UNDERSTANDING COMPLIANCE FOR POSITOUCH SYSTEMS By Charles Reiser
PCI is a collaborative program among the credit card companies, including Visa, Mastercard, Discover and American Express. It . It is based on the CISP ( Cardholder Information Security Program) compliance program initiated by Visa since 2001 to protect credit card data from being stolen, or otherwise ending up in the wrong hands.
This article will help you to understand what steps you will need to take to get your Positouch Point of Sale system compliant to the standards required by the payment industry.
PCI compliance was introduced by Visa, Mastercard, American Express and Discover is to prevent unauthorized people from acquiring credit card information from your establishment. I am going to describe the areas of concern to address each of them directly. It
is intended to protect cardholder data, ensuring that merchants and service providers maintain the highest information security standard.
The PCI Security Standards Council was formed by the industry to regulate the standards necessary to protect payment data.The PCI Security Standards Council provides a unified, global system that is more accessible and efficient for all stakeholders – merchants, processors, point-of-sale vendors, financial institutions, and payment companies.
The PCI Data Security Standard offers a common set of tools and measurements to help ensure the safe handling of sensitive information for all credit cards. For a Positouch system, the following are the basic explanations for the PCI Standard:
Internet
if you have high speed internet access such as a cable or DSL modem, you need to have a firewall and anti-virus software installed. The preferred form of firewall is a firewall/router that would be installed between your Cable/DSL modem and the rest of your network. This type of firewall will work best to prevent outside intrusions into your system. Anti-virus software must be installed and kept up to date on all of your PC's. This is to include your Posdriver, all of your terminals and any Computers that share the network with the Point of sale system. Weather or not your Positouch system has high speed credit cards or not, if you have internet access, you must comply with these steps.
Compliant Software
All of the point of sale software must be verified by Visa/MasterCard. A letter of verification can be provided to show that the software recommended here is verified as PCI compliant. You will need to upgrade your POS system software to the following versions: Positouch Version 5.31 and Slipstream version 3.0.6 by Midnight Express. These programs meet the guidelines set by Visa in the original CISP compliancy. These applications encrypt credit card information and help prevent unauthorized access. I will get more in depth on the functionality of these two programs in another article.
Password Protection
Each user of the POS will need to have a unique username and password to log into the Server. Passwords should contain letters and numbers and and characters and should avoid things like the name of your pet or child. Positouch has written and new Back office interface called Navigator 2 to allow you to implement this security feature. Navigator is fully customizable and adds a new level of security to the Positouch environment. Passwords need to be changed on a regular basis and every time someone leaves your employment.
Operating Systems
As I write this article, Microsoft is not supporting it older operating systems created prior to the year 2000. This includes, Windows 3.11, Windows 95, Window 98, and Windows ME. Microsoft is no longer providing security updates for these OS's; as such, we do not encourage that they be used towards achieving compliancy with the CISP/PCI standard.
Hardware Requirements
For the Newer operating systems and the Point of sale software to work specific minimum requirements exist. The terminal must have a hard drive of 10 GB or larger. It must also be able to support 128mb of RAM or more. Below you can see pictures of the non-compatible terminals, if you are not sure if your terminal is one of the ones pictured here, please call out support desk or sales department, so we can help you identify the equipment you own.
NCR | Javelin 10" | Javelin LCP | Javelin Wedge | IBM 4695 Distributed Head | IBM 4695 Integrated
Audit Logs
Need to be maintained for all programs. The audit logs track what users logged into the system are doing.
I hope this has cleared up some of your questions regarding CISP/PCI compliance. We are here to assist you with meeting the standards laid out by your credit card processors. Taking the steps laid out here, with continual testing to verify that these standards are maintained will allow you to continue taking credit cards as a form of payment. If you have additional questions or concerns, please feel free to contact either myself or Ed Wood in our support department or your Sales Representative. |
