Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Aloha Credit Cards

Status
Not open for further replies.
foobar2005

foobar2005

IS-IT--Management
Apr 22, 2008
3
US
Aloha Table Service v5.2 is not PCI/PABP certified.

Does anyone know which files contain the Cardholder data that is non-compliant?

I assume it includes the trans.log and .stl files. Any others?


Thanks!
 
Sort by date Sort by votes
PABP/PA-DSS certificate of compliance is much more than how data is or is not stored. It may not be storing the data at all but could still be "non-compliant" as far as PA-DSS is concerned. What are you trying to accomplish?

Steve Sommers
-- Creators of $$$ ON THE NET(tm) payment processing services

Blog:
 
Upvote 0 Downvote
I am trying to remove as much cardholder data from the system as I can.
 
Upvote 0 Downvote
I assume you are trying your best to be compliant without upgrading? That's a good goal. Google filemon and you'll find a neat utility that I use when trying to figure out what is stored where. It's a utility that watches for all file writes and reports what is written. Great for stuff like this.

PM me and I might be able to give you additional info on this topic.
 
Upvote 0 Downvote
Hmmm, I can't find a PM link. My email is steve_nospam_shift4.com. Replace the _nospam_ with an at symbol.
 
Upvote 0 Downvote
In the Data folder is the EDC folder.
The sub folder for your processor may contain answer files (ANS) or Request Files (REQ). They can be opened with NOTEPAD. Also the terminals can hold card data in the local EDC folder.

Here are a few tips for you to get closer.

Separate Network for the POS and Internet, meaning a separate switch.

The POS network can not be routable addresses or make it 192.168.x.x or 10.x.x.x

A hardware firewall in place on the internet connection

Everyone should have their own password protected login to the the Aloha BOH , not the software the computer itself.

The guest account should be disabled

No blank password accounts

The EDC folder can not have "EVERYONE" permissions

The EDC folders on the BOH and the terminals should be cleaned of any unencrypted CC data.

Do not print exp dates on receipts

Print on last 4 digits of CC card on receipt

 
Upvote 0 Downvote
If you look around a little, you can upgrade Aloha EDC only. It is a special request, but it is a fact. Secondly, just upgrading Aloha does not make you compliant. There are several other elements. Go look at Visa's website to learn more about CISP compliance.
In final, Aloha Manager minimum requirements is 5.3.17, EDC can be upgraded separately. Look on e-bay for a key, just make sure if you find one you get the sec codes and is equivalent to the number of terminals you are using already, and get your reseller to transfer it over to you, if you are using other resources Aloha offers. It is smart to get it registered over to you anyway. It should run you about 350 bucks, and yes it all determines on the reseller.

Brad C.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ianlinzey
  • Locked
  • Question
Aloha lab
Replies
2
Views
447
joshguan
joshguan
Sirmaxmagic
  • Question
NCR Aloha POS // Pricing LIst
Replies
0
Views
318
Sirmaxmagic
Sirmaxmagic
ThisnThat15
  • Question
Aloha Help - Updating Item Prices via Database
Replies
0
Views
104
ThisnThat15
ThisnThat15
F
  • Locked
  • Question
Micros 3700 RES Credit Card Processing (Pro Help Needed)
Replies
4
Views
621
bdavidson024
B
ianlinzey
  • Locked
  • Question
Aloha-ctlsvr
Replies
1
Views
244
AlohaRoss
AlohaRoss

Part and Inventory Search

Sponsor

Back
Top