Micros 3700 upgrade options - end of XP 1

[OutDoorType]

I have a Windows XP based MICROS 3700 system with two additional Windows CE terminals.

Can I upgrade my server to Windows 7 and still use the existing MICROS Eclipse terminals? I don't think the terminal hardware will support Win 7.

We are running MICROS version 4.6. Need upgrade options to maintain PCI compliance before we open in May 14.

Thanks to all.

 

[TheSaint84]

Dear OutDoorType,

Windows 7 and MICROS Call client work just with a MICROS POS Version 5 or higher. You got an error message if you try to install the MICROS Call client on a Windows 7 system.

One option is to upgrade the Server to Version 5.X and then update the client but I'm quit not sure if the Eclpse are enought powerfull for this job.

Kind regards
Simon

 

[TyBro29]

Hello,
Yes, the Eclipse terminal will not work with the RES 5.x software. A WS4LX would be the absolute oldest Client I would suggest.
You will also need a 5.x license code from Micros to move from 4.x to 5.x.
If you went to 4.11 or 4.12, you would have a PCI compliant version of Micros until 2016, but the Windows XP end of life takes you back out of compliancy yet again.

 

[themicrosman]

You could upgrade the server to windows 2003. That should work for you and is still PCI compliant. It will take a bit of work. You cant exactly stick an upgrade disk in and hit upgrade. But is should work with your versions and hardware

 

[TobeThor]

Win 2003 expires in 2015 so that's a lot of effort only to have to re-do again next year.

 

[pmegan]

Also, your eclipse workstations are running XP so they'll have to go. The worst part is that there's no trade in value on them. I just finished a swap on our 4 oldest systems and had to send 54 eclipses to an electronics recycling center. That just hurts.

 

[OutDoorType]

What about integrating a stand-alone card processor? Is the programming difficult to integrate the scanner with MICROS so daily reports will include Credit Card info?

 

[pmegan]

You can use a standalone processor without dealing with PCI as long as it remains standalone; meaning there's no connection to the POS. Once you integrate it you're back to square one.

 

[Moregelen]

It isn't difficult. You basically just create new tenders, just like Cash, but you call them whatever type of credit card you accept. Add them to your tracking groups and your reports, and it will work just like normal. You can even still link the charged tip to it. The difference is is that now you have to rely on your servers hitting the right credit card button to maintain accurate reporting. Seems like not a big deal... until you remember that its a server we're talking about.

 

[Moregelen]

Well, doesn't work just like normal. Basically you run the credit card on the stand-beside. It goes through... well now you still need to close the check in Micros. So you hit the credit card tender, and close it that way. Just mean that it can work just like normal with your reporting.

 

[pmegan]

Yep, but you're adding a step to closing checks, reconciling at the end of the night, server error when entering info into two different systems, etc...

It's a judgement call really. Would it have a negative effect on operations? How many machines would you need since you won't be able to just ring CC's through the workstations. One for the bar, one for the floor, more, less? We have, on average, 12 workstations per restaurant. The smallest averages 257 credit card transaction per day, the largest averages 523 (over 3 months). We'd need 3-6 credit card machines per location, which would mean reconciling the report from each to the system detail, and reconciling back to individual servers would be just miserable.

 

[Moregelen]

Yup. Not saying stand-besides are a good solution; but its doable. And I think some of the newer ones can connect back to Micros through a serial port in order to automate the posting of the transaction information. Not sure how that affects the whole, 'dont have to be PCI thing' though.

 

[OutDoorType]

I have also been doing some reading about embedded controls and PCI compliance. Sounds like with the right compensating controls you can maintain compliance while developing a long-term upgrade strategy. Thoughts on this? We don't have budget for hardware and software upgrades this year due to unforeseen infrastructure costs from this winter.

[URL unfurl="true"]http://www.mcafee.com/us/products/embedded-control.aspx[/url]

https://blog.bit9.com/2013/08/07/how-to-successfully-manage-retail-compliance-and-security/[/url

 

[pmegan]

Honestly, I don't trust any company claiming that their product will provide a workaround for PCI compliance, unless part of the sales contract states that they'll pay part of the fines if you fail an audit do to that product not being sufficient. I would at least consult a 3rd party scanning/auditing company to get their opinion on it. After all, they and their kind be the ones putting the screws to you if you get audited. I've gone through, and passed, two PCI audits so far; one was just a scramble to provide data to AMEX, the other a full blown, forensic audit. It's a miserable, miserable experience, even with knowing that all of my POS hardware/software is within compliancy. I'd never want to do that with an "is it enough" question in the back of my mind.

That's probably all a moot point anyway; MerchantLink will not generate codes for a Micros system out of compliancy. Res 4.6 is out of compliancy. It's allowed for existing systems, but not for new installations/openings. You have to be on at least Res 4.11. However, as someone said above, after mid-April the XP server will put you out of compliancy regardless of the version of Micros you're running so you won't be able to get the credit card drivers configured.

I'm a little confused about your workstations, are they Eclipses, or Win CE (WS4 or LX). Eclipses run XP and will be non-compliant. WS4's use CE4 and will expire in 2015, LX workstations run CE6 and are still good for a few years.

 

[OutDoorType]

They are Eclipses. They have the card scanner on the base unit (not touch screen). We have been up and running for 3 years with existing system. Sounds like we need to get moving on upgrading.

 

[CharlesGrandson]

Hey, I'm new to the group and so glad I found this forum. Is there a way to see if my Micros 3700 Version 4.9 have Windows Embedded? My current system is running with Windows XP and I have no idea if it is embedded. My local dealer says that I need to upgrade now, but when I ask them if my XP is embedded they just laugh and won't answer the question. If it is embedded, then I should be good until 2016. Is anyone else running into this? Is there a way for me to check the system? Thanks in advance.

Charles

 

[pmegan]

Your Micros server won't be running on XP embedded. That's more for client devices. Unfortunately that means you have to upgrade to Windows 7 and 3700 version 5.

With version 4.9 I'm guessing that you're using LX or WS5 terminals which are fine. If the workstations have the card swipe on the side boot one up and look at the splash screen.
Win CE4 is a WS4 and will have to be replaced over the next year
Win CE6 is an LX (blue power light) or WS5 (white power light). Both are fine for a few years.
If the card swipe is across the bottom it's an eclipse and will have to be replaced.

Remember, this is all so you can accept credit cards directly through Micros. Depending on your sales volume it may be an option to get a standalone auth device from your processor and only enter the amounts in Micros. It's an extra step in reconciling each night, but it takes any PCI issues completely off the table.

Just a note. Don't let this slide or get pushed onto a back burner. We went through an AMEX mandated forensic audit a few months ago for one of our restaurants and it was prohibitively expensive. $30k+ to prove that we had no breach. Painful for a large corporation like mine, but fatal for a single restaurant operation.

 

[TobeThor]

Pmegan - would you be willing to let this forum know what circumstances lead to an Amex mandated audit?
Also in the end what conditions lead to the mandate costing 30K? Was your CC processor helpful during the process? Who acted as an advocate on your behalf?

 

[pmegan]

TobeThor - Amex had a bunch of credit cards that were used fraudulently over a few months that had also been used in one of our restaurants. That was enough for them to decide that we must have been breached, even though they accounted for less than 1% of our credit card transactions during that time period. We had to undergo a forensic audit which consisted of an investigator flying here twice to run scans on the server, workstations and entire network, as well as 3 weeks analyzing the results by a team in their office. We had 22 eclipse workstations at that point, and an image of each had to be dumped to an external drive, one image per drive. Those drives have to be brand new and sealed before being used.
Our processor wasn't helpful or unhelpful, they where just there.

 

[Moregelen]

Micros itself is now claiming that the new credit card swipes that encrypt while reading will take the computer out of scope. These will only work with MerchantLink initially.... and will encrypt EVERYTHING you swipe, including mag cards and gift cards. The current 'workaround' they have proposed to us is that the data gets decrypted by MerchantLink (obviously) and bounced back if its a gift card or mag card. Really, really not looking forward to our first install using this method.