Aldelo EDC - PCI Guide
CISP/PCI Implementation Guidance
For Aldelo EDC Version 6.0.1.18 or Later
Confidential Information Intended for Customers of Aldelo EDC
1
Confidential Information Intended for Customers of Aldelo EDC
PUBLISHED BY
Aldelo Systems Inc.
4641 Spyres Way, Suite 4
Modesto, CA 95356
Copyright © 1997-2008 by Aldelo Systems Inc.
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by
any means without the written permissions of the publisher.
This manual is available through Aldelo Systems Inc. and resellers worldwide. For further information about
other languages that the manual may be translated in, please contact Aldelo Systems Inc. or visit our Web site
at www.aldelo.com. Send comments about this manual to [email protected]
Aldelo is the registered trademark of Aldelo Systems Inc. Other products or company names mentioned
herein are the trademarks of their respective owners.
The example companies, organizations, products, logos, people, places, and events depicted herein are
fictitious. No association with any real company, organization, product, logo, person, place or event is
intended or should be inferred.
2
Confidential Information Intended for Customers of Aldelo EDC
Table of Contents
Chapter 1: Introduction to PCI Compliancy .................................................................................................. 4
Chapter 2: PCI DSS Payment Application Environment Requirements ..................................................... 5
Access Control ................................................................................................................................................. 5
Remote Access ................................................................................................................................................. 5
Non-Console Administration ........................................................................................................................... 6
Wireless Access Control .................................................................................................................................. 6
Transport Encryption ....................................................................................................................................... 6
Key Custodian .................................................................................................................................................. 7
Network Segmentation ..................................................................................................................................... 7
Information Security Policy/Program .............................................................................................................. 9
Chapter 3: Payment Application Configuration ........................................................................................... 10
Baseline System Configuration ...................................................................................................................... 10
Application Configuration ............................................................................................................................. 10
Installing Internet Information Services ......................................................................................................... 11
Installing .NET Framework 3.5 ..................................................................................................................... 12
Installing Microsoft Point of Service for .NET .............................................................................................. 12
Installing Microsoft SOAP Toolkit 3.0 .......................................................................................................... 13
Installing SQL Server 2005 ............................................................................................................................ 13
Installing Aldelo EDC .................................................................................................................................... 13
Database Setup ............................................................................................................................................... 14
Store Settings ................................................................................................................................................. 15
Security Settings ............................................................................................................................................ 16
Users .............................................................................................................................................................. 16
Merchant Accounts ........................................................................................................................................ 17
Chapter 4: Updates and References ............................................................................................................... 18
Updates to Aldelo EDC .................................................................................................................................. 18
More Information ........................................................................................................................................... 18
Chapter 1:
Introduction to PCI Compliancy
Systems which process payment transactions necessarily handle sensitive cardholder account information.
The Payment Card Industry (PCI) has developed security standards for handling cardholder information in a
published standard called the PCI Data Security Standard (DSS). The security requirements defined in the DSS
apply to all members, merchants, and service providers that store, process or transmit cardholder data.
The PCI DSS requirements apply to all system components within the payment application environment which
is defined as any network device, host, or application included in, or connected to, a network segment where
cardholder data is stored, processed or transmitted.
The following high level 12 Requirements comprise the core of the PCI DSS:
Build and Maintain a Secure Network
1. Install and maintain a firewall configuration to protect data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
3. Protect Stored Data
4. Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a Vulnerability Management Program
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
Implement Strong Access Control Measures
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly Monitor and Test Networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an Information Security Policy
12. Maintain a policy that addresses information security
The remainder of this document describes the essential guidance for implementing Aldelo EDC in a PCI
compliant environment.
4
Confidential Information Intended for Customers of Aldelo EDC
Chapter 2:
PCI DSS Payment Application
Environment Requirements
Access Control
The PCI DSS requires that access to all systems in the payment processing environment be protected through
use of unique users and complex passwords. Unique user accounts indicate that every account used is
associated with an individual user and/or process with no use of generic group accounts used by more than one
user or process. Additionally any default accounts provided with operating systems, databases and/or devices
should be removed/disabled/renamed as possible, or at least should have PCI DSS compliant complex
passwords and should not be used. Examples of default administrator accounts include “administrator”
(Windows systems), “sa” (SQL/MSDE), and “root” (UNIX/Linux).
The PCI standard requires the following password complexity for compliance:
 Passwords must be at least 7 characters
 Passwords must include both numeric and alphabetic characters
 Passwords must be changed at least every 90 days
 New passwords can not be the same as the last 4 passwords
PCI user account requirements beyond uniqueness and password complexity are listed below:
 If an incorrect password is provided 6 times the account should be locked out
 Account lock out duration should be at least 30 min. (or until an administrator resets it)
 Sessions idle for more than 15 minutes should require re-entry of username and password to
reactivate the session.
These same account and password criteria must also be applied to any applications or databases included in
payment processing to be PCI compliant.
Remote Access
The PCI standard requires that if employees, administrators, or vendors are granted remote access to the
payment processing environment; access should be authenticated using a two-factor authentication mechanism
(username/ password and an additional authentication item such as a token or certificate).
In the case of vendor remote access accounts, in addition to the standard access controls, vendor accounts
should only be active while access is required to provide service. Access rights should include only the access
rights required for the service rendered, and should be robustly audited.
5
Confidential Information Intended for Customers of Aldelo EDC
Non-Console Administration
Users and hosts within the payment application environment may need to use third-party remote access
software such as Remote Desktop (RDP)/Terminal Server, pcAnywhere, etc. to access other hosts within the
payment processing environment. However, to be compliant, every such session must be encrypted with at
least 128-bit encryption (in addition to satisfying the requirement for two-factor authentication required for
users connecting from outside the payment processing environment). For RDP/Terminal Services this means
using the high encryption setting on the server, and for pcAnywhere it means using symmetric or public key
options for encryption. Additionally, the PCI user account and password requirements will apply to these
access methods as well.
Wireless Access Control
The PCI standard requires the encryption of cardholder data transmitted over wireless connections. The
following items identify the PCI standard requirements for wireless connectivity to the payment environment:
 Firewall/port filtering services should be placed between wireless access points and the payment
application environment with rules restricting access
 Use of appropriate encryption mechanisms such as VPN, SSL/TPS at 128 bit, WEP at 128 bit, and/or
WPA
 If WEP is used the following additional requirements must be met:
o Another encryption methodology must be used to protect cardholder data
o If automated WEP key rotation is implemented key change should occur every ten to thirty
minutes
o If automated key change is not used, keys should be manually changed at least quarterly and
when key personnel leave the organization
 Vendor supplied defaults (administrator username/password, SSID, and SNMP community values)
should be changed
 Access point should restrict access to known authorized devices (using MAC Address filtering)
Transport Encryption
The PCI DSS requires the use of strong cryptography and encryption techniques with at least a 128 bit
encryption strength (either at the transport layer with SSL or IPSEC; or at the data layer with algorithms such
as RSA or Triple-DES) to safeguard sensitive cardholder data during transmission over public networks (this
includes the Internet and Internet accessible DMZ network segments).
Additionally, PCI requires that cardholder information is never sent via email without strong encryption of the
data.
6
Confidential Information Intended for Customers of Aldelo EDC
Key Custodian
Aldelo EDC encryption key is administered by the Master (first or primary) Administrator. This Master
Administrator therefore is considered the Key Custodian of the Payment Application, and is responsible to
perform periodic key changes (as well as their passwords) based on PCI compliancy requirements.
Additionally, the Master Administrator should sign an official acknowledgement form created or issued by the
merchant organization of those Key Custodian responsibilities.
Examples of Key Custodian Responsibilities:





Change the administrator account password periodically in compliance with PCI requirements
Change the Aldelo EDC encryption key periodically in compliance with PCI requirements
Periodically perform security audit and transactional log audits in compliance with PCI requirements
Maintain System updates, patches, and security perimeter configurations in compliance with PCI
requirements
Manage user or process accounts in compliance with PCI requirements
Network Segmentation
The PCI DSS requires that firewall services be used (with NAT or PAT) to segment network segments into
logical security domains based on the environmental needs for internet access. Traditionally, this corresponds
to the creation of at least a DMZ and a trusted network segment where only authorized, business-justified
traffic from the DMZ is allowed to connect to the trusted segment. No direct incoming internet traffic to the
trusted application environment can be allowed. Additionally, outbound internet access from the trusted
segment must be limited to required and justified ports and services.
A simplified high-level diagram of an expected network configuration for a web based payment application
environment is included:
7
Confidential Information Intended for Customers of Aldelo EDC
8
Confidential Information Intended for Customers of Aldelo EDC
Information Security Policy/Program
In addition to the preceding security recommendations, a comprehensive approach to assessing and
maintaining the security compliance of the payment application environment is necessary to protect the
organization and sensitive cardholder data.
The following is a very basic plan every merchant/service provider should adopt in developing and
implementing a security policy and program:
 Read the PCI DSS in full and perform a security gap analysis. Identify any gaps between existing
practices in your organization and those outlined by the PCI requirements.
 Once the gaps are identified, determine the steps to close the gaps and protect cardholder data.
Changes could mean adding new technologies to shore up firewall and perimeter controls, or
increasing the logging and archiving procedures associated with transaction data.
 Create an action plan for on-going compliance and assessment.
 Implement, monitor and maintain the plan. Compliance is not a one-time event. Regardless of
merchant or service provider level, all entities should complete annual self-assessments using the PCI
Self Assessment Questionnaire.
 Call in outside experts as needed. Visa has published a Qualified Security Assessor List of companies
that can conduct on-site CISP compliance audits for Level 1 Merchants, and Level 1 and 2 Service
Providers. MasterCard has published a Compliant Security Vendor List of SDP-approved scanning
vendors as well.
9
Confidential Information Intended for Customers of Aldelo EDC
Chapter 3:
Payment Application Configuration
Baseline System Configuration
Below are the operating systems and dependent application patch levels and configurations supported and
tested for continued PCI DSS compliance:
 Microsoft Windows 2000 Service Pack 4;
Windows XP Professional with Service Pack 2;
Windows Server 2003 with SP1;
All latest updates and hot-fixes should be tested and applied.
 512 MB of RAM minimum, 1 GB or higher recommended
 1 GB of available hard-disk space
 TCP/IP network connectivity
 Broadband Internet Connection
Application Configuration
Aldelo EDC requires certain Windows Operating System features to be installed prior to deploying. There are
some prerequisites that must be met before Aldelo EDC may be installed on a system.
The following list describes the hierarchical order of deployment:
 Step 1: Ensure that the system that Aldelo EDC will be deployed to meets the Baseline System
Configuration requirements
 Step 2: Ensure that the System has Internet Information Services 5.0 or later installed
 Step 3: Install Aldelo EDC based on intended deployment strategies (Server or Client)
The following sections will describe key concepts for a deployment to a system running Windows XP Pro.
Installation in Windows 2000 or Windows Server 2003 should be comparable.
10
Confidential Information Intended for Customers of Aldelo EDC
Installing Internet Information Services
Aldelo EDC requires Microsoft Internet Information Services (IIS) to be installed prior to deployment. IIS is
included with Windows 2000 Professional; Windows XP Pro; Windows Vista Home Premium, Business,
Enterprise, Ultimate; and Windows Server 2003 operating systems.
If the System does not have IIS installed, it can be installed by using the Add/Remove Windows Components
function from Windows Control Panel. Be sure to have your Windows installation CD available when
installing this component.
The following steps describe how to install IIS to a Windows XP Pro System:
Click the “Start” button on the taskbar to bring up the Start Menu
Navigate to “Control Panel” to view a list of control panel applet options
Click on “Add/Remove Programs”
Within the “Add/Remove Programs” dialog, click the “Add/Remove Windows Components” located
on the left side bar
5. A wizard dialog will show. Navigate to the checkbox labeled “Internet Information Services” and
enable the checkbox (On Windows Server 2003, you will navigate to the “Application Server”
checkbox instead to choose the IIS option)
6. Highlight “Internet Information Services” and click on “Details”
7. Uncheck the option “SMTP Service” if you are not going to use this computer as an email server
(Most customers will not need this option and removing it will reduce the attack surface of your
system)
8. Click “OK”
9. Click “Next” to start the installation of the files
a. This may prompt for the Windows installation CD, so have it handy
10. Once the installation finishes, restart the system
1.
2.
3.
4.
The following steps describe how to install IIS to a Windows Vista System:
1.
2.
3.
4.
5.
6.
7.
8.
11
Click the “Windows Logo” button on the task bar to bring up the Start Menu
Navigate to “Control Panel” to invoke the control panel list of features
Double click the “Programs and Features” icon
Within “Programs and Features” screen, click the “Turn Windows Feature On or Off” option
The UAC prompt will appear requesting your permission to continue
In the “Windows Features” dialog, select the “Internet Information Services” option
Click “OK”
Once the installation finishes, IIS will be installed on Vista
Confidential Information Intended for Customers of Aldelo EDC
Installing .NET Framework 3.5
Aldelo EDC requires Microsoft .NET Framework 3.5 to be installed on the System in order to operate. You
may install .NET Framework 3.5 either before or after the installation of Aldelo EDC. .NET Framework 3.5
may be installed via Windows Updates or from “Aldelo Prerequisite Installer” package. The .NET Framework
3.5 only needs to be installed once.
If for some reason that the .NET Framework 3.5 was installed prior to IIS on a System, please be sure to
execute the “Register ASP.NET to IIS” action from the “Aldelo Prerequisite Installer” program group within
the Start Menu.
Alternatively, to manually perform “Register ASP.NET to IIS”, please following the instructions listed below:







Click the “Start” menu on Windows Task Bar
Click the “Run” command
Type in “cmd” in the dialog screen
In the popup screen that resembles DOS (Black background screen with blinking cursor), type in
“cd\” followed by the Enter key. Your screen should now show “C:\>”
Now type in “cd windows” followed by the Enter key (If your Windows is installed in a different
folder name, enter that instead). Your screen should now show “C:\Windows>”
Now type in “cd microsoft.net\framework\v2.0.50727” followed by the Enter key. Your screen
should now show “C:\Windows\Microsoft.NET\Framework\v2.0.50727>”
Finally, enter “aspnet_regiis -i” followed by the Enter key. You will be prompted with a progress
message and then association will be complete
Installing Microsoft Point of Service for .NET
Aldelo EDC supports the printing of transaction receipt to specialized POS printers. Aldelo EDC uses
Microsoft POS for .NET peripheral integration methods to deliver printing instructions. The install of this
component is optional for merchants.
The Installation of Microsoft Point of Service for .NET is available via “Aldelo Prerequisite Installer”.
Choose the “Install Microsoft Point of Service for .net 1.12” option from the Start Menu once the Aldelo
Prerequisite Installer has been installed.
If POS for .NET printing integration is to be used, the underlying POS printer must support POS for .NET or
OPOS 1.18 with appropriate drivers. For technical assistance regarding POS printer setup and integration with
POS for .NET, please contact the respective printer manufacturers for prompt assistance.
12
Confidential Information Intended for Customers of Aldelo EDC
Installing Microsoft SOAP Toolkit 3.0
Although Aldelo EDC is built entirely on Microsoft .NET Framework 3.5, however, Microsoft Soap Toolkit
3.0 must be installed on all legacy client applications (Non .NET Framework clients) in order to enable
payment processing between the legacy clients and Aldelo EDC.
The Microsoft SOAP Toolkit 3.0 can be found on the Payment Application’s CD.
Installing SQL Server 2005
Aldelo EDC requires SQL Server 2005 to be installed in order to function. Aldelo EDC supports all SQL
Server 2005 editions except the Compact Edition. SQL Server 2005 is used to store operational data for Aldelo
EDC. For most merchants, SQL Server 2005 Express installed as Aldelo Instance is preferred since it is free
and will be adequate in most cases. Aldelo EDC provides the SQL Server 2005 Express installation option as
Aldelo Instance via “Aldelo Prerequisite Installer” package. By performing the install via “Install Microsoft
SQL Server 2005 Express” from Start Menu as part of “Aldelo Prerequisite Installer” package, all predefined
settings will be used such as the Aldelo Instance and options necessary for a seamless install experience.
For instructions on how to properly install SQL Server 2005, please refer to the appropriate software
installation documentation. Please follow all PCI compliancy requirements when installing the database
server.
Installing Aldelo EDC
When the above considerations have been met, you will be ready to install and setup Aldelo EDC. The first
action is to install Aldelo EDC onto the System that will be hosting the application. Install this application just
like you would any other program. Once installed, you will be able to get started with configuration. The
following sections will describe each setup actions in greater detail.
13
Confidential Information Intended for Customers of Aldelo EDC
Database Setup
The first step in working with Aldelo EDC will be to setup a new database. Start by first connecting to the
SQL Server 2005 that you are working with. To setup your database, follow the steps below.
Click “File” on the Aldelo EDC menu bar
Select “Database Setup”. This will bring up the screen where you configure your database
connection settings and create new databases.
3. In the SQL Server field, enter the name and instance of the SQL Server 2005 that you wish to connect
to. If it is located locally, you may use the word “(local)” or “.”
4. Once you have selected your SQL Server, fill in the authentication information. You can use either
Windows Authentication or SQL Server Authentication. However, it is highly recommended that
Windows Authentication is used to prevent your username and password from being sent in clear text
as this is the case with SQL Server Authentication. Aldelo Instance of SQL Server 2005 Express is
set to Mixed Mode Authentication to give you the option of choosing your authentication type.
5. Click “Test” to ensure that the new settings are entered properly. If it fails, please review the SQL
Server and Authentication fields previous specified.
6. Once the test is successful, now select “Create New Database” option
7. Type in the name of your database in the “Database Name” field. Do not enter spaces or special
characters
8. Click the “…” button in the “Data File Path”. This will allow you to select the folder you wish to
store the database in. The default folder should be fine for most installations
9. Click “Create”. This will run through the process of creating the database on the server. You should
see a successful message once it completes
10. Click “Select Existing Database”
11. Select the database name that was just created.
12. Click “Connect” to associate with the selected database for use. The “Current Data Source Link”
information will be updated to show the newly selected connection settings.
1.
2.
Tech Tip: To implement the software in a DMZ environment, you will need to install
Aldelo EDC on the database machine for the purpose of creating the database. Once
this is complete, you can remove Aldelo EDC completely.
14
Confidential Information Intended for Customers of Aldelo EDC
Store Settings
Once the database is created and connected, please go to the Store Settings menu option to start configuration.
The following list will help you guide through this process:
Click “Setup” in the Aldelo EDC menu bar
Select “Store Settings” to bring up the Store Settings screen for configuration
Enter the IP Address (or “localhost” if it’s the same system) of the system hosting the Payment
Application. Most installations will use “localhost”. It is a good idea to give this station a static IP
Address since this system is hosting a service that is accessed via an IP Address.
4. You can leave the “EDC Web Service Application Name” the default name unless you manually
change it in IIS. Only advanced networking professionals will want to change this.
5. “Use Secure Channel (SSL)” is used to secure communications between an application and Aldelo
EDC. This is highly recommended as it will prevent any attempts to capture data traveling across the
network or internet if used remotely. To use SSL, you must either purchase an SSL certificate from a
trusted vendor or generate one using Windows. For more on this, refer to the Microsoft help system
or website.
6. Enter a password in the “Card Encryption Password” field. This password is used to encrypt all
transactions that are stored in the database. Additionally, this field is the encryption key, and the
Master Administrator (first administrator to the System) is considered the Key Custodian. As a Key
Custodian, the administrator is responsible for periodic changing of this key and the administrator’s
account password per PCI compliancy requirements. Additionally, the Key Custodian should sign an
acknowledgement of responsibilities form with the merchant.
7. “Audit Trail History Kept Days” is the number of days the system will keep recorded activities in the
system. These can be viewed in the Reports section of the software. It is recommended that you
keep a good history of your system audit logs. The minimum is 90 but it is recommended to keep
180 days or more.
8. “Batch Auto Close Time” is the time that the batch will automatically be processed.
9. “Auto Batch Close User Name” is the user account name that will perform the auto batch.
a. The software must be running at all times for the Auto Batch function to work
b. The batch user must also have Batch and Sales security permissions assigned
10. Click “Receipt” to go to the next tab.
11. Fill in the “Receipt Header Line 1” with what you would like to show at the top of the credit card slip.
12. Click “Done”. This will save the settings so you can move onto other first time setup tasks. You can
always come back to this page to change more settings once you have the initial ones done.
1.
2.
3.
15
Confidential Information Intended for Customers of Aldelo EDC
Security Settings
Before you are able to fully use the software, you need to setup at least one user account. Each user account
will have associated securities with it by assigning a security role to the user. These security roles must first
be created before they can be assigned to any user. To create a security role, follow the steps below.
1.
2.
3.
4.
5.
Click “Setup” at on the Aldelo EDC menu bar
Select “Security Settings”. This will bring up the screen where all your security roles are listed.
Click “New”. This will allow you to create your first security role.
For the first security role, it is a good idea to call it something like “Admin” or “Owner” or something
to that affect. This user will have all rights in the software so make sure to check all checkboxes to
allow full access to everything.
a. Administrative access should only be given to one person. This employee should not share
this access with any other employee or give out their username or password.
Click “Done”. This will save this security role.
Users
After you have created your first security role that has full access to the software, you will want to assign that
role to your first user. This user will be the administrator of the software since they will have full access to all
the features of the software. To create the first user and assign the security account, follow the steps below.
1.
2.
3.
4.
5.
6.
Click “Setup” at the Aldelo EDC menu bar
Select “Users”. This will bring up the screen where all your user accounts are listed.
Click “New” to create a new user.
Fill in the “User Name” field with a user that describes who or what this user is. The first one should
be the name of the person who will be administering the system. This should not be “Admin” or
“Administrator” or the person’s title. It should be the actual name of the person.
Fill the in the “Password” and “Re-enter Password” fields with this users password. This will be the
password used when you try to access something that is protected by the security settings. Your
password must be a complex password in that it must have 7 characters, Upper and Lower case,
special characters, and numbers. Password will also auto expire in 90 days and will automatically
lock the user out after 6 attempts to guess the password. If the user does not change the password
before the password expires, the account will be locked and the admin will have to unlock the account
before the password can be updated. These are PCI compliancy requirements. If your account is
locked, it will automatically unlock after 30 minutes or can be reset by the administrator. The 30 min
reset does not apply to expired password locks. Passwords also need to be historically unique and
you cannot use the same password within 4 changes of your password.
To assign the security role to this user, put a check in the box next to the security role you wish to
assign to this user. The first user should have admin rights so they can have full access to the system.
If the user is the Master Administrator, then this person will be considered the Key Custodian. Please see the
Key Custodian sections mentioned previously for more details.
16
Confidential Information Intended for Customers of Aldelo EDC
Merchant Accounts
Once you have your first user setup, you can now setup your merchant account. This is the core of the
software and you will need a merchant account to complete this section. If you have not setup your merchant
account yet with your merchant account provider, you can still setup other parts of the software and come back
to it later. To setup a new merchant account, follow the steps below.
Click “Setup” on Aldelo EDC menu bar
Select “Merchant Accounts”. This will bring up the list of Merchant Accounts you have. Normally
you will only have one.
3. Click “New”. This will bring up a blank Merchant Account.
4. Fill in the “Account Name” field. This can be any name you wish and don’t have to be the name of
the account provider.
5. Select the “Account Type” as “Primary”
6. Select the “Merchant Service Provider”. This is the actual company you have your merchant account
with. As you change this field, the processor settings will change.
7. Select the “Business Type”.
a. Restaurant: if the merchant is setup as a restaurant (Needs tip adjustments)
b. Retail: if the merchant is setup as a retail store (No tip adjustments)
c. MOTO: if the merchant is setup as mail order/telephone order
8. Fill in the various fields that pertain to this merchant account type. You will get this information
from your merchant provider.
9. Mark the account as “Active Account”.
10. Select “Enable Tracing”. This will allow you to track exactly what is going through the system and is
very useful for troubleshooting issues.
11. Click “Done”.
1.
2.
Once the merchant account is configured in the Payment Application, it is best practice to use a live credit card
to process a test transaction against the live merchant account. Once live test is successful, make sure to close
batch.
It is not recommended that customers enable the “Demo” checkbox within the Merchant Account Setup
screen. The “Demo” checkbox is only reserved for use under supervision or guidance of Aldelo Systems’
support engineers. When a merchant account is setup as “Demo”, all transactions will be simulated, and no
request will be sent to the processors. (Do not use the “Demo” feature unless instructed by an Aldelo support
engineer. When test session ends, always close current batch before switching back to “Live” mode)
Tech Tip: If you need more information about any field in Aldelo EDC, use the tool
tips by keeping the mouse pointer over the field you have questions about. This will
display a description of what the field is used for.
17
Confidential Information Intended for Customers of Aldelo EDC
Chapter 4:
Updates and References
Updates to Aldelo EDC
Updates to Aldelo EDC will be made available from time to time and should immediately be installed if the
update addresses a security issue. Aldelo Systems Inc. will have security related issues resolved within 10
business days of development confirming such issues. Updates will be posted to the www.aldelo.com website
upon release and can be downloaded at any time with the proper credentials for the website.
More Information
A copy of the Payment Card Industry (PCI) Data Security Standard from VISA’s security website is available
at the following Internet address:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html
Additional information for merchants from VISA is available at the following Internet address:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_merchants.html?it=il|/business/accepting
_visa/ops_risk_management/cisp.html|Merchants
A listing of qualified security assessors from VISA is available at the following Internet address:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp_accessors.html?it=l2|/business/accepting
_visa/ops_risk_management/cisp_merchants%2Ehtml|Assessors
For Best Security Practices when installing Internet Information Services, please refer to the Microsoft website
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/596cdf5a-c8524b79-b55a-708e5283ced5.mspx?mfr=true
For more information on generating SSL Certificates in Windows
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/maintain/featusabil
ity/c06iis.mspx
18
Confidential Information Intended for Customers of Aldelo EDC
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement