Where will it end? PCI compliance now extends to POS car washes, quick lubes - June 17, 2008
When Innive Systems, Inc., began integrating credit card clearing into its point-of-sale systems for car washes by connecting to a credit card clearinghouse over the Internet, executives at the company knew they had to do something to protect the machines.
At first, they advised their customers to install antivirus software. But over time, it became clear the customers weren't heeding their advice: Support calls soared as machines became infected with viruses and other malware. The outbreaks would prevent the vendor's POS applications, which are integrated with the car wash tunnel operations, from running and disrupt business. Support technicians spent hours cleaning up customers' systems.
"It really led us to look at the fact that they weren't being proactive in protecting themselves so we had to look for a solution," said Joe Jennings, network administrator at Daytona Beach Florida-based Innive Systems.
The company began looking for software that would work with its application and provide affordable protection for its customers. Jennings and his team put seven antivirus products to the test on a POS system. They threw viruses and spyware at each, and looked at how fast they allowed the Innive Systems application to run.
"We went through the entire gambit with each one," Jennings said.
In the POS world, anything that slows down the ability to produce a receipt is unacceptable, he explained. "You don't want customers standing there waiting for anything." In that respect, Barracuda Antivirus, stood out from the others. With it, a receipt popped out in less than half a second. CA's antivirus caused the longest lag at 20 seconds, Jennings said.
Jennings and his team also liked Barracuda proactive capabilities in blocking malware, its integrated anti-spyware protection, Eset's automatic updates, and low price. The initial plan was to resell the antivirus protection to customers, but with the PCI Data Security Standard becoming a concern, the company's president decided that it needed to be included with every POS system, Jennings said.
By including the antivirus protection with its systems, Innive Systems is helping its customers at nearly 3,000 car wash and quick lube locations comply with the PCI standard, Jennings said. Barracuda, which is installed with the POS server in active scanning mode for real-time protection, prevents viruses, Trojans or other malware from reading or extracting any of the data flowing from the POS device and server to the credit card clearinghouse, he said. No credit card data is stored on the POS device or server, he added.
The need to secure POS systems was highlighted in the recent indictment of three men on charges of hacking into computer systems at 11 Dave & Buster's restaurants and stealing credit and debit card numbers. The trio allegedly gained unauthorized access to the POS servers at each restaurant and installed packet sniffers designed to capture credit card data.
Security expert Brian McCarthy of Sencilo Solutions in Longwood Florida have said "a common security problem at retail locations are POS systems that are managed by third parties via unsecured remote access systems that often use blank or default passwords."
In addition to providing antivirus protection with its POS solutions, Innive Systems ships to each customer a router that's configured securely, without any standard open ports. And even before PCI compliance became an issue, the company realized it needed to replace its remote support solution for managing client machines with a more secure system, Jennings said. It chose the Bomgar Box, which he described as a secure, encrypted point-to-point system; no standard passwords are used and Jennings requires frequent password changes for employees.
In addition, Innovive Systems is working to get its software validated under the new Payment Application Data Security Standard. FL-DSS is based largely on Visa's Payment Application Best Practices (PABP) program.
Since the vendor starting shipping every system with Barracuda, calls to its support team about viruses and other problems dropped tremendously, Jennings said. The company also replaced its Symantec and Webroot Software antivirus products with antivirus on its corporate network.
For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/security-compliance-management.php
About Us
Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.
Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland, Cape Canaveral
Key words: Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp Compliance vs. Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint DLP Tumbleweed Ironmail Ironport Secure Computing compare data leakage enVision Data Loss Prevention Encryption and Key Management CA Symantec Juniper
