POS Express v3.0 has been Validated for PA-DSS by the PCI Security Standards Council.

     This is a special announcement to ALL CPS clients. If you want to sign up for our regular newsletters, click here.

     Almost two years in the making (and over $100,000 in costs) but we have received our certification for PA DSS (Payment Application - Data Security Standard) by the PCI (Payment Card Industry) Security Standards Council.

     You can see the listing by clicking here and looking up Club Prophet Systems. The final report was about 130 grueling pages long. What is this all about and why should you care?

1. If you accept credit cards at your place, this affects you.
2. If you use one of the CPS integrated credit card interfaces (i.e., you are swiping credit cards in the POS Sales screen or using on-line tee times guaranteed by a credit card), this affects you.
3. If you are using a separate credit card interface (i.e., a standalone VeriFone box), this still affects you. However, you need to verify that the standalone system is PA DSS Validated. In this case, it is outside the scope of CPS software. If you find your standalone terminal is not validated, you may want to consider switching to an integrated solution. If your provider is not on the PA DSS Validated list, you are not using a validated application.

     A consortium of credit card industry companies (MasterCard, Visa, Amex, Discover, etc.) have banded together and formed the PCI Security Standards Council in an effort to control credit card fraud and theft. As such, they have dictated to their merchants a set of rules that must be followed if you intend to continue to process their respective credit cards. Most of these rules revolve around storage, encryption and protection of credit card sensitive data, as well as controlling access to your computers, networks and database.

     The generally accepted cut-off date (based on Visa's published date) is July 1, 2010. Starting on this date, every merchant MUST be PA DSS compliant. This includes meeting both of the following criteria:

1. Each merchant MUST use a PA DSS Validated system for processing credit cards (POS Express v3.0 passed PA DSS validation on December 14, 2009).
2. Each merchant MUST follow their POS vendor's implementation guide to ensure that the POS system is configured and implemented in a PA DSS approved configuration (this guide will be distributed to each CPS client as we update or reconfigure your application to use the PA DSS Validated credit card interface).

     After July 1, 2010, if you are not PA DSS compliant AND if your data is compromised resulting in a breach of credit card information that results in fraudulent charges, YOU, the merchant, are responsible for the charges. Further, you can be fined (this part is not clear but I have seen between $250,000 and $500,000 per incident and additional fines of up to $5,000 per day). In other words, for most small business, you could be wiped out. Legal issues aside, you do not want to be the David fighting Goliath on this.

     CPS will be reviewing each and every client on an individual basis. You do not need to take any action at this time, we will contact you. Every new CPS customer will be configured on our Validated platform. Existing customers will be contacted individually to let you know what you need to do to become compliant. For your software, that can range from a simple change in the options screen to a required program update. From an infrastructure standpoint, you may need to update or reconfigure hardware for wireless access points, SQL servers and web servers, as well as implement policies for strong passwords and other best practices.

     Specifically, if you want to continue using the integrated credit card feature beyond July 1, 2010 - you MUST be on POS Express v3.0 (or later). We will personally contact all customers on the older platform to review in detail what needs done. Please note: If you have purchased or upgraded your software version in the last 2 years, you are most likely on POS Express v3.0.

     The early versions of Pro-ShopKeeper (v5.2 and earlier and POS Express v2.9) will not be compliant and will no longer be able to run credit cards through the POS screen. (If you are not sure of your version number, it can be found in the upper left corner of the software's main menu or on the HELP > ABOUT screen).

     You can continue to use these older versions of the product but the credit card companies will not support credit card processing on those platforms. As it stands now, we are told they will disable your ability to process credit cards on any software platform that is not certified starting this summer. If you choose to remain on the old technology, you should contact your credit card processor before they shut down your ability to process the credit cards through the POS and get a standalone payment terminal machine (which may require an analog phone line). Of course, we will continue to support the older versions of our software, but we can no longer add any new enhancements or software changes to these platforms.

     The good news is you have yet another great reason to move to POS Express v3.0 of our platform and join the hundreds of other facilities around the world that use all the great features POS Express v3.0 has to offer. In addition, we are offering some great incentives to make the transition to this platform as painless as possible.

Until Next time,

Enjoy :)

If you need anything, let us know.

Stop and say hello at the PGA Merchandise Show (http://www.pgashow.com/) Jan 28-30 in Orlando. Booth #2373

Also, if you would like something specific covered in one of these Lessons, send the request my way.
See all the great tips in our prior newsletters posted on our website under the Lessons from the Pro link.