PAX Payment Terminals Receive Global 1 st with PCI P2PE Version 2.0 Certification

· Press releases

(Hong Kong, PRC, 31 Mar 2016) PAX Global Technology Limited (“PAX”, HKSE stock code: 00327.HK), one of the world’s leading Electronic Funds Transfer Point-of-Sale Terminal (“E-payment Terminal”) Solutions Services Providers, together with Optomany, PAX’s channel partner in the United Kingdom and a leading payment acceptance solutions provider, obtained the successful passing of the newly launched version 2.0 of the PCI Point to Point Encryption(P2PE) standard for Optomany's axept® payment application running on PAX payment terminals, making them the first globally to achieve this certification.

Working with Optomany, Foregenix, an independent information security business, assessed all aspects of the axept® application including development practices, encryption key management and the handling of sensitive cardholder and authentication data, resulting in an Attestation of Validation (AOV) from Foregenix and the Payment Card Industry (PCI) Security Standards Council confirming compliance with the new internationally recognised standard.

Version 2.0 is the next evolution of the P2PE standard from the Payments Card Industry Security Standards Council, which came into effect in September 2015 and is far more comprehensive than its predecessor.

Key Benefits of P2PE include:

• Makes account data unreadable by unauthorised parties

• “De-values” account data because it can’t be abused – even if stolen

• Simplifies compliance with PCI DSS

• The P2PE Self-Assessment Questionnaire includes only 26 PCI DSS requirements

• Offers a powerful, flexible solution for all stakeholders

Mr. Marc White, Chief Security Officer at Optomany, said, “As a leading payment acceptance solution provider, security is in our DNA and the protection of customer data is integral to our business. A global first is a fantastic achievement, but of far more importance to us are the benefits we can bring to our customers through simplified PCI DSS compliance and risk reduction.”

Mr. Mark O'Flynn, Sales Director at PAX, said, “This certification is a real credit to the team at Optomany and we are delighted to be part of this global first. We look forward to building on the successful relationship we have with Optomany as we see ever increasing numbers of PAX devices in use in the U.K. and across Europe.”

Mr. Jeremy King, International Director at the PCI Security Standards Council, said, “Expanding the availability of solutions for merchants that make account data unreadable and less valuable to criminals if stolen in a breach is a key priority for the PCI Security Standards Council. In achieving the first PCI P2PE version 2.0 validated application to be used as part of a PCI P2PE solution, Optomany joins a selective group of industry leaders that are driving merchant adoption of PCI validated P2PE products to devalue cardholder data.

Mr. Andrew Henwood, CEO at Foregenix, said, “Achieving compliance with the PCI P2PE standard is a significant challenge for any organisation. As the first PCI P2PE version 2.0 validated application, both the Optomany and Foregenix teams have achieved a world first and the effort and commitment to do so is highly commendable. Many congratulations to the team at Optomany for this achievement.”

He added, “As can be seen from the all too regular news headlines concerning hacked businesses losing their client data, businesses are struggling to compete in a highly competitive market, while still protecting their client data effectively. The benefits that PCI P2PE version 2.0 brings to merchants are significant from a security improvement and risk reduction perspective as well as drastically simplifying their PCI DSS challenge. We would strongly advise any merchant looking at their payment security to consider the merits of PCI P2PE, especially the newly released PCI P2PE version 2.0 with many great enhancements over the prior versions.”