June 14th, 2007 by Jamie Estep
Visa warns of software that stores prohibited data
A week and a half ago, visa released a list of POS and other software programs that are storing prohibited data. Prohibit data is in reference to magnetic card track information, which Visa and Mastercard specifically prohibit merchants from storing.
These programs store prohibited data and must be replaced or patched for a business to be processing legally:
- ICVerify All versions prior to 2002, V2X and lower.
- Menusoft Systems Corp. All versions using DDserv.dll prior to V7.3.0350
- Micros8700 HMS: V1 – V2.11.9, V2.5 – V2.50.20, V2.7 – V2.70.14; 9700 HMS: version prior to V2.5; RES 3000: V1 – V3.1.2, and V3.2.0
- Posera Software Maitre’D Versions Prior to V2002, Prior to V2003 SP 11, and prior to V2005 SP 3.
- Radiant Systems Aloha: Prior to V5.3.15
- Southern DataComm (SDC) All versions of ConnectUp, All versions of PopsOn, ProtoBase 4.7-x – 4.80-x, and PbAdmin versions 4.01-x and 5.00-x
Businesses need to make sure that their POS system is properly patched. Radiant Systems Aloha, and Micros have a huge number of users, so it is very likely that many businesses using these systems may need to patch their current software.
Don’t neglect this!!!
Businesses with these software systems are especially vulnerable and will no doubt be targeted by hackers and thieves for the data that they possess. With full track data, a thief could potentially make exact copies of real credit cards, which is much worse than simply loosing card numbers.
Additionally, businesses that are not compliant risk having major fines assessed against them. If your business is using one of the POS systems listed above, immediately check to see if it needs to be upgraded.
Just got off the phone today with IC Verify support and was informed that in order for their product to run, I should turn off any AntiVirus products I might be running. Between old versions storing data and new versions (4.x) that won’t allow for use of antivirus software, how can you pass PCI-DSS. Next thing, I’ll be told I need to disable my firewall in order to connect to my card processor at this rate.