Author
Jevgenijs Smirnovs
Document name
Point VxPC F02.01.xxx
Implementation Guide
E-mail
jevgenijs.smirnovs@verifone.com
Date
12-Jun-2015
Phone
+371 67844726
Page number
23
Version
1.0
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
No specific setup of your Point Vx PCI PA-DSS compliant terminal is required. PAN is stored either
truncated or encrypted. Full magnetic stripe data is deleted immediately after authorization and
never stored.
However, if you need to enter PAN and expiration date manually or do a voice referral you should
never write down or otherwise store PAN, expiration date or CVV2. Collect this type of data only
when absolutely necessary to perform manual entry or voice referral.
Note: Using the PCI PA-DSS compliant Point Vx terminal you will never be prompted to enter CVV2.
No any sensitive cardholder’s data are retrieving by Point VxPC application (even when needed to
solve a specific problem) in production terminals. In case when sensitive cardholder’s data need to
be present in the logs for troubleshooting is only done at Point lab/test environment using test ter-
minals.
Note: Removal of sensitive authentication data is absolutely necessary for PCI DSS compliance.
3.2. Protect stored card holder data
PAN and expiration date are encrypted and stored in your Point Vx for offline transactions. For this
encryption a unique key per transaction is used. Once your Point Vx goes online any stored transac-
tions are sent to the processor and securely deleted from the Point Vx memory.
To comply with the PCI DSS requirements all cryptographic material must be rendered irretrievable.
This is handled within the Point Vx and you do not need to take any action.
3.3. Protect wireless transmissions
To Next Page
Loading...
Need help?
General
