CONFIDENCE WHEN IT COUNTS
We consider security to be a core part of our product offerings so all of our solutions incorporate a full suite of built-in security features that meet or, in most cases, exceed card association requirements. Apriva is DSP (VISA CISP) certified, not only for the mandatory “Data-at-Rest” requirements, but also for the future mandatory “Data-in-Motion” requirements. We use a managed, private, wireless network that shields terminals from access by hackers by eliminating the Internet from the communication path. This certification is a key step in addressing today's stringent demands for wireless security and underscores our commitment to providing the most secure solutions in the industry. Additionally, Apriva clients have the assurance that our code base has been carefully reviewed, tested and validated by representatives of the National Security Agency for use within the federal government. With Apriva Secure POS you can have confidence that the systems you deploy will remain compliant now and in the future.

COMPLIANCE
SAFETY IN STANDARDS
• VISA/MASTERCARD PCI DATA SECURITY STANDARD. Visa and MasterCard established PCI to protect sensitive cardholder information while at rest on POS terminal equipment or on the Apriva gateway. Apriva updates its certification with Visa/MasterCard PCI twice a year.

• VISA PABP (PAYMENT APPLICATION BEST PRACTICES). Although not a mandatory standard, APRIVA has voluntarily agreed to comply with a more stringent set of requirements that go beyond PCI to establish security on sensitive information in motion as it moves through the public data networks.

• MASTERCARD PTS (POS TERMINAL SECURITY). MasterCard recently released a new mandatory standard, specifically targeted at Wireless and IP-Enabled POS equipment. APRIVA currently meets or exceeds these new requirements and is the first to receive certification.

APRIVA SECURITY CHECKLIST
PROTECTING YOUR BUSINESS
• AUTHENTICATION. Two-way authentication is provided between the terminal and host using the RSA algorithm and 1,024-bit keys.

• CONFIDENTIALITY. Data encryption is performed using the Advanced Encryption Standard (AES) with the maximum (256 bit) key strength.

• KEY MANAGEMENT. Encryption keys are dynamically established with a unique key for each transaction.

• DATA INTEGRITY. Hashed Message Authentication Code (HMAC) using Secure Hash Algorithm (SHA-1).

• REPLAY PROTECTION. A unique identifier associated with each transaction permits immediate detection and blocking of replay attacks.

• HIGH-AVAILABILITY. Redundant system design with automatic fault detection and fail-over assures high Quality of Service (QoS) and protects against Denial of Service (DoS) attacks.

• HIGH-PERFORMANCE. AprivaTalk™ communication protocol version 3.0 is optimized for wireless and other long-latency networks.

END-TO-END SECURITY
PROTECTING YOUR BUSINESS
• TWO-WAY AUTHENTICATION. Card associations are now mandating two-way authentication between the terminal and the host. Delivery of new security systems is typically a lengthy process of development and certification of both terminal and host software but Apriva is already prepared to meet this requirement with the transaction and boarding systems necessary to support both small and large-scale deployments.

• CONFIDENTIALITY. Apriva provides confidentiality using AES (Advanced Encryption Standard). AES has replaced the older Triple-DES algorithm, providing stronger and faster encryption of sensitive transaction data.

• DATA INTEGRITY. To prevent “man in the middle” attacks, Apriva uses a Message Authentication Code (MAC) to detect and reject transactions that have been modified while being transmitted across untrusted network infrastructure.