User Tools

Site Tools


pci_update_info

This is an old revision of the document!


PCI Upgrade Information

warning UNDERCONSTRUCTION - May 2017

What is PCI Compliance?
PCI Standards Organization


What does PCI have to do with System Five?

All businesses in North America that process, store, or key credit/debit card information into their business software were asked to be PCI compliant by July 1, 2010. This is a PCI Security Standards Council requirement and deadline. You likely received notification from your credit card processing company about PCI compliance. If your Windward System Five software has not been upgraded to the PCI compliant version you need to upgrade the software to make it compliant given the deadline has already passed. Please contact your credit/debit card processing company for details on any possible consequences for not being PCI compliant.


IMPORTANT: If you are not processing or storing credit/debit card information in System Five, you are not required to upgrade your System Five software. If you are using pin pad technology you need to ensure your pin pads are PCI compliant. Please contact your pin pad supplier or manufacturer to check for compliance.

How to check if you are PCI compliant

I am currently using System Five Version 6.0
I am currently using Pervasive Version 10
To verify your Pervasive version, click here

I am currently using a compliant Pinpad device (if using a pinpad device)

If you meet the conditions above, System Five is PCI Compliant. You need to make sure that your entire computer system and network complies with all the other system requirements.


If you do NOT meet these conditions:

  • Please note the version of System Five you are running
  • Please note the version of Pervasive you are running
  • Verify if you are using integrated credit card processing.
  • Verify that your Pinpad is compliant. To verify this, see the System Five Supported Hardware List

If you are using integrated credit card processing, you MUST have Pervasive 10 and System Five Version 6.0 and a compliant Pinpad.

PCI Check Steps:

1. When your program is not PCI compliant, you will get this PCI check prompt below.

You may also manually go to Setup Wizard>Payment Processing…and just follow the prompts.

2. Click on Yes…

3. This window shows the number of days you would like to keep your card numbers. This is specifically used for customers who use the ‘Credit Card on File’ feature of System5. For most, it is recommended to just keep it at 0 day/s. Click Yes.

4. On this next step, it will list down System5 users who have not log in for more than 30 days, expired passwords or without password expiry dates. All these needs to be addressed. Please remember that a PCI compliant password should contain at least be seven (7) characters with letters, numbers and symbols ( !@#$%^&*() ).

These users’ issues need to be resolved. Login to those users who have not login for more than 30 days, change the user password or set an expiry date by going to the Setup Wizard>Users and Security>Names and Passwords. Select and edit the user. See image below:

6. Once all users’ issues are resolved you will then be able to proceed and just click Yes on the next windows.

7. Manually check the checkboxes below. If you are able to check all boxes, then you can proceed with the next step and finish the PCI check. However, there are instances when the boxes are greyed out.

The last 6 boxes are the ones that usually give users an issue to complete the check.

a. System Five is up to date with the latest release — this means that you need to update/upgrade your System5. Follow this link: http://wiki.wws5.com/doku.php?id=system5_upgrade
b. Data Files are in a directory not accessible from users — you have to share the whole Windward or System5 folder with read/write permissions for everyone.
c. Data Files are securely Encrypted — Click on the ‘Re-encrypt Cardholder data’ to fix this.
d. Pervasive 10 Security Features are enabled — this will only happen for customers running PSQL 9 and below.
e. Program files are not trusted — Click on ‘Check OCX Files’ to fix this.
f. Key Encrypting keys have been regenerated — Click on ‘Key Management’.

This window will pop up. Click on Key Management and Rotate Keys.

Wait until it is completed.

8. All boxes can be manually checked now and click on Yes to proceed.

9. PCI check is complete. Click on OK.

pci_update_info.1494536823.txt.gz · Last modified: 2017/05/11 14:07 (7 years ago) by cparagoso