Inside

Did you Know?

PCI DSS Is still Casuing Confusion

Make More Money

Special Offers and Feature Training



Hot Links
TableService

QuickService

Credit Cards

Data Security

Information Technology Services

Contact
(727) 524-0177

Sales: ext. 2

Support: ext. 3

Supplies: ext. 4
 


Did you Know?
PCI DSS is still Causing Confusion......

For the past four years Rich Peterson has been speaking to groups of hundreds of restaurateurs on PCI DSS at FRLA Event Seminars and Franchise Conventions. Each time he asks “Who manages your PCI DSS Compliance” the answer is “The POS Guy”. Below are the 12 steps of PCI DSS Compliance as we understand them today. As you read through these you will understand why it is not possible for one vendor to bring you to compliance, not even the “POS Guy”.

    1. Install and maintain a commercial grade Firewall - Protect Cardholder data
    2. Remove default accounts – Default accounts provided by vendors should not be used
    3. Protect Card holder data – Use a PABP Certified Software Version and remove all old card holder data from previous years.
    4. Encrypt traffic on open networks – Use a PABP Certified Software Version and a multi-factor authentication remote access tool.
    5. Up to Date Anti-Virus Software – Maintain subscription, definitions and regularly scan.
    6. Maintain Secure Systems – Ensure all system components and software have the latest windows security patches.
    7. Limit access to data - Configure Software and OS user groups and security levels allowing access to needed information only.
    8. Unique user ID's - Setup unique users and complex passwords for anyone needing access to the system. Complex passwords are defined as, passwords that change at least every 90 days, 7-25 characters in length, must contain at least one alpha and one numeric character, can not contain the user name, and must not be identical to a password used the last X times, where X is defined by the system administrator and documented in your security polices (see step 12.)
    9. Restrict physical access – Make sure there is a lock on the door to where your server is kept.
    10. Monitor Access – Monitor network traffic and/or use a video surveillance system with audit tracking to monitor your establishment.
    11. Test periodically – Your Security Systems and Processes. This MUST include a review by a QSA, Qualified Security Assessor, is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. The PCI DSS Council was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express.
    12. Maintain Security Policies – A written policy addressing information security.

As you read the above 12 steps you understand your “POS Guy” is able to provide you solutions on steps 1- 3, they can assist with steps 4-8, and steps 9-12 are not items your “POS Guy” can control.

Have A Question? If you are using Aloha POS and would like additional information on how Abacus Business Solutions may assist you with steps 1-8 please contact us by email or phone at:

DataSecurity@abacuspos.com or to leave a message call 727-524-0177 ext. 430, and a representative will call you back within 24 hours.



Make More Money
Special Offers and Feature Training

Keep your eyes on your inbox as Abacus will be communicating new software features and special offers that will assist you in driving more dollars to your bottom line!






Abacus. You can count on us.

   Abacus Business Solutions does not provide professional legal information. The above information is provided by Abacus for our customers as a courtesy only. If you require further professional advice please consult a professional with expertise in that particular area.

    If you have a question or comment about this eAlert,
    please contact Abacus at mailto:info@abacuspos.com?subject=Newsletter.