POS Payments Solutions

Help Clients Comply with EMV Migration & PCI DSS Requirements

Almost half the world’s credit card fraud happens in the United States — even though only a quarter of all credit card transactions happen here. Banks are moving away from magnetic-stripe cards to EMV technology which contains a super-small computer chip that’s extremely hard to counterfeit. Merchants will need new processing devices to read the information in the chip cards. And come October 2015, businesses that don’t have an EMV processing device could be on the hook for fraudulent card transactions.

Retail customers have unique service needs that are time sensitive and make it difficult to outsource to just anyone. Ingram Micro is here to help. Ingram Micro Professional and Training Services has experts on staff that can help you build your business from end-to-end. Our experienced professionals can provide guidance beyond the hardware and software. From risk assessments and PCI-compliance scanning to solution design and deployment and even staff training and equipment disposal, our experts can help you during the entire project lifecycle.

Service Overview

RISK ASSESSMENTS
Understanding and assessing risk is one of the most fundamental ways to develop a well-founded information security strategy which helps fulfill both compliance objectives (such as GLBA, HIPAA and PCI DSS) and broader security goals.

Our risk assessments help identify the risks faced and identify:

  • Systems used to store, process or transmit sensitive information
  • Threats to systems from attackers, automated attacks (i.e., computer viruses), environmental factors and human mistakes
  • Vulnerabilities that could make systems susceptible to the threats
  • Impact if an attacker was able to successfully exploit the vulnerability

VULNERABILITY SCANNING SERVICES
Vulnerability scanning examines networks for security holes and misconfigurations. Regular scanning is a critical component of information security programs and a required component for all merchants accepting credit card payments. These scans also help to proactively find changes or weaknesses in the everchanging network environment.

PCI COMPLIANCE SCANNING
Any organization that stores, processes or transmits payment card data is required to be PCI-compliant by the payment brands and the merchant bank. And, depending on the organization’s role and transaction volume, they will need to complete either a full compliance assessment performed by a Qualified Security Assessor (QSA) or a Self-Assessment Questionnaire (SAQ).

Most organizations find that they need at least some level of guidance while going through the SAQ process. Our experts will help determine which SQA route is appropriate and give assistance understanding the requirements.

Through our secure web portal, the customer is able to set up, manage and review their scans. And in the event a scan fails, meaning a security vulnerability is found, the report will contain detailed recommendations to address any issues. Once the organization is able to make the appropriate changes to address the discovered vulnerabilities, a rescan can be done to see if the changes were effective.

DESIGN SERVICES
Network security professionals can assist in developing a simple, sustainable and operationally efficient network architecture for both wired and wireless deployments.

PAYMENT KEY INJECTION PROCESS
Avoid the cost and time of taking terminals offline and shipping them to secure facilities for key injections. Ingram Micro can download security keys to payment terminals on behalf of our channel partners.

SHIPPING & FULFILLMENT
Our Advanced Logistic Centers (ALCs) are positioned to ensure compressed order fulfillment lead times and optimize inventory distribution from end to end.

PCI ONSITE REVIEWS & ASSESSMENTS
For customers required to undergo a full compliance assessment, a Qualified Security Assessor (QSA) will assist with a three-phase process for the PCI DSS compliance assessment:

  • A Pre-Assessment identifies and analyzes the compliance scope as well as any gaps
  • The Assessment tests security of the system as well as provides advice to remediate the gaps.
  • Post-Assessments include quarterly follow ups to address compliance maintenance checkups, changes in the environment and future plans which may affect the scope.

DEPLOYMENT SERVICES
Leverage local, rapidly-deployable technicians across the country for deployments including payment terminals, cameras, wireless access points, cabling, network/POS upgrades, and more. Our Project Management Office will schedule each site and staff technicians as well as manage the entire project including site escalations and reviewing/archiving all documentation.

DISPOSAL SERVICES
Address the end-of-life information security as well as environmentally compliant disposal concerns for old electronic equipment. We offer a full service portfolio of services including:

  • De-Installation & Asset Removal
  • Onsite Data Erasure & Destruction
  • Packaging & Palletizing
  • Asset Processing
  • Refurbishment, Repair & Re-marketing
  • De-manufacturing & Recycling
  • Certificates of Destruction

TRAINING SERVICES
Whether exploring EMV chip card issues for the first time or an experience issuer, staff needs to be educated on how to identify suspicious activity, to follow the appropriate escalation procedures and to respond to a potential security incident.

Training helps in understanding common mistakes that my lead to data breaches, EMV security, the importance of PCI DSS compliance and the advantages/disadvantages of Point-toPoint Encryption (P2PE) solutions.