Home > Products > Business Systems > RockSolid POS

PCI Compliance and RockSolid POS

What is PCI Compliance?

The Payment Cardholder Industry (or PCI) standard was created by Visa, MasterCard, American Express, Discover and others to protect cardholder information and reduce data theft. The PCI Data Security Standard (PCI DSS) is an evolving set of requirements intended to ensure that all companies who process, store or transmit credit card information maintain a secure environment.

Separately, a Payment Application Data Security Standard (PA-DSS) provides guidance to software vendors on any software sold, distributed or licensed to third parties that stores, processes or transmits credit card data.

Version 2.0 of PCI DSS and PA-DSS requirements are effective January 1, 2011. Both PCI DSS and PA-DSS are independently run by the PCI Security Standards Council (www.pcisecuritystandards.org) and is enforced by the payment brands and acquirers, not the PCI SSC.

Information about the RockSolid POS system regarding PCI Compliance

  • To ensure our software is PA DSS (Payment Application Data Security Standard) compliant, the 4.6 version of RockSolid POS has the modified communication method with PC Charge to encrypt all credit card information being passed for authorization. This works in conjunction with PC Charge version 5.8i. Please visit www.verifone.com for PC Charge compliancy.
  • RockSolid POS does not capture and store any credit card information in the database.
  • Wireless devices fall under PCI compliancy as well. RockSolid POS supported wireless device MC50 and MC55 supports WPA which is a valid encryption algorithm under the current PCI Security Standard. Credit card information is not stored or transferred to or from the device. Please visit www.motorola.com for this device’s compliance.

Within the scope of ECi software, ECi’s PA-DSS compliance is only part of the effort required for a merchant to achieve PCI compliance.

Elements outside of ECi software will also require assessment for PCI-DSS compliance.

Using the RockSolid POS version 4.6 is one step towards achieving PCI compliance. However, each merchant is responsible for assessing and ensuring that organizational processes, networks and hardware devices comply with PCI DSS standards. All merchants should review the standards provided by the Security Council and evaluate your PCI requirements.

PCI DSS Requirements (As of June, 2009)

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Do not use vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data*
  4. Encrypt transmission of cardholder data across open, public networks*
  5. Use and regularly update anti-virus software programs
  6. Develop and maintain secure systems and applications*
  7. Restrict access to cardholder data by business need-to-know*
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes*
  12. Maintain a policy that addresses information security*

* For a subset of the PCI-DSS requirements for merchants, the PA-DSS provides guidance for software vendors on requirements marked in the list above.

These standards are maintained by the PCI SSC. The complete list of requirements should be reviewed on the PCI SSC’s Website: https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml

Statements herein regarding compliance of the RockSolid POS software with the PCI standard are based on RockSolid’s internal software review against the PCI standard. PCI compliance has not been independently verified by a third party. Use of RockSolid POS software is no guarantee that a user’s business or operations are PCI compliant. Certification should be obtained from an approved Qualified Security Assessor.

Sidebar

optional text here.