Author
Jevgenijs Smirnovs
Document name
Point VxPC F02.01.xxx
Implementation Guide
E-mail
jevgenijs.smirnovs@verifone.com
Date
12-Jun-2015
Phone
+371 67844726
Page number
22
Version
1.0
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
3. How to set up your Point Vx to ensure PCI DSS compliance
In this chapter Point Vx refers to terminals using the Point VxPC.
3.1. Do not retain full magnetic stripe or card validation code
When upgrading the payment application in your Point Vx to comply with the PCI PA-DSS require-
ments this could be done two ways.
1. Your old unit is physically replaced by a new Point Vx loaded with software that complies
with the PCI PA-DSS requirements. If the old unit is not PCI PA-DSS compliant it could
contain historical magnetic stripe data, PANs, and CVV2s. Therefore the non PCI PA-DSS
compliant unit must be returned to Point.
2. Your existing Point Vx is downloaded remotely with new software that complies with the
PCI PA-DSS requirements. After download your Point Vx software is designed to remove
all historical magnetic stripe data, PANs and CVV2s stored by previous versions of the
software.
In both cases you must make sure that the software version of the Point VxPC that runs on your
Point Vx is listed on the PCI web site “List of Validated Payment Applications” that have been vali-
dated in accordance with PCI PA-DSS.
http://www.pcisecuritystandards.org
In order for your organization to comply with PCI DSS requirements it is absolutely necessary to re-
move historical data stored prior to installing your PCI PA-DSS compliant Point Vx terminal. There-
fore you must make sure that historical data (magnetic stripe data, cardholder data and CVV2s) are
removed from all storage devices used in your system, ECRs, PCs, servers etc. For further details
please refer to your vendor.
To Next Page
Loading...
Need help?
General
