry, available in both plug-in modules and standalone terminals. Additionally, FEIG’s cVEND solution supports tokenized payment data, which is one of the most secure and fraud-proof payment mechanisms available.

FEIG is available to partner with your system integrator to tailor a PCI certified, secure payment solution to meet your needs. Give us a call today.

About the author

Klaus Schoeke

Vice President of Technical Sales at FEIG Electronics, Inc.


>