PA-DSS and PCI-DSS Compliance

ATTENTION DIGITAL DINING CUSTOMERS

If your system is still running on Windows XP, as of April 8, 2014 you are no longer PCI-DSS Compliant. Microsoft has determined that Windows XP is End of Life and will no longer be provided support or updates for the aging software. Please give us a call to talk about you options and to find out how you can obtain PCI Compliance again. Check out this Infographic to see why you need to upgrade from Windows XP.

If your Digital Dining Software Version is older than 7.4.1 your system is no longer PA-DSS and PCI-DSS Compliant! Please call 801-373-9100 to schedule an upgrade as soon as possible!

UPDATE: The PCI Security Standards Council has released new guidelines concerning the use of mobile devices for taking payments. The new guidelines can be found at the PCI Security Standard Council’s website.

On July 1, 2010, new national regulations reguarding storing of Credit Card numbers on computer based systems took effect. Digital Dining versions 7.3.05*, 7.4, and newer encrypts stored Credit Card information providing security protection in compliance with PA-DSS and PCI-DSS regulations. At Pinnacle Technologies we are seeking to help our customers obtain PCI-DSS Compliance. The following explanations are to help you assess if your restaurant is in compliance with PCI-DSS. Ultimately, it is the responsibility of the restaurant owners and staff to obtain and maintain PCI-DSS Compliance. Pinnacle Technologies implements some functions of the new rules but other portions require policies and management regulations. Pinnacle will help you understand your responsibility. A guide to becoming complaint specifically for Digital Dining customers is available. Any questions regarding this functionality, do not hesitate to contact us at (801)373-9100.

The PCI-DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in, or connected to, a network segment where cardholder data is stored, processed or transmitted, including all Point of Sale (POS) Terminals, Computers, and Servers.

The following 12 high level Requirements which comprise the core of the PCI-DSS Standards are found on Visa’s Website:

    Build and Maintain a Secure Network

  1. Install and maintain a firewall configuration to protect data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect Cardholder Data

  4. Protect Stored Data.
  5. Encrypt transmission of cardholder data and sensitive information across public networks.
  6. Maintain a Vulnerability Management Program

  7. Use and regularly update anti-virus software.
  8. Develop and maintain secure systems and applications.
  9. Implement Strong Access Control Measures

  10. Restrict access to data by business need-to-know.
  11. Assign a unique ID to each person with computer access.
  12. Restrict physical access to cardholder data.
  13. Regulary Monitory and Test Networks

  14. Track and monitor all access to network resources and cardholder data.
  15. Regularly test security systems and processes.
  16. Maintain an Information Security Policy

  17. Maintain a policy that addresses information security.

Digital Dining versions 7.3.05*, 7.4, and newer meet PA-DSS Compliancy Standards, and some of the software and hardware requirements for PCI-DSS Compliance through the use of encrypted transmitions of sensitive information, fingerprint identification for employee logins, firewall technology thus blocking unauthorized outside Internet access to the internal network, and inhibiting employees from removing Credit Cards from customers table side through the use of Hand Held technology. Compliance with PCI-DSS goes beyond software to include physical security and company policies.

Restaurants who do not comply at least partially with PCI-DSS may be subject to fines or penalties by Credit Card companies. Visa on their Website states:

“If a merchant or service provider does not comply with the security requirements or fails to rectify a security issue, Visa may: • Fine the acquiring member • Impose restrictions on the merchant or its agent • Permanently prohibit the merchant or its agent from participating in Visa programs Members receive protection from fines for merchants or service providers that have been compromised but found to be CISP-compliant at the time of the security breach. Members are subject to fines up to $500,000 per incident for any merchant or service provider that is compromised and not CISP-compliant at the time of the incident.”

As the video above states, Fines or Penalties emposed by Credit Card companies may be the least of the concerns for Restaurants in the case of a breach. It is the responsibility of the restaurant to choose to which level it they want to obtain compliance. Pinnacle Technologies provides recommendations and help to Digital Dining customers in obtaining and maintaining PCI-DSS Compliance. For questions, concerns, or to schedule a meeting in how your restaurant can become PCI Compliant, please call Pinnacle Technologies at (801) 373-9100. To develop a self-assessment of an individual site’s compliance visit the PCI Security Standard’s Website to download a self evaluation checklist.

* SPECIAL NOTE: All New Digital Dining customers, who want to store credit card data on their systems, and All Existing Digital Dining customers, who are desiring to change to a different Credit Card Processor, MUST upgrade to the newest version of Digital Dining, version 7.4.1 to be PA-DSS and PCI-DSS Compliant. Digital Dining version 7.3.5 is Compliant for Existing Customers desiring to stay with their current Credit Card Processor ONLY. Contact us at 801-373-9100 for Questions or Concerns!