In this age of heightened security concerns, Professional Data Systems is committed to providing our clients with updated information pertaining to the PCI DSS compliancy requirements and how it pertains to your Aloha POS software. In a proactive effort to uphold consumer confidence in the security of the Aloha product, Radiant has successfully received PA DSS validation in accordance to PCI DSS standards for certain versions of the Aloha POS Software through the PCI SSC. As the PCI DSS requirements change so does the need for Radiant to implement those required changes into the Aloha POS software. It is crucial that you stay current on your Aloha POS software version to ensure you are current with PCI DSS compliancy requirements. See PDF below for the versions of Aloha software that meet the current PCI DSS requirements. It is also crucial that you apply other critical measures and policies in your business to secure your network and protect your data. The PCI SSC defines a standard for securing cardholder data wherever it is located. PCI DSS compliance is required of all entities that store, process or transmit cardholder data. PCI DSS compliance reduces the risk of fraud and provides a safer, more secure processing environment for you and your credit and debit card customers. Merchants who are not compliant with PCI DSS requirements pose a greater risk of credit card fraud and could be subjected to sanctions and fines by the PCI SSC. In the event of a data security breach you could experience any, or all of the following:
-
Heavy financial damages due to fines that range from $50,000 to $500,000.
-
A loss of reputation, therefore, a decline in the number of guests visiting your restaurant.
-
A temporary or permanent loss of your ability to accept credit cards as a form of payment at your restaurant.
Failure to comply with the PCI DSS standards could be very costly, and possibly even result in the loss of your business.
How PCI DSS compliance works
PCI DSS compliance is required of all merchants and service providers that store, process, or transmit cardholder data. The program applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, stand alone credit card machines, and e-commerce. To achieve compliance with PCI DSS, merchants and service providers must adhere to the Payment Card Industry (PCI DSS) Data Security Standard, which offers a single approach to safeguarding sensitive data for all card brands. This Standard is a result of collaboration between every major card brand and is designed to create common industry security requirements, incorporating the older CISP requirements. Using the PCI DSS as its framework, PDS provides the tools and measurements needed to protect against cardholder data exposure and compromise across the entire payment industry. The PCI DSS standards consists of six basic categories supported by twelve more detailed sub-requirements or steps. These are the “Twelve Steps to PCI DSS Compliancy.” To achieve these twelve steps you must follow the PCI DSS Configuration Checklist, which can be found in the PCI Quick Reference Guide link at the bottom of the page.
| PCI Data Security Standard |
| Build and Maintain a Secure Network |
1. Install and maintain a firewall configuration to protect data |
|
2. Do not use vendor-supplied defaults for system passwords and other security parameters |
| Protect Cardholder Data |
3. Protect stored data |
|
4. Encrypt transmission of cardholder data and sensitive information across public networks |
| Maintain a Vulnerability Management Program |
5. Use and regularly update anti-virus software |
|
6. Develop and maintain secure systems and applications |
| Implement Strong Access Control Measures |
7. Restrict access to data by business need-to-know |
|
8. Assign a unique ID to each person with computer access |
|
9. Restrict physical access to cardholder data |
| Regularly Monitor and Test Networks |
10. Track and monitor all access to network resources and cardholder data |
|
11. Regularly test security systems and processes |
| Maintain an Information Security Policy |
12. Maintain a policy that addresses information security |
PA DSS Validation:
Just because you have PA DSS validated version of Aloha software DOES NOT MEAN your site is PCI DSS compliant. PCI DSS compliancy is a broad scope of check points that your business must maintain at all times. By installing a PA DSS validated version of Aloha you are on the path towards achieving PCI DSS compliancy. In order to achieve complete PCI DSS compliancy you must refer to the “Twelve Steps to PCI DSS Compliancy” and complete an annual SAQ D self assessment.
Why Comply?
By complying with all PCI DSS requirements, card holder members, merchants, and service providers not only meet their obligations to the PCI SSC, but also build a culture of security that benefits everyone.
| Benefits of PCI DSS Compliancy: |
|
| Everyone |
●Limited risk |
|
●More confidence in the payment industry |
| Member |
●Protected reputation |
| Merchant and Service Provider |
●Competitive edge gained |
|
●Increased revenue and improved bottom line |
|
●Positive image maintained |
|
●Customers are protected |
| Industry |
●"Good security neighbors" encouraged |
| Consumer |
●Information is safeguarded |
|
●Identity theft prevention |
|
