Search results for query: *

You misread my statement. I wrote the opposite: Companies that have been breached have never been found to be compliant

A MAC machine? You must be from the Philadelphia area. :-) You need to realize that compliance with the PCI-DSS standard is a contractual obligation that you agreed to when you signed your merchant agreement with your Acquirer. It is not being forced on you. You can do as you suggested above and...

Unless I'm missing something, what you are doing is simply multiple instances of the same factor, username/password. The first instance is when you connect to your VPN, the second is your Windows authentication. You need to employ another factor. Something like smart tokens, biometrics, mag...

Sorry, I just got back in. Now, a big concern with using logmein and the like is that you are entrusting the credentials to access your network to a third party. If they get compromised, your environment is then exposed. Since these providers represent a goldmine of keys to many systems, their...

Oh boy! I expect that this could become a lively discussion. First, let's look at the applicable PCI requirements: These regulations say that you can access your cardholder data environment remotely, but it needs to be done in a very controlled fashion. By themselves, PCA, logmein and...

I do apologize for my incorrect assumption that your Aloha system is part of your cardholder data environment. Some of the suggestions earlier in this thread should work fine.

There are a few ways of going about this. 1. Place a locking cover over the jack. There are many manufacturers that provide covers that go over the wall plate that can be locked either by a key or padlock. You would need to establish a daily procedure that the lock is in place and engaged...

Chris, why don't you start a new thread on this topic? I would like to hear the different approaches that people are using for their environments. I'm sure it could generate some lively discussion.

The concern is that if you happen to get compromised by your loyalty systems access to the Internet, you have compromised your cardholder data environment since it would be on the same server. Technically, you can do what you are asking about. But, I would not offer you any advice to...

I hate to turn this into a PCI discussion, but you can't do that. The Aloha server is a component in your cardholder data environment. Thereby, the PCI regulations apply. To address your need, I would suggest that a separate PC needs to be used for your loyalty program. But, be aware that if...

The wording was changed from PCI-DSS 1.1 to 1.2 that removed the word "proxy", but the intention and meaning remains the same. If components in your Aloha environment need to talk to the Internet for any reason, they need to be proxied through a device in your DMZ.

PCI-DSS regulations are the same no matter if you are level 1, 2, 3 or 4. The only differences are which SAQ you can use or if you require a 3rd party assessment. What is being suggested here should not be done. First, PCI does not allow any part of the card holder environment to directly...

I just happened upon this forum. There is a wealth of information here regarding Aloha. Perhaps someone here can answer some questions for me as our dealer is not able. Here is our scenario: We take PCI compliance very seriously and have our environments tightly locked down. Our Aloha systems...