NetSPI, VeriFone Team on Industry-Leading PA-DSS Compliance Effort

Approval of VeriFone's SoftPay® Enables More than 2 Million Existing VeriFone Merchants to Gain Compliance with new Security Standards

Minneapolis, March 16, 2009 — NetSPI, a leading information- security consulting firm, and VeriFone Holdings, Inc. (NYSE: PAY), have partnered on a pioneering effort to ensure that VeriFone payment device applications comply with the new security standard known as the Payment Application Data Security Standard (PA-DSS).

PA-DSS, a critical component of the PCI Data Security Standard (PCI DSS) that focuses on complete merchant site security, requires a rigorous certification process and conclusively affirms that the payment application does not store cardholder data and handles it in a secure, compliant manner.

The millions of small to mid-sized merchants have to date been left with little protection against increasingly sophisticated criminal efforts to obtain cardholder data. Without a properly audited and PA-DSS-approved application, these merchants have no knowledge of their exposure level and are at a higher degree of risk for a security breach and liability.

To ensure the protection of these merchants, VeriFone recently announced an aggressive program to achieve formal PA-DSS certification of the ubiquitous VeriFone's SoftPay application, which instantly provides an unprecedented path to compliance for more than 2 million payment devices in the United States and Canada.

NetSPI is assisting the VeriFone development program in several ways:

• Providing advisory services regarding the applicability of PA-DSS and how best to manage major and minor release schedules within the standard.
• Auditing key VeriFone payment applications as compliant with PA-DSS.
• Advising VeriFone on the security impacts of potential new features of payment applications.

Deke George, NetSPI CEO, said, We are proud to combine forces with VeriFone in this successful effort to validate payment applications that enable merchants to comply with this new security standard. VeriFone is devoting significant effort and resources to make it easier for merchants and acquiring banks to demonstrate that they are in compliance with PCI.

Paul Rasori, VeriFone SVP, Global Marketing, added, Nothing is more important to our industry than the trust that consumers put in acquirers, merchants and payment system vendors to securely handle their personal information. Working with partners such as NetSPI to positively verify our security standards compliance is an excellent example of VeriFone's proactive approach to maintaining that trust.

About VeriFone Holdings, Inc. (www.verifone.com)

VeriFone Holdings, Inc. ("VeriFone") (NYSE: PAY) is the global leader in secure electronic payment solutions. VeriFone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. VeriFone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.

Safe Harbor Statement under the Private Securities Litigation Reform Act of 1995 for VeriFone Holdings, Inc.:

This press release includes certain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These statements are based on management's current expectations or beliefs and are subject to uncertainty and changes in circumstances. Actual results may vary materially from those expressed or implied by the forward-looking statements herein due to changes in economic, business, competitive, technological and/or regulatory factors, and other risks and uncertainties affecting the operation of the business of VeriFone Holdings, Inc. These risks and uncertainties include: our customers' acceptance and adoption of our newly released products and applications, our ability to protect against fraud, the status of our relationship with and condition of third parties upon whom we rely in the conduct of our business, our dependence on a limited number of customers, uncertainties related to the conduct of our business internationally, our dependence on a limited number of key employees, short product cycles, rapidly changing technologies and maintaining competitive leadership position with respect to our payment solution offerings. For a further list and description of such risks and uncertainties, see our filings with the Securities and Exchange Commission, including our annual report on Form 10-K and our quarterly reports on Form 10-Q. VeriFone is under no obligation to, and expressly disclaims any obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, changes in assumptions or otherwise.

About NetSPI (www.netspi.com)

NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies. More information is available at www.netspi.com.