Global | Change

NetSPI, Verifone Team on Industry-Leading PA-DSS Compliance Effort

Approval of Verifone’s SoftPay® Enables More than 2 Million Existing Verifone Merchants to Gain Compliance with new Security Standards March 16, 2009 Minneapolis

NetSPI, a leading information-security consulting firm, and Verifone Holdings, Inc. (NYSE: PAY), have partnered on a pioneering effort to ensure that Verifone payment device applications comply with the new security standard known as the Payment Application Data Security Standard (PA-DSS).

PA-DSS, a critical component of the PCI Data Security Standard (PCI DSS) that focuses on complete merchant site security, requires a rigorous certification process and conclusively affirms that the payment application does not store cardholder data and handles it in a secure, compliant manner.

The millions of small to mid-sized merchants have to date been left with little protection against increasingly sophisticated criminal efforts to obtain cardholder data. Without a properly audited and PA-DSS-approved application, these merchants have no knowledge of their exposure level and are at a higher degree of risk for a security breach and liability.

To ensure the protection of these merchants, Verifone recently announced an aggressive program to achieve formal PA-DSS certification of the ubiquitous Verifone’s SoftPay application, which instantly provides an unprecedented path to compliance for more than 2 million payment devices in the United States and Canada.

NetSPI is assisting the Verifone development program in several ways:

  • Providing advisory services regarding the applicability of PA-DSS and how best to manage major and minor release schedules within the standard.
  • Auditing key Verifone payment applications as compliant with PA-DSS.
  • Advising Verifone on the security impacts of potential new features of payment applications.

Deke George, NetSPI CEO, said, “We are proud to combine forces with Verifone in this successful effort to validate payment applications that enable merchants to comply with this new security standard. Verifone is devoting significant effort and resources to make it easier for merchants and acquiring banks to demonstrate that they are in compliance with PCI.”

Paul Rasori, Verifone SVP, Global Marketing, added, “Nothing is more important to our industry than the trust that consumers put in acquirers, merchants and payment system vendors to securely handle their personal information. Working with partners such as NetSPI to positively verify our security standards compliance is an excellent example of Verifone’s proactive approach to maintaining that trust.”

About Verifone Holdings, Inc. (
Verifone Holdings, Inc. (“Verifone”) (NYSE: PAY) is the global leader in secure electronic payment solutions. Verifone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. Verifone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.

Safe Harbor Statement under the Private Securities Litigation Reform Act of 1995 for Verifone Holdings, Inc.:
This press release includes certain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These statements are based on management's current expectations or beliefs and are subject to uncertainty and changes in circumstances. Actual results may vary materially from those expressed or implied by the forward-looking statements herein due to changes in economic, business, competitive, technological and/or regulatory factors, and other risks and uncertainties affecting the operation of the business of Verifone Holdings, Inc. These risks and uncertainties include: our ability to successfully manufacture, distribute, market and sell the MX880 and related software applications, our customers' acceptance and adoption of our newly released products and applications, our ability to protect against fraud, the status of our relationship with and condition of third parties upon whom we rely in the conduct of our business, our dependence on a limited number of customers, uncertainties related to the conduct of our business internationally, our dependence on a limited number of key employees, short product cycles, rapidly changing technologies and maintaining competitive leadership position with respect to our payment solution offerings. For a further list and description of such risks and uncertainties, see our filings with the Securities and Exchange Commission, including our annual report on Form 10-K and our quarterly reports on Form 10-Q. Verifone is under no obligation to, and expressly disclaims any obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, changes in assumptions or otherwise.

About NetSPI ( Popup) NetSPI, a privately held information-security consulting company, was founded in 2001. It focuses on several industries: finance, healthcare, retail, energy and education. The company’s services include risk management, compliance with various federal laws and industry standards, internal and external security assessments, and the development of security programs. Clients include some of the nation’s largest banks, retailers, hospitals, colleges and universities, and energy companies. More information is available at Popup