TOP BANNER WITH 800
ASSURED COMPUTING TECHNOLOGIES,  Inc.                   POS-ABILITIES VOL. 6
June 2008
highlights in this issue
:: PCI COMPLIANCE, You & Us

 ALL SYSTEMS AND LOGOSWelcome to Pos-abilities!  

 
 
SERVICE PACKS, UPGRADES Require Caution!
 
 As many of you have probably seen, read or heard - Microsoft has released Service Pack 3 for Windows XP which will be the last Update for XP.  There are several Security fixes included in the Patch which can improve the operation and protect your system.  If you would like to learn more about SP 3, Download the White Paper here.
 All Service Packs are cumulative, so if you skipped SP2 all of the fixes that were in there are Rolled Up into SP3.  Also all Security Updates, Hot fixes etc. that have been released since SP2 are included. 
 
So why would we suggest CAUTION?  There have been a few issues with SP3 and existing Point of Sale products.  Ironically, 2 such products are Microsoft's own - Dynamics RMS and Dynamics POS both of which fail to function correctly after a SP 3 Upgrade.  Initially, Microsoft pulled the Patch off-line until they could create a new version that looks for both RMS and POS on the system.   So now the new version is out and if you are running either RMS or POS it will not install SP3 on your system.
 
BUT WAIT!!  There's more!  Two weeks ago Microsoft released a PATCH for the PATCH that will fix the break in RMS that SP 3 creates.  How do you get the patch?  How do you install SP3?  The easiest way is to call us and we can do it for you.  There are 2 steps - install the Patch and then install the SP3.  If you install the Patch, the SP 3 DOWNLOAD should automatically see your RMS system the next time Windows Auto-Update runs (which is usually on TUESDAY).
 
How does SP 3 affect other POS Programs?  Well we haven't heard of any major issues to date, but we advise caution before proceeding.  And as always, insure that you have a current BACK-UP of your Database!!  Whether upgrading, patching, or just mending hardware - always perform a Database Back-Up first!  If your Database gets Corrupted during any kind of OS change - there simply is no way to repair it without a Database Back-Up.   Our own 'ACT-BACK' starts at only $11.95 a month and can be set to automatically back-up your system.  Whatever you do however, please Back-Up! 
 
Don't wait until you need that uncorrupted copy-then it's too late.
 
 
CREDIT CARD BANNER   
 
PCI COMPLIANCE, What it is and what it isn't. (This might be a little heavy reading, but it's important stuff!)
 
 If you are in Retail, Hospitality or any Service Industry that accepts credit cards you have heard about PCI Compliance unless you have been hiding under a rock.
   First, what is it? PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, cracking and various other security vulnerabilities and threats. A company processing, storing, or transmitting payment card data must be PCI DSS compliant or risk losing their ability to process credit card payments and being audited and/or fined [1]. Merchants and payment card service providers must validate their compliance periodically. This validation gets conducted by auditors - i.e. persons who are the PCI DSS Qualified Security Assessors (QSAs). Although individuals receive QSA status reports, compliance can only be signed off by an individual QSA on behalf of a PCI council approved consultancy. Smaller companies, processing fewer than about 80,000 transactions a year, are allowed to perform a self-assessment questionnaire. (Wikipeda)
 
 The current version of the standard (1.1) specifies 12 requirements for compliance, organized into 6 logically related groups, which are called "control objectives."  These are:
Build and Maintain a Secure Network
  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data
  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect Cardholder Data
  • Requirement 3: Protect stored cardholder data
  • Requirement 4: Encrypt transmission of cardholder data across open, public networks
  • Maintain a Vulnerability Management Program
  • Requirement 5: Use and regularly update anti-virus software
  • Requirement 6: Develop and maintain secure systems and applications
  • Implement Strong Access Control Measures
  • Requirement 7: Restrict access to cardholder data by business need-to-know
  • Requirement 8: Assign a unique ID to each person with computer access
  • Requirement 9: Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
  • Requirement 10: Track and monitor all access to network resources and cardholder data
  • Requirement 11: Regularly test security systems and processes
  • Maintain an Information Security Policy
  • Requirement 12: Maintain a policy that addresses information security

Okay, now we know what PCI compliance mandates.  But what 'ISN'T PCI?'

 It's not a cure all for every possible security breach. For example the recent Hannaford Bros. breach illustrates what is lacking.  Hannaford was in complete compliance with the 12 requirements of PCI compliance.  Their systems where the customer credit card information was stored were secure, their systems were secure, firewalls were in place, anti-virus software was installed and up to date.  So what happened?  The information was stolen while the data was in transit, meaning that it was moving from one system to another.  This was the first time a breach like this occurred. But it probably won't be the last.  Anywhere data travels opens a potential 'hole' where information can be compromised and stolen.  If you were to transmit your database from one machine to another, complete with customer records, payment types etc. over an unsecured transmission, that data could be copied and extracted without you aware of it.
 
So, PCI Compliance is only the beginning.  Most people know enough that they wouldn't think of sending their Credit Card information via email, but they forget about the other areas where this information can be stolen.  All machines should be encrypted, all machines should be password protected, all users should be trained on security and regularly questions, observed and retrained on security issues.
 
All of the Point of Sale software programs that we sell and install in their LATEST versions are PCI compliant.  Previous versions may not be and you risk fines, penalties and the loss of your business should a breach occur.

What should you do if you believe that you may be at risk?

  1. Insure that your POS Software package is the latest available version.  You may be required to purchase a Service Contract before being allowed to Upgrade.  We can assist you with that.
  2. Insure that your anti-virus software is current and updated on a regular basis.
  3. Insure that your system with the customer database is protected by a Hard Firewall.  Software Firewalls only offer limited protection from threats.
  4. Install and regularly update a SPYWARE Program.
  5. Insure that your Database where all of your customer sales information is stored is ENCRYPTED.

Assured Computing Technologies is ready and able to assist you with any and all of the above points.  We have ANTI-VIRUS, SPYWARE and Encryption Tools available.  Call us today (877) 627-0636.

 


 
KIDS WITH IFIREWORKSWATCH for our JULY 4TH Blow Out Specials all during the month of July.  Be sure to check your email and include us in your list of approved email senders to insure that we don't end up in the Filter!
 
Be Independent all year long!
 
QUESTION: What is the current fine for selling Alcohol to under age customers?  Want to bet your business on it?
 
HAND HELD AGE VERIFICATION SCANNER!

 
HAND HELD AGE SCANNERMany of you are familiar with our Integrated Age Verification Driver License Scanner for Bars, Restaurants and Liquor Stores. Now we have a new offering that allows you to take the Age Verification to the potential customer.  This nifty hand held unit is completely portable and can be used at the door, table side or bar to verify the age of any patron, any time.  Special limited offer!
Our Price: $859.00
List Price: $1199.00
S & H: $15.00
 
FREE CASE OF RECEIPT PAPER WITH COMPLETE POS SYSTEMS, or Half Price with the Purchase of a New Thermal Receipt Printer!

 
paper rollsQuality receipt paper 3" x200', 50 rolls per case.  This should help you ring up those sales during the current year.
 
Our Price: $0.00  FREE w/ Full System Purchase or Half Price with New Printer
List Price: $89.95  With a New Star or Epson Thermal Printer $45.00!
S & H: $15.00
 
NEWSLETTER RECAP AND LINKS TO SOCIAL INFORMATION SITES
 
Each month we offer special deals, new product information and general news to assist you in growing your business.  Many of our specials continue past the current month.  If you would like to review an article we sent or check out past specials, visit this page: NEWS AND VIDEOS
Thank you for taking the time to read through. We hope you gained something.  Please visit our various websites and offer your 2 Cents on the discussion boards. Your input is valuable. After all you are in the trenches working to serve your customers.  Let us know what works for you and what doesn't.
 
Sincerely,
 

ACT-POS SALES AND SERVICE TEAM!
ASSURED COMPUTING TECHNOLOGIES, INC
Safe Unsubscribe
This email was sent to davidm@assuredcomptech.com, by solutions@assuredcomptech.com
ASSURED COMPUTING TECHNOLOGIES, INC | 19 Harvey Rd. | Unit 13-15 | Bedford | NH | 03110