(Updated on Tuesday, 06/09/2009)

---

PCI  DSS Compliancy Highlights 

---

• Consumers, and their trading partners and the regulatory agencies of the government are all demanding that any organization which accepts credit card payments comply with the credit card industry's PCI DSS (Payment Card Industry Data Security Standard). Companies have to protect consumer data. Failure to do so could result in severe penalties amounting to millions of dollars in fines.

• PCI DSS Compliance is the full responsibility of the retail merchant.

• The retail merchant is responsibe for contacting their credit card processor for full PCI DSS requirements.  Your contact information for your credit card processor should be found on your monthly account statement.

• The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

---

TransActPOS Frequently Asked Questions:

---

What versions of TransActPOS are PCI DSS Compliant?

• Only TransActPOS Version 3, Build 245 or greater is a PA-DSS compliant application.  Prior versions of TransActPOS are not PA-DSS compliant.  If running PCCharge within your installation, PCCharge must be 5.8.1 or greater with a VeriFone MX830 consumer-facing payment interface.

---

Does simply upgrading to a PA-DSS compliant version of TransActPOS make my store PCI DSS compliant?

• NO - PCI DSS compliance is a multi-faceted, ongoing process requiring retail merchants to follow guidlines set by the PCI Security Standards Council .  TransActPOS V3 (Build 245 or greater) is a PA-DSS compliant applicaiton. The mere use of PA-DSS compliant software does not translate into PCI DSS compliance.

---

Is my PCCharge a PA-DSS compliant application? (Clarified)

• Only PCCharge version 5.8.1 or greater with the PAYware SIM 2.0 is PCI compliant. 
• Within PCCharge select Help and then About to locate your current version 

---

What is the PayWare SIM 2.0 mentioned in the above question? (Clarified)

• The PAYware SIM (Secure Integration Method Device Control) 2.0 is a comprehensive ActiveX control used to enable electronic payment processing and device control and third party applicaitons (i.e. TransActPOS).   PayWare SIM 2.0 or greater is only available within PCCharge version 5.8.1 or greater.
• PayWare SIM is designed to allow developers, like TransActPOS, to control functions of VeriFone pin pads as well as process Credit, Debit, EBT, Gift and Settlement transactions to VeriFone's four payment engines: PAYware PC, PCCharge, PAYware Transact, and IPCharge.  Signature capture is also available when using PAYware SIM along with VeriFone MX series terminals.

---

What versions of Windows are PCI Compliant?

• Vista Business Edition (32-Bit)
• Vista Home Premium (32-Bit)
• Vista Home Basic Edition (32-Bit)
• Windows XP Professional Edition (32-Bit)
• Windows 2003 Server Edition (32-Bit)

---

My store does not use the computer to process my credit cards.  Do I need to be PCI DSS compliant?

• Yes - You need to contact your processor to complete the PCI DSS requirements.

---

Is compliance testing a one time occurrence?

• No - PCI Compliance is an ongoing process and requires your store to keep up to date with TransActPOS versions,  PCCharge versions, computer operating systems, firewalls, antivirus applicaitons and other aspects of your environment.  Further information is availabe within the PCI Secuirty Compliance Council link below and other resources.

---

What are the steps to getting my TransActPOS and PCCharge updated to PCI DSS Compliant versions?

• Contact PCCharge and order an update of your PCCharge Payment Server to version 5.8.1 or greater 
• Upgrade your current PCCharge Payment Server with the technical assistance of the PCCharge technicial support team
• Order a VeriFone MX830 consumer-facing payment interface for each point-of-sale workstation accepting credit card payments
• Download and update your system to TransActPOS Version 3 Build 245 or greater
• Configure TransActPOS to recognize the upgraded PCCharge Payment Server and the VeriFone MX830 consumer-facing payment interface

Completing these steps does not make your site PCI DSS compliant.  Contact your credit card processor to find further information regarding the PCI DSS compliance process.

---

What is the cost to upgrade TransActPOS to the current PCI DSS compliant version?

• Upon renewal of your annual TransActPOS Maintenance Plan, you will see an additional $19 per year for each user license. For example, a 5 user TransActPOS installation will see a $95 increase in the 5 user license annual fee or approxiamtely $7.92 per month.

---

What is PCI DSS?

• The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.

---

What is PA-DSS?

• PA-DSS (Payment Application Data Security Standard) is the Council-managed program formerly under the supervision of the Visa Inc. program known as the Payment Application Best Practices (PABP). The goal of PA-DSS is to help software vendors and others develop secure payment applications that do not store prohibited data, such as full magnetic stripe, CVV2 or PIN data, and ensure their payment applications support compliance with the PCI DSS. Payment applications that are sold, distributed or licensed to third parties are subject to the PA-DSS requirements.