Welcome To Positive Feedback Software LLC

"Finally there is an affordable touch screen driven POS system for restaurants... FreePOS!"

 

Return To Home Page

Summary

 

PCI Compliance boils down to being careful with your sensitive card holder data. 

 

FreePOS only works with PCI Compliant payment software and gateways.

 

PCI Compliance Explained

The Card Associations Come Together

Over the last few years there have been a variety of initiatives brought forth by each of the different card networks. Visa’s Cardholder Information Security Program (CISP), MasterCard’s Site Data Protection (SDP), American Express’ Data Security Operating Policies (DSOP) and Discover’s Information Security and Compliance (DISC) regulations. In December of 2004, the Card Associations came together to create a single security program to set a single standard for Merchants to comply with: the Payment Card Industry Data Security Standards (PCI DSS).

PCI DSS focuses on six areas of operation

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

For most Merchants, in order to certify to the PCI DSS standards, you must complete a detailed self-assessment form and receive quarterly network scans from an independent auditor. For bigger Merchants (6 million transactions annually or above), the regulations require a detailed onsite assessment. Even Merchants who process less than 20,000 transactions annually are required to comply with the regulations, even though they are not currently required to be validated by the Card Associations. Certification and compliance guidelines for smaller Merchants are dictated by its Merchant Bank.

 

What Is CISP ?

When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. That’s why Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, CISP is intended to protect Visa cardholder data–wherever it resides–ensuring that members, merchants, and service providers maintain the highest information security standard.

In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Visa USA maintains CISP as the managing program for data security compliance endorsing the PCI Data Security Standard.

 

What Is PABP ?

You can read lots more about Payment Application Best Practices by clicking the link below.   You can also see which software packages are certified currently.   Please note that FreePOS interfaces with X-Charge by CAM Commerce, CreditLine by 911 Software and ICVerify.  

www.visa.com/cisp

 

Are You Okay?

Every payment processing application should be certified.  If you are using a certified version of X-Charge, CreditLine or ICVerify you are in great shape from a software standpoint.

It should be noted, however, that certification expires after one year.  So you must continually upgrade your software if you wish to maintain full compliance.

 

I Purchased A ____ POS System & Now The Company I Purchased The POS System From Is Telling Me That I Must Upgrade Or I'll Be In Violation Of The Law.   Help!

To be in full compliance with the PCI guidelines is an expensive & time consuming process.  Regular audits, software upgrades & rule changes that are difficult to predict all contribute to a very perplexing landscape.   Needless to say: Be very careful to get a second opinion if a sales person (who has a vested financial interest in "your compliance") tells you to upgrade.

 

What Happens If You Don't Comply?

You could be fined or you could lose your ability to accept credit cards.

 

Should I Close My Business Until I Get Certified?

NO.  These penalties are reserved for credit card database security mistakes that result in multiple accounts being high-jacked.  If a single person uses a stolen credit card in your establishment, the worst case is going to be a charge-back by the rightful owner of the card.

 

If I Change Processors Will That Help?

NO.   But some unethical card reps are telling merchants untrue things like this just to get more business.  

 

Tips About Security

Secure Your System

There are many things you can do to make your POS system more secure.   In most cases, computer security boils down to "common sense" rather than expensive software.  

  1. Installing New Software

    Don't install new programs unless they come from a reputable source.   Common places to get viruses are:  public download sites, school computer labs & a friend's computer.

     

  2. Locking Up Your PC

    Don't leave the door open to your back office PC.  If you do, it will be easy for someone to "slip your computer a mickey".   A locked door is your best security.

     

  3. Password Protect Files & Programs

    Put a password on critical functions like batching credit cards & issuing refunds.  Also, password protect your back office machine.   This keeps out the casual "walker by".

     

  4. Wireless Hot Spots

    If you have a wireless hot-spot, make sure it is running on a separate & secure router.   If your POS computers plug into the switch that's built into your wireless router, you have a security problem.

     

  5. Opening Files

    In the old days, viruses came in files that ended in .BAT, .COM or .EXE     Today, we are not so lucky.   There are thousands of file associations that can launch a virus attack.   Therefore, SCAN EVERY FILE before you open it.

     

  6. Updating Antivirus Software

    New viruses are created & launched every day.   Keep your virus scanner updated on a daily basis.  AVG is free and it automatically updates itself on a daily basis. 

     

  7. Garbage Disposal Procedures

    Shred documents with customer information on them before placing them in the trash can.

     

  8. Cable Closets

    If you have cables, hubs, switches and/or routers in a public place, you are asking for trouble.   Always secure cables in a non-public place (like a lockable closet).

     

  9. Surfing The Web

    If you let people surf the internet on your back office computer, you'll get a virus or system crash eventually.  DON'T!!!  

    If you must surf at work, get a separate computer that isn't connected to your POS system for surfing the web.

     

  10. POS Stations Should NOT Have Internet Access

    If you delete the DNS and GATEWAY addresses from the POS workstations, they won't be able to get onto the internet.   This is a great way to increase security.