Global | Change

Assessor Validates Verifone’s PAYware Mobile Enterprise Compliant with Payment Security Requirements

QSA Coalfire Systems' Assessment Says App is Not Within Scope of PA-DSS; Mobile Payment Solution for Smartphones, PDAs and Tables Can Reduce Scope of Overall PCI DSS Compliance  August 01, 2011 San Jose, CA

Verifone Systems, Inc. (NYSE: PAY), today announced that an independent evaluation by Coalfire Systems, Inc, a leading IT audit and compliance firm, has validated the security compliance of Verifone's PAYware Mobile Enterprise solution for enabling smartphones, PDA's and tablets to securely accept payments.

Coalfire, a PCI Qualified Security Assessor (QSA) and PCI Qualified Payment Application Security Assessor, determined that the PAYware Mobile Enterprise application does not capture, store, process or transmit cardholder data as part of authorization or settlement, and thus "is not within scope of PA-DSS." As recently outlined by the PCI Security Standards Council, applications that do not store, process, or transmit cardholder data do not fall under the PA-DSS program.

"Coalfire's assessment provides merchants with the assurance they can use a mobile-based payment application without violating the PA-DSS standard and can safely deploy the Verifone solution without risking PCI DSS compliance," said Erik Vlugt, Verifone vice president of marketing for retail and vertical segments. "Those merchants who chose PAYware Mobile Enterprise to revolutionize customer service and store operations can save considerable cost, time, and effort in their compliance efforts."

According to Coalfire's report, when implemented according to specific PCI guidance provided by Verifone, the company's PAYware Mobile solution "can be deployed in a fully PCI DSS compliant manner and can reduce the scope of PCI DSS compliance in a merchant environment."

PAYware Mobile Enterprise integrates with existing in-store POS systems and incorporates a PCI PTS-approved card encryption sleeve and PIN debit keypad, as well as a 2D bar code scanner for quickly and efficiently performing mobile check out or inventory control tasks. Verifone's mobile payment solution for enterprise retail environments also incorporates VeriShield Total Protect, Secured by RSA, providing end-to-end data encryption and tokenization that ensures no card data can be transmitted or stored in an unsecure manner.

Coalfire determined that Verifone's mobile payment solution complies with Visa Best Practices for Mobile Payment Acceptance Solutions v 1.0, released on 27 April, 2011, and evaluated three key aspects of Verifone's PAYware Mobile for small to medium-sized merchants and PAYware Mobile Enterprise for large retail enterprises:

  • The PAYware Mobile card encryption sleeve can be deployed in a PCI DSS compliant manner and reduce the scope of PCI DSS compliance for merchants.
  • The PAYware Mobile POS application running on a mobile device with the card encryption sleeve and VeriShield Total Protect is out of scope of PA-DSS as it does not capture, store, process or transmit cardholder data as part of authorization or settlement.
  • Forensic analysis of the mobile device in scope of this assessment showed no transmission or persistence of unencrypted cardholder data during and following card present transactional testing.

Coalfire's report is available at

Safe Harbor Statement under the Private Securities Litigation Reform Act of 1995 for Verifone Systems, Inc.
This press release includes certain forward-looking statements related to Verifone Systems, Inc. within the meaning of the Private Securities Litigation Reform Act of 1995. These statements are based on Verifone management's current expectations or beliefs and are subject to uncertainty and changes in circumstances. Actual results may vary materially from those expressed or implied by the forward-looking statements herein due to changes in economic, business, competitive, technological and/or regulatory factors, and other risks and uncertainties affecting the operation of the business of Verifone Systems, Inc. These risks and uncertainties include: continual compliance of our mobile POS encryption solution with applicable industry standards, our ability to protect against fraud, the status of our relationship with and condition of third parties upon whom we rely in the conduct of our business, our dependence on a limited number of customers, uncertainties related to the conduct of our business internationally, our dependence on a limited number of key employees, short product cycles, rapidly changing technologies and maintaining competitive leadership position with respect to our payment solution offerings. For a further list and description of such risks and uncertainties, see our filings with the Securities and Exchange Commission, including our annual report on Form 10-K and our quarterly reports on Form 10-Q. Verifone is under no obligation to, and expressly disclaims any obligation to, update or alter its forward-looking statements, whether as a result of new information, future events, changes in assumptions or otherwise.

About Verifone Systems, Inc. (
Verifone Systems, Inc. ("Verifone") (NYSE: PAY) is the global leader in secure electronic payment solutions. Verifone provides expertise, solutions and services that add value to the point of sale with merchant-operated, consumer-facing and self-service payment systems for the financial, retail, hospitality, petroleum, government and healthcare vertical markets. Verifone solutions are designed to meet the needs of merchants, processors and acquirers in developed and emerging economies worldwide.