Point of Interaction (POI)

For purposes of these requirements, a POI is defined as:

A device that provides for the entry of PINs, used for the purchase
of goods or services or dispensing of cash. An approved POI has met
all of the applicable PCI PTS POI requirements for online and/or
offline PIN entry, and has a clearly defined physical and logical
boundary for all functions related to PIN entry.

A POI may be standalone and not embeddable, in which case the

PED approval class may be applicable. This class may apply to both
attended and unattended. However, vendors may decide to list an
unattended terminal under the UPT class, when meeting the
appropriate requirements.

If the POI is designed to be embedded into a wider set (e.g.,

vending machine or ATM), then EPP or PED approval class would
apply. In such case, there can be other functionalities present
besides PIN capture and conveyance (e.g. display, card reader).
Devices entering this category will have the product type property
prefixed with the word &ldqou;OEM” on the main page of the listing,
to unambiguously advertise the modular nature.
POIs that combine goods (e.g. petrol) or services (ticketing
machine) delivery with PIN-based payment are eligible for the UPT
approval class. These POIs can possibly include approved OEM
modules.

POIs submitted for testing must be properly identified so that PCI

participants’ customers or their agents can be certain of acquiring a
POI that has been approved by PCI.
Product Name Description

ABSecure A "virtual airlock" that isolates and protects your LAN while your
ModemSwitcher workstation or other workstations of your LAN are
connected to the Internet by modem. When a user establishes a
(ABSecure) modem connection, ABSecure's ModemSwitcher detects it
automatically and isolates the workstation from the local
network. When the user terminates the Internet connection,
ABSecure's ModemSwitcher re-enables automatically the local
connections. All the process is tranparent to the user. With
ABSecure's ModemSwitcher, an enterprise administrator can
enforce a security policy requiring that no machine on the
network is able to be connected both to the LAN and to the
Internet at the same time. Moreover, with ABSecure's
ModemSwitcher, all the modems that are not allowed throughout
the enterprise become ineffective. ABSecure's ModemSwitcher
protects your network from "bouncing" attacks. A bouncing
attack consists in hacking a workstation connected to the
Internet by dial-up, and from there to gain access to the rest of
the internal corporate network. ABSecure's ModemSwitcher
protects your LAN from this type of attack, because when a user
is connected by dial-up, he does not have access to the LAN any
more, until the modem connection is dropped.

Caller ID A general purpose Caller ID programmer. It provides the tools

Programmer that allow you to configure your phone system to meet your
personal requirements. It can be used to screen calls and assign
(Computer specific actions to selective CID numbers or bulk numbers. It can
Peripheral also auto dial any number from its database and block outbound
Systems) calls based on one or a variable number of prefix numbers. The
CID2x operates with any standard Caller ID service, but is most
applicable to the CID services that also provide the caller's
name.

Challenger P2 A field programmable hardware authentication system for dial

(Computer modem security. It operates on a LOCK and KEY principle similar
to Locks and Keys in the home or office. Two nodes are required
Peripheral for a minimum system, but a system can accommodate as many
Systems) nodes as are necessary. The P2s are completely independent of
the hardware and software. They can operate with PCs or MACs
with internal or external modems or even with fax machines or
any analog equipment for that matter.

Challenger P2 Primarily designed to provide absolute authentication type of

BAS (Computer security for remote dial-line maintenance applications. However
it may also be used in any application where secure groups of
Peripheral modems may also require a Master Level of access. It allows the
Systems) subject equipment to be securely accessed by its own group of
users as well as by the manufacturer or third party maintenance
firm through a "Master Key" that has access to all of the secure
user groups.
Challenger TLC Challenges all inbound calls for the proper means of identification
(Computer from the caller. It provides three levels of security: The
CHALLENGER HARDWARE KEYS provide the quickest and highest
Peripheral level of security. The Keys are small match box sized devices
Systems) that connect to the callers modems with standard RJ-11 type
connections. Unauthorized calls that fail to meet
challenge/response are aborted in less than one half second and
are not recognized as modem answered calls by hackers. The
customer can program a separate user ID number into each Key,
which can be used for further audit purposes, if required. The
CALLER ID security option matches the inbound Caller ID
number against a database of authorized numbers prior to
allowing the ring through. The database is entered from the PC.
It can accommodate up to 50 valid Caller ID numbers. An
expanded version is also available. The DTMF touch-tone security
method monitors the first 10 seconds of each call for the
presence of the proper touch-tone commands.

Enforcer Disconnects the LAN connection when modems are in use.

(Computer Requires positive intervention to restore the LAN Connection.
Peripheral
Systems)

Lucent Remote A single line dial-up port protection system that prevents
Port Security unauthorized access to a host resource. Host resource dial-up
ports, called "subscribers," are protected by the installation of
Device (Lucent the RPSD Lock hardware unit on the analog interface channel
Technologies) leading to the subscriber port. Access is provided only when the
calling party uses the RPSD Key, a hardware unit installed on the
analog interface channel on the calling party end. The RPSD
system provides security and control for virtually any type of
dial-up port on any host resource, regardless of the type of
modem associated with the host’s dial-up ports. This document
specifically targets LUCENT TECHNOLOGIES Business
Communications Systems customers and users the DEFINITY
Communication System, System 85, System 75 PBXs,
DIMENSION® PBX, and supporting peripheral products, for
which reason most references in this document are specific to
Business Communications Systems. However, this should not be
understood as restricting other applications of the RPSD system.

Mini Firewall An external hardware security device that is designed to

(Computer eliminate the possibility of using inbound or outbound dial
modem connections to gain access to the corporate LAN. With
Peripheral the Basic Mini Firewall installed, the connection to the LAN is
Systems) disabled while the modem session is in progress. This eliminates
the possibility of causing LAN damage or security breaches via
unscrupulous Internet connections. The LAN connection is
automatically re-established when the modem call is completed.
The Basic Mini Firewall is quite simple, easy to use, and highly
effective. It uses relays to physically disconnect the LAN
 connection when the modem is in use. When the modem call is
completed, the network connection is again automatically
restored.

Port Authority Connects directly to up to eight console ports and provides the
44 highest level of protection regardless of the state of the network.
This is done by maintaining an internal security database that is
(Communcation updated by a central database on an “as needed” basis. This
Devices) internal database provides fast, reliable, two factor
authentication every time a technician accesses the router. By
using switching to connect one modem to eight routers, The Port
Authority saves line and equipment cost continually.

Port Authority Connects directly to up to eight console ports and provides the
84 highest level of protection regardless of the state of the network.
This is done by maintaining an internal security database that is
(Communcation updated by a central database on an “as needed” basis. This
Devices) internal database provides fast, reliable, two factor
authentication every time a technician accesses the router. By
using switching to connect one modem to eight routers, The Port
Authority saves line and equipment cost continually.

Private Call Allows you, the "called party", to route inbound calls to selective
Director ports, or abort them. The action is based on the Caller ID of the
inbound call. The PCD combines features of a fax server, mail
(Computer box, PBX, or a call director. It operates with any standard analog
Peripheral telephone equipment; such as voice sets, faxes, modems,
Systems) answering machines, call announcers, CPS's Modem Router
Switch, fax buffer, etc.

Selective Provides controlled selective dial access to multiple systems. Use

Access System with current password systems for "two factor" authentication.
(Computer
Peripheral
Systems)

Standard Hardware security system for dial modem or fax authentication.

Challenger
(Computer
Peripheral
Systems)

TeleSweep Security-scanning tool designed for the enterprise, providing

Secure visibility into telephone networks by identifying modem, fax or
voice and characterizing security posture to determine
(SecureLogix) vulnerabilities. Enterprises are then able to prioritize security
efforts to secure or remove modems eliminating unauthorized
points of entry into their private data networks.

TeleWall Firewall for telephone lines, protects data networks by securing

(SecureLogix) telephone networks. Client software can be installed on any
 desktop in the enterprise providing quick access to data and
control over sensors and policies. Servers software can be
configured locally or remotely using the client software. Servers
are capable of managing enterprise-wide deployments of
sensors. Appliances are available in T1, ISDN-PRI and 12-line
analog interfaces. Appliances can be added, moved or removed
with rack mount simplicity and easy appliance management.

Smart card
A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card
with embedded integrated circuits. There are two broad categories of ICCs. Memory
cards contain only non-volatile memory storage components, and perhaps dedicated
security logic. Microprocessor cards contain volatile memory and microprocessor
components. The card is made of plastic, generally polyvinyl chloride, but sometimes
acrylonitrile butadiene styrene or polycarbonate . Smart cards may also provide strong
security authentication for single sign-on within large organizations.

Overview

Smart card used for health insurance in France

A smart card may have the following generic characteristics:

• Dimensions similar to those of a credit card. ID-1 of the ISO/IEC 7810 standard
defines cards as nominally 85.60 by 53.98 millimetres (3.370 × 2.125 in). Another
popular size is ID-000 which is nominally 25 by 15 millimetres (0.984 × 0.591 in)
(commonly used in SIM cards). Both are 0.76 millimetres (0.030 in) thick.
• Contains a tamper-resistant security system (for example a secure cryptoprocessor
and a secure file system) and provides security services (e.g. protects in-memory
information).
 • Managed by an administration system which securely interchanges information
and configuration settings with the card, controlling card blacklisting and
application-data updates.
• Communicates with external services via card-reading devices, such as ticket
readers, ATMs, etc.

[edit] Benefits

Smart cards can provide identification, authentication, data storage and application
processing.

Many different pad layouts can be found on a contact Smart card

Contact smart card

Illustration of smart card structure and packaging

Contact smart cards have a contact area of approximately 1 square centimetre (0.16
sq in), comprising several gold-plated contact pads. These pad provide electrical
connectivity when inserted into a reader.[6]

The ISO/IEC 7810 and ISO/IEC 7816 series of standards define:

• physical shape and characteristics

• electrical connector positions and shapes
• electrical characteristics
• communications protocols, including commands sent to and responses from the
card
• basic functionality

Cards do not contain batteries; power is supplied by the card reader.

Health care (medical)

Smart health cards can improve the security and privacy of patient information, provide a
secure carrier for portable medical records, reduce health care fraud, support new
processes for portable medical records, provide secure access to emergency medical
information, enable compliance with government initiatives and mandates, and provide
the platform to implement other applications as needed by the health care organization.