Payment Processing Software Security Guide

911 Software is committed to the security of your company and and your customers.
Security Through Credit Card Software

IMPORTANT SECURITY GUIDELINES

All credit card processing software versions starting with 3.01.09 are certified by VISA to be fully compliant with the latest CISP Payment Application Best Practices security requirements and are designed in accordance with PCI Data Security Standard guidelines.

Warning: Processing payments through CreditLine versions older than 3.01.09 is an industry standards violation and may result in heavy penalties.

For the latest and best in security technology we strongly recommend upgrading to a version 3.03.12 or newer.

We are currently working on the next generation of payment application security, PA-DSS. PA-DSS will become an industry requirement in June 2010 at which point it will replace the current PABP CISP standard. Expected PA-DSS version release date: Q4 of 2008.

Pre 3.0 Versions End Of Life Announcement

PA-DSS Definition
PA-DSS: Next Generation Security Standard for Payment Processing Software

PA-DSS is the next generation PCI Security Guidelines that replaces the older PABP standard. The PABP program was created and overseen by Visa. Now, through PCI SSC, the five majorglobal payment brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) will support the PA-DSS, allowing even greater opportunity to standardize security requirements, Qualified Security Assessor testing and lab methodologies, and approval processes for payment applications.

Important Dealines
Deadlines

* Jul 1, 08 – VNPs and agents must only certify new payment applications to their platforms that are PABP-compliant
* Aug 1, 08 – New payment application assessments will be assessed under the PA-DSS
* Oct 1, 08 – Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications
* Jul 1, 10 – Acquirers must ensure their merchants, VNPs and agents use only PA-DSS-compliant applications

911 Software will certify PA-DSS compliant version of CreditLine payment processing software by the end of 2008

Documentation

* PA-DSS Dealer and End-User Guide
* PCI Security Standards Web Site

PABP Documents

* CISP Payment Application Best Practices (PABP) for POS Credit Card Software
* PCI Data Security Standard
* List of CISP PABP certified Payment Applications

Please see Credit Card Software Security Setup Guide for review of CreditLine credit card processing software security features.


Security Through Hardware

For internet security and Dial-Up backup we recommend a hardware firewall router with Dial Back-Up such as Netgear FR328S (8-port Cable/DSL ProSafe Firewall with Dial Back-up)




Cardholder Information Security Program - CISP

911 Software has followed CISP guidelines to ensure cardholder account security in credit card software

The following steps have been taken:

1) Truncation of credit card account numbers in CreditLine credit card software

2) Encryption of credit card cardholder data in CreditLine credit card software

3) Password protection of credit card data in CreditLine credit card software


For the purposes of CISP security certification:

1) 911 Software does not store, handle, and/or process cardholder data

2) 911 Software does not have access to any of the cardholder data that the merchants process