Approval of VeriFone's SoftPay® Enables More than 2 Million Existing VeriFone Merchants to Gain Compliance with new Security Standards
Minneapolis, March 16, 2009 — NetSPI, a leading information- security consulting firm, and VeriFone Holdings, Inc. (NYSE: PAY), have partnered on a pioneering effort to ensure that VeriFone payment device applications comply with the new security standard known as the Payment Application Data Security Standard (PA-DSS).
PA-DSS, a critical component of the PCI Data Security Standard (PCI DSS) that focuses on complete merchant site security, requires a rigorous certification process and conclusively affirms that the payment application does not store cardholder data and handles it in a secure, compliant manner.
The millions of small to mid-sized merchants have to date been left with little protection against increasingly sophisticated criminal efforts to obtain cardholder data. Without a properly audited and PA-DSS-approved application, these merchants have no knowledge of their exposure level and are at a higher degree of risk for a security breach and liability.
To ensure the protection of these merchants, VeriFone recently announced an aggressive program to achieve formal PA-DSS certification of the ubiquitous VeriFone's SoftPay application, which instantly provides an unprecedented path to compliance for more than 2 million payment devices in the United States and Canada.
NetSPI is assisting the VeriFone development program in several ways:
- Providing advisory services regarding the applicability of PA-DSS and how best to manage major and minor release schedules within the standard.
- Auditing key VeriFone payment applications as compliant with PA-DSS.
- Advising VeriFone on the security impacts of potential new features of payment applications.
Deke George, NetSPI CEO, said,
We are proud to combine forces with VeriFone in this successful effort to validate payment applications that enable merchants to comply with this new security standard. VeriFone is devoting significant effort and resources to make it easier for merchants and acquiring banks to demonstrate that they are in compliance with PCI.
Paul Rasori, VeriFone SVP, Global Marketing, added,
Nothing is more important to our industry than the trust that consumers put in acquirers, merchants and payment system vendors to securely handle their personal information. Working with partners such as NetSPI to positively verify our security standards compliance is an excellent example of VeriFone's proactive approach to maintaining that trust.
VeriFone Holdings, Inc. ("VeriFone") (NYSE: PAY) is the global
leader in secure electronic payment solutions. VeriFone provides
expertise, solutions and services that add value to the point of sale
with merchant-operated, consumer-facing and self-service payment
systems for the financial, retail, hospitality, petroleum, government
and healthcare vertical markets. VeriFone solutions are designed to
meet the needs of merchants, processors and acquirers in
developed and emerging economies worldwide.
Safe Harbor Statement under the Private Securities Litigation
Reform Act of 1995 for VeriFone Holdings, Inc.:
This press release includes certain forward-looking statements
within the meaning of the Private Securities Litigation Reform Act of
1995. These statements are based on management's current
expectations or beliefs and are subject to uncertainty and changes
in circumstances. Actual results may vary materially from those
expressed or implied by the forward-looking statements herein due
to changes in economic, business, competitive, technological
and/or regulatory factors, and other risks and uncertainties affecting
the operation of the business of VeriFone Holdings, Inc. These
risks and uncertainties include: our customers' acceptance and
adoption of our newly released products and applications, our
ability to protect against fraud, the status of our relationship with
and condition of third parties upon whom we rely in the conduct of
our business, our dependence on a limited number of customers,
uncertainties related to the conduct of our business internationally,
our dependence on a limited number of key employees, short
product cycles, rapidly changing technologies and maintaining
competitive leadership position with respect to our payment solution
offerings. For a further list and description of such risks and
uncertainties, see our filings with the Securities and Exchange
Commission, including our annual report on Form 10-K and our
quarterly reports on Form 10-Q. VeriFone is under no obligation to,
and expressly disclaims any obligation to, update or alter its
forward-looking statements, whether as a result of new information,
future events, changes in assumptions or otherwise.
NetSPI is a privately held information-security consulting company founded in 2001. By using its consulting team's deep security knowledge and its CorrelatedVM vulnerability management & reporting solution, the company is a trusted advisor to large enterprises. NetSPI provides a range of assessment and advisory services designed to analyze and mitigate risks and ensure compliance with relevant regulations and industry standards. Clients include large financial services firms, retailers, healthcare organizations and technology companies.
More information is available at www.netspi.com.