Global | Change

Assessor Validates Verifone’s VeriShield Protect End-to-End Encryption Solution

Independent QSA Determines VeriShield Protect Meets All Visa Data Field Encryption Guidelines and May Take Payment Applications out of PCI Scope June 21, 2010 San Jose, CA

Verifone Systems, Inc. (NYSE: PAY), and Coalfire Systems, Inc., today announced that an independent assessment by Coalfire has determined that Verifone’s VeriShield Protect end-to-end encryption solution meets all Visa Data Field Encryption guidelines as well as other industry standards.

Coalfire, a Payment Card Industry (PCI) Qualified Security Assessor (QSA), recently completed the assessment, which included technical testing, architectural assessment, industry analysis, compliance validation and peer review of VeriShield Protect. The assessment concluded that, “the VeriShield Protect solution can reduce the cost of PCI compliance assessment and validation and allow [merchants] to invest more of those dollars into risk mitigating controls.” A copy of the report is available at

In addition to achieving Visa’s best practices for data field encryption, Coalfire determined that with VeriShield Protect, a payment application or point-of-sale (POS) system that is not Payment Application Best Practices (PABP) or Payment Application Data Security Standard (PA-DSS) validated can be taken out of PCI scope if all payment data is captured through the VeriShield Protect solution and the system is cleansed of all legacy card data.

“Coalfire’s report indicates we achieved our goal of creating a payment security solution that will reduce the cost of PCI compliance,” said Jeff Wakefield, Verifone vice president and general manager, Global Security Solutions. “With VeriShield Protect, merchants can eliminate almost all risk of payment card data compromise.”

Other key findings include:

  • Verifone’s format-preserving VeriShield Hidden Encryption meets encryption best practices and standards for cryptographic algorithms and key strength.
  • The VeriShield Protect solution integrates securely with PC based POS or cash registers.
  • VeriShield Hidden Encryption provided successful integration with all payment application, POS and back-office servers tested.

“The Verifone VeriShield Protect solution has impressed our technical assessment team and our QSA auditors,” said Rick Dakin, Coalfire CEO and co-founder. “The overall scope of platforms, technology and tools are well architected and effective.”

Coalfire and Verifone will conduct a webinar on June 22 at 1:00 P.M. EDT to review the results of the assessment; registration information is available at

Additional Resources:

Safe Harbor Statement under the Private Securities Litigation Reform Act of 1995 for Verifone Systems, Inc.
This press release includes certain forward-looking statements related to Verifone Systems, Inc. within the meaning of the Private Securities Litigation Reform Act of 1995. These statements are based on Verifone management's current expectations or beliefs and are subject to uncertainty and changes in circumstances. Actual results may vary materially from those expressed or implied by the forward-looking statements herein due to changes in economic, business, competitive, technological and/or regulatory factors, and other risks and uncertainties affecting the operation of the business of Verifone Systems, Inc. These risks and uncertainties include: customers’ acceptance and adoption of Verifone solutions and other new product and service offerings, our ability to protect against fraud, the status of our relationship with and condition of third parties upon whom we rely in the conduct of our business, our dependence on a limited number of customers, uncertainties related to the conduct of our business internationally, our dependence on a limited number of key employees, short product cycles, rapidly changing technologies and maintaining competitive leadership position with respect to our payment solution offerings. For a further list and description of such risks and uncertainties, see our filings with the Securities and Exchange Commission, including our annual report on Form 10-K and our quarterly reports on Form 10-Q. Verifone is under no obligation to, and expressly disclaims any obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, changes in assumptions or otherwise.

About Coalfire (
Coalfire Systems, Inc. is a leading IT audit and compliance firm that provides IT audit, security, and compliance management solutions throughout North America. Services include compliance assessments, penetration testing, application code reviews and certifications. Customers are in the retail, financial services, government, healthcare, education, legal, and public utilities industries. Coalfire's solutions are adapted to requirements under emerging data privacy legislation including PCI, GLBA, HIPAA, NERC CIP, SOX, and FISMA. Coalfire is a Qualified Security Assessor (QSA) that conducts over 1,000 IT audits and assessments annually.

About Verifone Systems, Inc. (
Verifone Systems, Inc. (“Verifone”) (NYSE: PAY) is the global leader in secure electronic payment solutions. Verifone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. Verifone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.