How to select a Verifone certified Managed Network Service Provider (MNSP) and prepare for outdoor EMV

Choosing an MNSP and preparing for outdoor EMV image

Verifone’s Enhanced Zone Router (EZR) is reaching its end-of-life and cannot support the ever-evolving cybersecurity threats and outdoor EMV. As a result, Verifone previously announced that new installations should deploy devices with a certified Managed Network Service Provider (MNSP).

What is in included Verifone’s MNSP program?

As detailed on the Verifone MNSP program web page, the key components of the program include the following:

  1. Replacing Enhanced Zone Router with an Edge Device from an approved Managed Network Service Provider (MNSP)
  2. Connection from Verifone to site is through the MNSP’s service
  3. Certification process and template ensures parity with existing functionality through transition

What should you look for in an MNSP?

Upgrading network equipment and switching to a new MNSP can be complex, and you could run into unintended network, device or compliance problems. To ensure you are selecting the right provider for your needs, questions you should ask include:

  • Is the MNSP a Verifone certified provider?
  • Does the provider have 24x7x365 network support, and is it US-based?
  • Are they fully PCI compliant?
  • Will they provide an Attestation of Compliance (AOC)?
  • Is the MNSP listed on the Mastercard and Visa PCI compliant service provider registries?
  • Do they provide a flexible solution that grows with future technology rather than becoming obsolete (e.g., devices don’t become obsolete due to built-in features like 3G wireless)?

What should you look for in the products and services provided by an MNSP?

When reviewing product and service offerings, you’ll want to make sure they provide:

  • Secure POS and payment gateway connectivity to keep payments flowing
  • Secure remote POS vendor access that meets PCI DSS Requirements 12.3.8 and 12.3.9
  • A cloud-based dashboard that provides visibility into the connection health of all networked devices at all locations
  • A managed POS firewall that segments and separates your payment systems from the rest of your network
  • A perimeter firewall that protects your entire network and provides visibility to monitor and troubleshoot all connected IoT devices and applications
  • Cloud-based apps and tools for PCI compliance, management, analytics, fuel monitoring, loyalty programs, and more
  • WiFi that is flexible and can be positioned anywhere in the store, rather than incorporated into a security appliance
  • A tank monitoring app to manage fuel ordering and inventory
  • Internal and external vulnerability scanning
  • Logging and storage of network traffic data
  • An intrusion detection system (IDS) for detection, monitoring and response
  • Web content filtering for spam and malware control
  • Clear identification of non-PCI payment application devices in the Cardholder Data Environment (CDE)
  • WAN failover enabled for automatic backup network connectivity to prevent payment processing disruptions when your primary internet goes down
  • Cellular failover that includes a modem, data plan and flexible carrier options
  • VPN connection setup to connect headquarters securely to distributed locations for access to critical business information

How can you ensure your remote access solution is secure?

PCI DSS 12.3.8 and 12.3.9 require remote access for vendors and business partners be provided only when needed. With the right solution, legacy devices, like DVRs and ATGs, that often expose an attack vector to the store’s digital estate can be completely locked down and still be remotely accessible in a compliant fashion by employees and approved vendors and business partners.

For example, with Acumera’s AcuLink™ remote access technology, store owners can grant secure remote support access for authorized employees as well as third-party service providers by utilizing PCI DSS compliant, logged and secured ephemeral connections. Permission is given via a simple, one-click activation through the AcuVigil™ Dashboard, which also allows for automatic disconnection after a period of inactivity.

Are there other PCI tools available?

At a minimum, your MNSP should be a PCI compliant provider, but they may also offer tools and services that help you maintain store compliance. These include:

  • Internal and external system scanning
  • Logging of PCI related events
  • Dynamically generated site network diagrams
  • Clear identification of non-PCI payment application devices in the Cardholder Data Environment (CDE)
  • Web filtering
  • Intrusion detection system (IDS)
  • Security operations center (SOC)
  • Online Self-Assessment Questionnaire (SAQ)

How can you learn more about MNSPs and preparing for outdoor EMV?

Acumera is a Verifone certified MNSP, so we can answer your questions plus provide you additional information on our comprehensive solution that will meet your current and future network and operational needs and prepare you for outdoor EMV.

Contact us at 512.687.7410 or sales@acumera.net to learn more about our advanced firewall and application platform and proactive 24x7x365 support for maximum security, visibility, uptime, and profitability. You can also check out the “Choosing an MNSP and Preparing for Outdoor EMV” infographic and get additional information on Acumera’s MNSP services.

You may also like these