We can help you attain PCI compliance!
The Dilemma:
How do I ensure maximum security for my
credit card customers without going broke in the process?
2 major situations may need
to be addressed immediately.
1.
How do I
securely deliver transactions to my ON/2 system?
2.
How do I
ensure they are kept secure once I receive them?
Situation # 1 (Secure
Delivery) :
PCI requires merchants to protect credit card numbers in all ways possible. They have also arbitrarily defined penalties for not complying with their security directives.
Many merchants have POS terminals and controllers that use TCP/IP for communications, and have in-store networks shared by other non financial based terminals and controllers (e.g. scales, price lookup etc.). Auditors have seen that card numbers can be determined by “sniffing” this traffic at the non-financial controllers, and have determined this traffic should be encrypted. Merchants should convert their POS traffic to use SSLV3 (Secure Socket Layer Version 3) protocol to encrypt financial based traffic.
There are 2 ways to accomplish this, using a hardware based encryption box for each controller/terminal and a corresponding one at their host, or use SSL software to encrypt the traffic. At first glance, the software solution is obviously much cheaper and easier to implement on a chain wide basis. OpenSSL accomplishes this and complete source code is provided by OpenSSL.org.
The Problem:
The OpenSSL package is only supported by Stratus on the newer Continuum 8100 and V-Series machines. You must have the newer hardware, and then purchase the OpenSSl package, the POSIX package, and have a c or C++ compiler. If you spend the money to upgrade your hardware, you must then pay S2 additional license fees to run ON/2 on the faster hardware. You are now faced with 3 different sets of fees (Stratus Hardware, Stratus Software, S2 licensing) and must still modify your existing application (fin_term program) to take advantage of the SSL package.
The Solution:
Gateway Solutions offers a set of programs, and modifications to your existing application that runs on the older hardware, without the need for additional hardware or software from Stratus, or the need to pay additional licensing fees to S2. This is a proven package, currently in production at other sites that can be easily implemented for a fraction of the costs of other alternatives. We provide source code, and full support for the package once you have implemented it as well.
Situation #2 (Secure
Storage) :
After the transactions have been securely delivered to your system and processed, you must ensure the security of the credit card number on your system.
PCI requires merchants to encrypt their archives of card numbers to ensure that if the system is accessed by unauthorized users, that the card numbers remains secure. There are several ways to accomplish this, including storing all numbers on a separate system, encrypting them there, and retrieving them as required. The other is to encrypt them directly on the Stratus.
The Problem:
Encrypting cards on a separate system becomes complicated, expensive, adds another point of failure in the system, and can get very expensive trying to maintain fault tolerance. Encrypting them on the Stratus directly can be done either through a hardware device or in software. Adding a hardware device to encrypt all cards in a real time environment can delay response times, add another failure point, and can become expensive. Encrypting them through software may require many modifications to your existing software which becomes expensive to program test and maintain. Maintaining key values adds to the complexity of the problem.
The Solution:
Gateway Solutions offers a secure, software based product that requires no changes to your existing programs, requires minimum CPU usage, and adds less than 4 one thousandths of a second to the real time transaction (based on 7XXX Continuum). It can be used with or without hardware key management devices, key names and values are generated automatically, so key maintenance is never necessary. All card numbers are encrypted using 168 bit Triple –DES keys ensuring customer card numbers remain secure. Future enhancements already in the works will allow the option of using AES encryption of card numbers. Again, we provide source code, and full support for the package once it has been implemented. No changes, no maintenance, quick response and lower costs make this a win for you and your customers.
The Next Step:
Contact Gateway Solutions today to get a free assessment of your particular situation and a response including costs and timeframes required to ensure the highest safety for your customers, and to avoid penalties from credit card companies.