How to select a Verifone certified Managed Network Service Provider (MNSP) and prepare for outdoor EMV

Verifone’s Enhanced Zone Router (EZR) is reaching its end-of-life and cannot support the ever-evolving cybersecurity threats and outdoor EMV. As a result, Verifone previously announced that new installations should deploy devices with a certified Managed Network Service Provider (MNSP).

What is included in the Verifone MNSP program?

The Verifone MNSP program includes the following key components:

  1. Replacing Enhanced Zone Router with an Edge Device from an approved Managed Network Service Provider (MNSP)
  2. Connection from Verifone to site is through the MNSP’s service
  3. Certification process and template ensures parity with existing functionality through transition

What should you look for in an MNSP?

Upgrading network equipment and switching to a new MNSP can be complex, and you could run into unintended network, device or compliance problems. To ensure you are selecting the right provider for your needs, questions you should ask include:

  • Is the MNSP a provider certified by Verifone?
  • Does the provider have 24x7x365 network support, and is it US-based?
  • Are they fully compliant to the upcoming PCI 4.0 standard?
  • Do they provide an Attestation of Compliance (AOC) that covers all components of the solution? Including the help desk, cloud infrastructure, and covers all the devices installed on- site?
  • Do they provide a flexible solution that grows with future technology rather than becoming obsolete (e.g., devices don’t become obsolete due to built-in features like 3G wireless)? Are devices able to be located independently to provide the best coverage for Wi-Fi and cellular coverage at your site?
  • Can their solution cover many businesses at once?

What should you look for in the products and services provided by an MNSP?

When reviewing product and service offerings, you’ll want to make sure they provide:

  • Secure point-of-sale (POS) and payment gateway connectivity to keep payments flowing
  • Secure remote POS vendor access that meets PCI DSS Requirements 12.3.8 and 12.3.9, such as AcuLink™ by Acumera
  • A cloud-based dashboard that provides visibility into the connection health of ALL networked devices at ALL locations, for ease of trouble-shooting and fast resolution of any issues
  • A managed POS firewall that segments and separates your payment systems from the rest of your network to meet PCI 4.0 requirements 1.2, 1.2.1 and 1.2.2[KS1]
  • A secure perimeter firewall that protects your entire network and provides visibility to monitor and troubleshoot all connected IoT devices and third-party applications / connections across ALL sites
  • A cloud-based air-gapped approach (that meets PCI compliance standards) for data transfer to third-party providers of telematics, fuel monitoring, analytics, loyalty programs, back-office applications and more. Similar to the Acumera workload connections catalog, which is constantly growing, some of the more common connections can be seen here.
  • Wi-Fi that is not only flexible and can be positioned anywhere, but can be segmented and expanded for personnel, store managers, guests, and hand-held devices, etc. rather than incorporated into a security appliance
  • A tank monitoring app to manage fuel ordering and inventory that can be connected to any Automated Tank Gauge (ATG) using the Veeder-Root protocol
  • A proactive approach with monthly internal vulnerability scanning for a quick resolution of any security issues.
  • Monthly external scanning using an Approved Scanning Vendor (ASV), which is a third-party that validates your chosen MNSP’s defenses are adequate
  • Logging and storage of network traffic data
  • An intrusion detection system (IDS) for detection, monitoring, and response
  • Web content filtering for spam and malware control
  • Clear identification of non-PCI payment application devices in the Cardholder Data Environment (CDE)
  • WAN failover enabled for automatic backup network connectivity to prevent payment processing disruptions when your primary internet goes down
  • Cellular failover that includes a modem, data plan, and flexible carrier options

How can you ensure your remote access solution is secure?

PCI DSS 12.3.8 and 12.3.9 require remote access for vendors and business partners to be provided only when needed. With the right solution, legacy devices, like DVRs and ATGs, that often expose an attack vector to the store’s digital estate can be completely locked down and still be remotely accessible in a PCI compliant fashion by employees and approved vendors and business partners.

For example, with AcuLink remote access technology from Acumera, store owners can grant secure remote support access for authorized employees as well as third-party service providers by utilizing PCI DSS compliant, logged, and secured ephemeral connections. Permission is given via a simple, one-click activation through the AcuVigil™ Dashboard, which also allows for automatic disconnection after a period of inactivity.

Are there other PCI tools available?

At a minimum, your MNSP should be a PCI compliant provider, but they may also offer tools and services that help you maintain store compliance. These include:

  • Internal and external system scanning
  • Logging of PCI related events
  • Dynamically generated site network diagrams
  • Clear identification of non-PCI payment application devices in the Cardholder Data Environment (CDE)
  • Web filtering
  • Intrusion detection system (IDS)
  • Security operations center (SOC)
  • Online Self-Assessment Questionnaire (SAQ)

How can you learn more about MNSPs and preparing for outdoor EMV?

Acumera is a Verifone certified MNSP, so we can answer your questions plus provide you additional information on our comprehensive solution that will meet your current and future network and operational needs and prepare you for outdoor EMV.

If you are interested in learning more about how Acumera helps our current clients secure their networks, see this case study on how we helped a client recover from a ransomware attack.

Request a demo today, to learn more about our advanced firewall and application platform and proactive 24x7x365 support for maximum security, visibility, uptime, and profitability. You can also check out the “Choosing an MNSP and Preparing for Outdoor EMV” infographic and get additional information on MNSP services provided by Acumera.

You may also like these