From:                              Piotr.Janczewski@nz.ey.com

Sent:                               Friday, 6 November 2009 8:44 a.m.

Subject:                          NZISF Final Call 11/10: Encrypting Pin Pads

 


To register for this seminar, click here

To place your name on the NZISF mailing list, click here

To remove your name from the NZISF mailing list, click here

New Zealand Information Security Forum (NZISF) cordially invites you and your friends to the November 2009 breakfast meeting:

Venue:                 The Auckland Club, 34 Shortland St, CBD, Auckland

Date:                         Wednesday, 11th November 2009

Time:                        7:30 am

Cost:          NZISF, NZSA and NZCS members - $30, students - $20, all others - $ 35, Cash or cheque, no credit cards.  

Important note:        Lech Janczewski is out of the country. The meeting will be chaired Mr Piotr Janczewski. Please direct to him all the booking and correspondence related to this meeting (contact piotr.janczewski@nz.ey.com or 0274899155)


Topic:        Encrypting Pin Pads (EPP): A new standard for secure payment transactions.



Payment terminal fraud is on the increase. While the actual dollar amount has gone up slowly, the number of attacks has increased dramatically in recent years. Credit card companies are responding with tougher terminal standards and more stringent requirements for attack resistance.

In July 2007 PCI introduced PCI-EPP 2.0 for Encrypting Pin Pads that presented considerable new requirements for terminal hardware and software. The standard is laid out in terms of resistance to attack potential, and doesn't provide any specification as to how this should be accomplished. This leaves the designers a challenge to come up with a cost effective way of meeting the required attack resistance.

The presentation covers one of the early projects to build an EPP to meet the PCI-EPP version 2.0. It looks at some of the requirements that had to be met, the attacks resistance that had to be accommodated in the design, and the lessons learned along the way.

Presenter:                        
Murray Trace
Business Continuity Manager
Gen-i

Murray has worked in the IT industry for twenty one years. In this time he has amassed a diverse experience as Business Analyst, Systems Analyst, and Database Designer. In the last eleven years Murray has gravitated toward Business Continuity and Security, working for; Chubb, The University of Auckland, Gen-i and Provenco|Cadmus in security, disaster recovery, business continuity, and project management
Murray is currently employed by Gen-i as their Business Continuity Manager.


This meeting of the New Zealand Information Security Forum is proudly sponsored by:

http://www.ey.com/nz


This email and any attachments are confidential and intended exclusively for the person to whom the email is addressed. If you are not the intended recipient, do not read, copy, disclose or use the contents in any way. Please notify us immediately by return email and destroy the email and attachments. Ernst & Young does not accept any liability for any changes made to this email or attachments after sending by Ernst & Young. You must scan this email and attachments for viruses. The opinions expressed are not necessarily those of Ernst & Young. 

Ernst & Young accepts no liability for any loss, damage or consequence, whether caused by our own negligence or not, resulting directly or indirectly from the use of this email and attachments.

 

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4576 (20091105) __________

 

The message was checked by ESET NOD32 Antivirus.

 

http://www.eset.com