Complex passwords

[postech777]

I'm curious how other people are handling complex passwords that are used to access back of the house features. With a certain POS system they require the password to be 8 characters in length with a combination of numbers and letters. It wouldn't be so bad but they require it to be changed every 3 months. Most clients can barely remember one password much less a complex one.

Is this the same with Aloha and Micros?

Do you need to change the password every 3 months to accomodate the CISSP compliance ( Credit Card restrictions)?

 

[RosemarysBaby]

I don't know about the CISP reg but with Aloha you do not have to change passwords in any timely manner.

 

[Shift4SMS]

You are correct, CISP requires changing passwords every 90 days but there are ways to meet the requirements and not impact your clerks -- use an interface to a gateway that offers "tokenization" or similar technology (see

http://www.shift4.com/pdf/TokenizationWhitePaper.pdf

and

http://www.shift4.com/pr_20051005.htm).

In a nutshell, using this technology eliminates the need for storage of credit card information in the POS application, in essence, making many of the CISP requirements moot on the application side. You still need to change passwords on the gateway side but this should only effect your auditors and upper management -- not most of your clerks.

There are secure Micros drivers that use this technology. I'm not sure about Aloha. Hope this helps.

Steve Sommers

http://www.shift4.com

-- Creators of $$$ ON THE NET(tm) payment processing services

Blog:

http://shift4sms.blogspot.com

 

[DTSMAN]

Steve,
I have a question about EBT card usage I think you may know are be able to point me to an answer. I had a person on the help desk for the retail software we resale tell me the software will not take a manually entered EBT card #. Kroger and Walmart do. I have calls placed with Mercury the processor, and emails to the higher ups of the software maker, but yet to get a response. Do you have any feed back on this? Does your company have a policy on this? I have told both I need documentation for the end-user to avoid any more grief from him.

Bo

Kentucky phone support-
"Mash the Kentrol key and hit scape."

 

[Shift4SMS]

We don't do much in the EBT arena but from what I know, EBT is very similar to online PIN debit (ATM network as opposed to the credit network). With PIN debit, only track 2 swipe reads are allowed. I don't know who came up with this requirement, federal law or card association regulation, but I'm not aware of any processor having a policy to allow for manual key or even track 1 swipes for these types of transactions.

Steve Sommers

http://www.shift4.com

-- Creators of $$$ ON THE NET(tm) payment processing services

Blog:

http://shift4sms.blogspot.com

 

[Shift4SMS]

As for Kroger & Walmart, EBT is goverment controlled. Maybe these two are big enough to get special exceptions to the rule whereas the rest of us cannot? This is only a guess and I wish I could give you a more definitave answer...

Steve Sommers

http://www.shift4.com

-- Creators of $$$ ON THE NET(tm) payment processing services

Blog:

http://shift4sms.blogspot.com

 

[DTSMAN]

Mercury returned my call and said they do not know of this and offered a seperate terminal for the customer to use for the manual entry if the POS software will not allow it. We are now working with the POS software people to find a work-around.

Bo

Kentucky phone support-
"Mash the Kentrol key and hit scape."