SSLV3 for ON/2
The Situation:
PCI requires merchants to protect credit card numbers in all ways possible. They have also arbitrarily defined penalties for not complying with their security directives.
Many merchants have POS terminals and controllers that use TCP/IP for communications, and have in-store networks shared by other non financial based terminals and controllers (e.g. scales, price lookup etc.). Auditors from PCI have seen that card numbers can be determined by “sniffing” this traffic at the non-financial controllers, and have determined this traffic should be encrypted. Merchants should convert their POS traffic to use SSLV3 (Secure Socket Layer Version 3) protocol to encrypt financial based traffic.
There are 2 ways to accomplish this, using a hardware based encryption box for each controller/terminal and a corresponding one at their host, or use SSL software to encrypt the traffic. At first glance, the software solution is obviously much cheaper and easier to implement on a chain wide basis. OpenSSL accomplishes this and complete source code is provided by OpenSSL.org.
The Problem:
The OpenSSL package from Stratus has a number of prerequisites:
Software:
·
VOS Release 14.7.0ah or later
·
VOS
STREAMS TCP/IP
·
VOS
GNU C++ and GNU Tools Release 2.0.2b or later
·
VOS
C Runtime
Hardware: VOS Continuum PA-8xxx systems, which
include PA-8000, PA-8500, and PA-8600 modules, and require approximately 9000
blocks of disk space.
You must have the newer hardware, then purchase the OpenSSL package, the POSIX package, and the GNU C++ compiler, and tools. If you spend the money to upgrade your hardware, you must then pay ACI additional license fees to run ON/2 on the faster hardware. You are now faced with 3 different sets of fees (Stratus Hardware, Stratus Software, ACI licensing) and must still modify your existing application (fin_term program) to take advantage of the SSL package.
The Solution:
Gateway Solutions offers a set of programs, and modifications to your existing application that runs on the older hardware, without the need for additional hardware or software from Stratus, or the need to pay additional licensing fees to S2. This is a proven package, currently in production at other sites that can be easily implemented for a fraction of the costs of other alternatives. We provide source code, and full support for the package once you have implemented it as well.
The Next Step:
Contact Gateway Solutions today to get a free assessment of your particular situation and a response including costs and timeframes required to ensure the highest safety for your customers, and to avoid penalties from credit card companies.