Aloha spool files question PCI compliance

[eburks]

Having read a few of the stories on here about EDC running in spool mode, someones wrong actions and possible loss of transactions, it made me think.

It would be simple to setup a batch file and scheduler process or even use a program like rsync to essentially back up any .spl files on the master terminal (.spl files are only created on the master terminal.... right?) on a regular basis. Say once every 15 minutes. The process would only be triggered when Aloha was spooling and that is easy enough to test for.

It could all be accomplished with a batch file or with a little more work a vbs script.

Since the info on the spl file is encrypted would having an archive containing all the .spl files for a particular day backed up on the BOH be any violation of PCI-DSS rules. I would only keep these backups for a few days then automatically delete them.

 

[eburks]

Of course this archive would be initially created on the FOH since spooling might mean there was no BOH access. I would still want to attempt to move it to BOH automatically in case there was trouble brewing on the FOH

 

[eburks]

Does anyone have any comments or warnings on this idea

 

[alohaakamai3]

I think it's completely possible to do this with a DOS batch file, even if it's a little clumsy, but it's a little more complicated than it might initially seem.

The biggest variables are see are:

1-How often is this going to scan the EDC folder to check for these files? And for that matter, how often is it going to back them up? The program would more or less have to constantly run in the background.

2- You have to scan the downtime.ini to see which terminal was master in order to know where to look for EDC files, or scan all the terminals.

I see your point though, that with encrypted files, the risk of data loss is much bigger deal than when you could look up the numbers and manually re-enter transactions if you absolutely had to.

 

[eburks]

@alohaakamai3

I would plan to watch for the spooling flag on the terminal and at that point start doing the backups. I could watch for the spooling file with a batch program run every 5 minutes via Task Scheduler but that seems kind of heavy handed. I found a program that will watch a file or folder for changes that claims to be lightweight but all it will do is flash a warning on the screen. I would love to find some nice tight utility written in assemby language that can monitor for a defined flag file and then run a command of my choice. (sounds familiar)

 

[SwampGas]

Why?

Sounds like you are going around the issue instead of attacking the real problem, whether this is from sloppy helpdesk employess, bad access controls/policies, bad staging or something else.

I have over 2000 terminals in my concept, and can say I have never needed something like what you are mentioning. Lets find the real problem so you do not have to worry about something like backing up spool files if/when they might happen.