 What are the CISP & PCI Requirements and Why Should I Care?The Cardholder Information Security Program (CISP) is a set of security requirements published by Visa USA, similar to requirements issued by other major credit card companies, in an attempt to help merchants and corporate entities protect themselves and their customers from credit card fraud and theft of cardholder data. The more general PCI, Payment Card Industry, standards are the basis for all of these card company standards. In addition to protecting cardholders from painful repercussions caused by such losses, compliance with the CSIP requirements will also protect Aloha users against similar losses, and the fines that can result from the failure to comply. Non-compliance, especially if it results in a security breach and subsequent data loss, can result in heavy fines levied by credit card companies as well as the U.S. Federal and state governments What Must I do to Comply?The first and the best step to CISP compliance is to maintain your Aloha installation at the latest available version validated as CISP compliant. Visa USA has validated Aloha version 6.1, through the use of an independent auditor, as being the latest version of Aloha to comply with the current set of CISP standards. This version provides industry-standard 128-bit encryption for data transfer across networks for transaction security, and includes security enhancements to the Aloha EDC payment application. Earlier versions of Aloha, beginning with 5.3.15, have also been validated. Why am I being asked to upgrade to Aloha version 6.1? I thought version 5.3.15 (and higher) was CISP compliant?Version 5.3.15 was certified as complying with CISP requirements in early 2005. Since that time, the CISP requirements have changed, and Aloha version 6.1 is now the version certified with these requirements. All payment systems applications, including aloha POS systems, must undergo annual recertification, based on the requirements in effect at the time of recertification. What is the difference between version 6.1 and 5.3.15?Version 6.1 uses 128-bit encryption for sensitive data both within the Aloha system and for data transmission over public networks for authorizations and approvals. This version also gives you a new method of using EDC that considerably enhances the security of cardholder data. EDC now supports a new environment variable, EDCProcPath, which moves all sensitive EDC files outside the shared Bootdrv folder. Am I compliant if I upgrade Aloha?While upgrading Aloha assists you with some of the items directly related to the Payment Application, it is the responsibility of the individual merchant to ensure that all PCI-standards are met. What are my next steps?
Radiant Systems & SCR recommends that all merchants complete a self assessment and take action on any items marked
with 'No.' When a merchant resolves all identified risks, they should qualify as compliant. For more information regarding PCI requirements, please visit the following links: |
|
 The latest in credit card compliance is to remove the expiration dates from the credit card vouchers.
In order to remove the expiration dates:
|
