What is PCI Compliance?
Payment Card Industry (PCI) has developed security standards for handling cardholder information in a published standard called the PCI Data Security Standard (DSS). The security requirements defined in the DSS apply to all members, merchants, and service providers that store, process or transmit cardholder data. PCI Standard is developed and managed by the PCI Standards Organization
The PCI DSS requirements apply to all system components within the payment application environment which is defined as any network device, host, or application included in or connected to, a network segment where cardholder data is stored, processed or transmitted
What does PCI have to do with System Five?
All businesses in North America that process, store, or key credit/debit card information into their business software was asked to be PCI compliant by July 1, 2010. This is a PCI Security Standards Council requirement and deadline. You likely received notification from your credit card processing company about PCI compliance. If your Windward System Five software has not been upgraded to the PCI compliant version you need to upgrade the software to make it compliant given the deadline has already passed. Please contact your credit/debit card processing company for details on any possible consequences for not being PCI compliant.
IMPORTANT: If you are not processing or storing credit/debit card information in System Five, you are not required to upgrade your System Five software. If you are using pin pad technology you need to ensure your pin pads are PCI compliant. Please contact your pin pad supplier or manufacturer to check for compliance.
How to check if you are PCI compliant
- You are using System Five program version 6.2.2.x or 6.2.4.x (From the Help menu, choose About)
- You are using Pervasive version 12 (Check your Pervasive version)
- You are using Datacap version 5.06 (Check your Datacap version)
- You are using compliant PIN pad devices (Check compatible PIN pads)
If you meet the conditions above, System Five is PCI Compliant. You need to make sure that your entire computer system and network complies with all the other system requirements.
If you do NOT meet these conditions:
- Please note the version of System Five you are running
- Please note the version of Pervasive you are running
- Verify if you are using integrated credit card processing.
- Verify that your PIN pad is compliant. Check on the PIN pads that are supported.
If you are using integrated credit card processing, you MUST have Pervasive v12 and System Five Version 6.2.2 or 6.2.4 and a compliant Pinpad.
PCI Check Steps
1. When your program is not PCI compliant, you will get this PCI check prompt below.
You may also manually go to Setup Wizard>Payment Processing…and just follow the prompts.
3. This window shows the number of days you would like to keep your card numbers. This is specifically used for customers who use the ‘Credit Card on File’ feature of System Five. For most, it is recommended to just keep it at 0 day/s. Click Yes.
4. On this next step, it will list down System Five users who did not log in for more than 30 days, expired passwords or without password expiry dates. All these need to be addressed. Please remember that a PCI compliant password should contain at least be seven (7) characters with letters, numbers and symbols ( !@#$%^&*() ).
5. These users’ issues need to be resolved. Login to those users who have not login for more than 30 days, change the user password, or set an expiry date by going to the Setup Wizard>Users and Security>Names and Passwords. Select and edit the user. See image below:
6. Once all users’ issues are resolved you will then be able to proceed and just click Yes on the next windows.
7. Manually check the checkboxes below. If you are able to check all boxes, then you can proceed with the next step and finish the PCI check. However, there are instances when the boxes are greyed out.
The last 6 boxes are the ones that usually give users an issue to complete the check.
a. System Five is up to date with the latest release — this means that you need to update/upgrade your System5. Follow this link: system5_upgrade
b. Data Files are in a directory not accessible from users — you have to share the whole Windward or System5 folder with read/write permissions for everyone.
c. Data Files are securely Encrypted — Click on the ‘Re-encrypt Cardholder data’ to fix this.
d. Pervasive 10 Security Features are enabled — this will only happen for customers running PSQL 9 and below.
e. Program files are not trusted — Click on ‘Check OCX Files’ to fix this.
f. Key Encrypting keys have been regenerated — Click on ‘Key Management’.
This window will pop up. Click on Key Management and Rotate Keys.
Wait until it is completed.
8. All boxes can be manually checked now and click on Yes to proceed.