Over the last year there have been big changes in PCI compliance. There are stricter rules and stiffer penalties.
What is PCI Compliance? PCI is short for PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is a set of REQUIREMENTS designed to insure that ALL companies processing, storing or transmitting credit card information maintain a secure environment. The payment Card Industry Standards council was launched in September of 2006 to manage the ongoing development of the payment card industry security standards. It focus’s on improving payment account security throughout the entire transaction process. PCI DSS is administered and managed by the PCI SSC (You can check out their website for more information at www.pcisecuritystandards.org).
Now that we know what PCI Compliance is, let’s talk about a few security measures that can help to ensure that you are PCI compliant. (This is not a complete list and is for Restaurant Manager Software, however it can help get you started on theright track.)
- Be sure that ALL administrator password expiration settings are set to system default or to 90 days or fewer, and NOT set to O.
- Check that the Default (system-wide) administrator “Password Expiration Days” setting is set to 90 days or fewer , and NOT set to 0.
- Make sure the number of days you keep unused card information is set to the minimum required for business need.
- Check that your server machine is physically secured with two methods (i.e. behind a locked door or in locked cabinet, and also in an area restricted to authorized personnel only or protected by other security system such as recording video cameras).
- Make sure that your Remote Access is configured with two factor authentication (for example: LogMeIn Central using second factor single use authentication token).
- Make double sure there are No open ports allowed from the WAN (Internet) directly to the server machine.
- Check that your Firewall (with stateful packet inspection capability) is installed between WAN/Internet and the store server machine/network is configured to disallow all incoming communication. Only allow POS required ports and protocols.
If you have any questions or concerns please give us a call we will be glad to help you. Ask for Jim Gerow 503 284-6565
Restaurant Manager by ASI, www.rmpos.com
POSitive Technologies, Inc, www.positivetech.com