Verifone hack

Jennifer-Miles-panel-for-blogThis week, VeriFone was involved in the PYMNTS.com “Innovation Project 2014” held on the beautiful Harvard University campus in Cambridge Massachusetts. VeriFone President Americas, Jennifer Miles spoke on a panel titled, “Reinventing the Retail Storefront.”

Meanwhile, I participated in the Conference’s “Think-A-Thon, ” which pits groups of industry practitioners against a thorny industry problem and whichever team presents the most logically thought-out and “Best Solution” wins the coveted Innovation Project Think-A-Thon award.

There were a lot of smart, industry leaders present and our team well represented the payments industry with the following members:

  • (me) Jeff Wakefield – Captain, VeriFone
  • Angela Wilson-Angelovska, Reed Smith
  • Nick Nayfack, Mercury Payments
  • Stephen Liset, NCR
  • Gus Jimenez, VeriFone
  • Gaurav Gollerkeri, Visa

Innovation Project Award SmallThe problem our group of teams had was to “Defend Payment Systems from Cyber Hacking.”

Obviously, a topic like this could emcompass an enormous range of possibilities, so our group decided to focus specifically on “card not present” fraud.

Our Solution
Our team agreed that EMV will drastically reduce the counterfeit card problem. Alternative solutions to solve card present fraud will likely take at least as long to implement and at least EMV already has significant support in the industry to help push it forward. We also agreed that no matter what the “card present” solution is, it will push more fraud to “card not present” transactions.

Therefore we focused on solving the card not present fraud problem. Our solution is to use a one-time transaction PIN for selected transactions to prevent card not present fraud occurring using stolen card data.

How It Would Work

We structured our solution so that the consumer could have the option to opt out of the PIN requirement, or opt out below a certain dollar amount threshold–their choice. But if they do, the consumer will be responsible for any fraudulent transactions. Also, for convenience, the consumer can also choose to receive the one-time PIN via text, email, phone call, or in their mobile bank app.

Verifone India wiki

VeriFone Open API

Verifone ZX510

Verifone taxi

Verifone Terminals