Credit Card Compliance - No transactions accepred from any NT operating system

[Buzzie8]

I heard today that any entry system or credit card system operating on an NT operating system will not be accepted after a certain date in April 2010 (unclear of date) because of compliance issues. I realize that NT is dated but I am sure some systems still are operating on it. I tried to get clarification on the issue and was told that if the transactions are being processed over the internet that they would stop accepting transactions, where as dial up modems would be continued to be accepted. I am assuming a lot of this has to do with Paymentech (First Data), but am not sure. Anybody hear anything on this?

 

[Washmee]

Last week, I was visiting DRB Systems and they have a big software project going on right now to address the new rules for CC transactions. These new rules are going to cost small business lots of $$$.

 

[ONEcard]

Windows operating systems must be XP-PRO or newer to pass and qualify for PCI-DSS requirements. This has to do with system access and inherit security flaws in these operating systems.

 

[pitzerwm]

Is there a difference whether you store CC numbers on your system, vs not?

 

[Reds]

Paymentech called me a couple weeks ago asking if I have completed a software upgrade on my equipment. They told me to call Unitec about it. I am dodging the issue and have not done anything yet. Maybe I need to get my butt in gear.

 

[Buzzie8]

Paymentech called me a couple weeks ago asking if I have completed a software upgrade on my equipment. They told me to call Unitec about it. I am dodging the issue and have not done anything yet. Maybe I need to get my butt in gear.

Do you have an internet connection or dial up?

 

[Tom Thumb]

We had this issue last year with our card co. once we proved that we do not store or have access to cc numbers at our location we were issued a cert. of compliance and have no problems since.

 

[ONEcard]

Bill it does not matter if you store CC numbers or not. the issue with these other Operating systems is that they are open to "man in the Middle attacks" which can grab card number data while it passes through your machine on its way out to your processor

 

[Reds]

Do you have an internet connection or dial up?

I have dial up connections

 

[Joe Law]

Card industry compliance

PCI compliance or PA DSS compliance is going to be required of every system, regardless of operating system. You will have to check with the manufacturer of your equipment to see if they are on the validated payment systems list. Your processor is going to be the one to determine whether or not you can continue to take credit cards. Visa has started giving bonuses to processors that have all their client compliant early. As far as the date to be compliant, that has been changing constantly. Check with your processor to see when you have to be compliant. And yes even the dial up will have to be compliant.

 

[Reds]

I just spoke with a tech person at Unitec. They said that the software version on a WS2 must be 5.00 or up to be compliant, regardless of whether you use dial up or high speed connections. Below that version is not PCI compliant and stores the credit card numbers in the machine. If you need to upgrade the software you have to call your distributor and they have to place the order for a new chip. You can arrange to install the new chip and reprogram the WS2 yourself if you don't want to pay your distributor to do it.