If you are upgrading from an earlier version, you need to make sure that archives are migrated to the new version. The process of migrating archives is explained in the Maitre’D 7.08 migration documentation and will not be re-explained here. Please consult the appropriate documentation for more information.

After all your Maitre’D archives have been migrated, many years’ worth of archives may need to be purged of credit card PANs and expiration dates. Maitre’D takes care of this process for you. It is entirely automated and requires absolutely no intervention on your part whatsoever. Depending on the number of archives to be stripped out of PANs and expiration dates, the entire process may take a few days to complete. The way this is done is that Maitre’D purges up to 30 archives during the end-of-day process, and resumes the purging process during the next end-of-day until all archives have been processed. The purging process was designed that way to create as little downtime as possible for end-users, and be totally transparent.

Once the automated purge process is completed for all archives, the Maitre’D database will no longer contain any PAN or expiration date older than the current fiscal day.

1- From the Windows Control Panel, go to System and Security / Administrative Tools / Services.

a. If you have access to the Windows Run… Command, you may also type Services.msc in the Run… Box and click OK. This will take you directly to the Windows Services management console.

2- Locate the Windows Backup service. Right-click the service, and select Properties.

3- The properties for the Windows Backup service opens. Stop the service by clicking the Stop button.

4- From the Startup Type drop-down list, select Disabled. Click OK to save your changes and close the service properties window.

5- Back to the Windows Services management console, make sure that the Windows Backup service Status is blank (stopped) and that its Startup Type is set to Disabled

With the Windows Backup service disabled, if you attempt to access the Windows Backup and Restore tool, you will get a blank window, which is normal. The Windows Backup and Restore tool is now completely disabled and can no longer be used.

Disabling these messages alone will not totally prevent users from activating the Windows Backup & Restore feature, but it should prevent them from doing so inadvertently. To completely disable the service, see Disabling Windows Backup service above.

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security

3- Click on Action Center

4- The Action Center window opens. Click on Change Action Center settings

5- In the Maintenance messages section, remove the checkmark from the Windows Backup checkbox.

6- Click OK to save your settings, then close the control panel.

From this point forward, you will no longer see any reminders about the Windows Backup and Restore tool.

Because cardholder data is not saved in history, there is no retention period to be configured. Cardholder data will only be retained for the current fiscal day, which is the shortest possible period that can be allowed. Cardholder data is securely deleted automatically when the End-of-Day runs.

The following is a list of all places on disk where cardholder data is stored, be it in encrypted form or in truncated form. Each disk location is provided with a description of its contents

C:\POSERA\MaitreD\DATA\File144.dat

This file is used to store EFT information that is passed to the EFT interface. This file is cleared when the EFT batch is closed, which normally occurs on a daily basis. Note that batch closing policies and procedures vary according to each payment processor.

Stored Data

• Whenever the credit card batch is closed, this file is cleared of all the data it contains. This generally happens during the End-of-Day process, but can also be triggered manually if the credit card processor supports it. • DO NOT attempt to manually delete this file using Windows Explorer.

C:\POSERA\MaitreD\DATA\File215.dat

This file is used to store the payment information for the invoices.

Stored Data

• Folio (PAN + Exp.Date) (AES encrypted): Used in case the transaction needs to be voided or modified during the day. This information is removed from File215.dat during the End-of-Day process.

• Cardholder information is removed by overwriting the fields containing cardholder data with a string of characters containing only spaces. The overwritten fields and then re-encrypted.

• During the End-of-Day process, the sanitized copy of that file is placed in an archive file for the fiscal date being closed. The original file is cleared of all the data it contains.

DO NOT attempt to manually delete this file.

Files under C:\POSERA\MaitreD\DATA\INT This folder contains temporary request and answer XML files in encrypted form (AES 128-bit). Files named REFTxxxxxxxx.XML contain full track2 data, but these files are deleted immediately after the answer is received from the processor. If no answer is received, the transaction will time out and the file is also deleted.

Note that under normal circumstances, this folder should appear empty, except for the \Backup\ sub-folder. Normally, REFTxxxxxxxx.XML and AEFTxxxxxxxx.XML should only remain in this folder for a few seconds while they are being processed. After processing is done, the file containing sensitive data is securely deleted.

REFTxxxxxxxx.XML

This file is the request formulated by BoSrv.exe and which will be sent to the processor.

Stored Data:

• Full track2 data • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

AEFTxxxxxxxx.XML

This file is the answer formulated by BoSrvEFT.exe using the answer received from the third-party client.

Stored Data:

• Bank Reference Data (PAN + Expiration date + acquirer reference data) • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

Files under C:\POSERA\MaitreD\DATA\INT\Backup\

This folder contains XML files for EFT requests and EFT answers sent to and from the EFT Back-Office Server and the Third-Party interface.

REFTxxxxxxxx.XML

This file is a sanitized copy of the request formulated by BoSrv.exe and which was sent to the processor. Track 2 data is removed, and PAN and Expiration Date are replaced with truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. ** There is NO full PAN, expiration date or any other credit card data in this file.

AEFTxxxxxxxx.XML

This file is a sanitized copy of the answer formulated by BoSrvEFT.exe using the answer received from the third-party client. PAN and Expiration Date are replaced by truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Files under C:\POSERA\MaitreD\DATA\LOG

This folder contains logs that can be used to troubleshoot various features of the Maitre’D software suite. Most of these logs are not related to card processing. Only 3 logs are actually tracking card payments:

• BOSRVEFT.LOG • BOSRVEFTDRV.LOG • EftTrans.log

BOSRVEFT.LOG

This file logs activity from Bosrveft.exe. It contains basic transactional information between Bosrv.exe and Bosrveft.exe as well as XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

EftTrans.log

This file logs card payment transactions in a summary format

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Archive file

Archives are in fact *.zip files stored under C:\POSERA\MaitreD\DATA\Archive. They are used to generate invoice reports and reports on payments. Each archive file is datestamped and contains the data for one single fiscal day only.

Each archive contains a copy of file215.dat. Since Maitre’D version 7.08, File215.dat gets cleared of cardholder data before the archive is created. Therefore, no cardholder data is found in any archive created with Maitre’D version 7.08.000 or later. However, customers upgrading from older versions may have archives containing cardholder data encrypted with 128-bit AES. Following an upgrade to Maitre’D 7.08.000 or later, archives will be sanitized at a rate of 30 archive files per end-of-day, until all archives found in C:\POSERA\MaitreD\DATA are cleared of cardholder data.

Windows System Restore and Windows Backup

Leaving Windows System Restore turned on can cause your system to inadvertently retain cardholder data for undefined periods of time. The same is also true for the Windows Backup and Restore feature included in Windows 7 or later versions. For this reason, both System Restore and Windows Backup MUST be disabled in order to ensure PA-DSS compliance.

The Windows System Restore feature is always enabled by default on new Windows 7 or later installations. Therefore, you must systematically disable this feature on all existing and new installations using Windows 7 or later

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security.

3- Click on System

4- The System window opens. On the left-hand side of the window, click on System Protection.

5- If the protection is set to On for one or more of your drives, select the drive and click the Configure… button.

6- Select the Turn off system protection, and click OK

7- A warning message will appear. Click Yes to delete all existing restore points and disable System Restore for this drive.

Repeat steps 4 through 7 for any other drive for which the protection is still set to On.

8- Once System Restore is Off for all drives, click OK to close the System Properties window.

Starting with Maitre’D version 7.08.000.000, cardholder data is only saved and held for the current fiscal day. When the fiscal day is closed, all cardholder data is automatically deleted in a secure manner by overwriting the file that contains this data with a blank version of this file.

Stored Data

• Whenever the credit card batch is closed, this file is cleared of all the data it contains. This generally happens during the End-of-Day process, but can also be triggered manually if the credit card processor supports it. • DO NOT attempt to manually delete this file using Windows Explorer.

C:\POSERA\MaitreD\DATA\File215.dat

This file is used to store the payment information for the invoices.

Stored Data

• Folio (PAN + Exp.Date) (AES encrypted): Used in case the transaction needs to be voided or modified during the day. This information is removed from File215.dat during the End-of-Day process.

• Cardholder information is removed by overwriting the fields containing cardholder data with a string of characters containing only spaces. The overwritten fields and then re-encrypted.

• During the End-of-Day process, the sanitized copy of that file is placed in an archive file for the fiscal date being closed. The original file is cleared of all the data it contains.

DO NOT attempt to manually delete this file.

Files under C:\POSERA\MaitreD\DATA\INT This folder contains temporary request and answer XML files in encrypted form (AES 128-bit). Files named REFTxxxxxxxx.XML contain full track2 data, but these files are deleted immediately after the answer is received from the processor. If no answer is received, the transaction will time out and the file is also deleted.

Note that under normal circumstances, this folder should appear empty, except for the \Backup\ sub-folder. Normally, REFTxxxxxxxx.XML and AEFTxxxxxxxx.XML should only remain in this folder for a few seconds while they are being processed. After processing is done, the file containing sensitive data is securely deleted.

REFTxxxxxxxx.XML

This file is the request formulated by BoSrv.exe and which will be sent to the processor.

Stored Data:

• Full track2 data • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

AEFTxxxxxxxx.XML

This file is the answer formulated by BoSrvEFT.exe using the answer received from the third-party client.

Stored Data:

• Bank Reference Data (PAN + Expiration date + acquirer reference data) • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

Files under C:\POSERA\MaitreD\DATA\INT\Backup\

This folder contains XML files for EFT requests and EFT answers sent to and from the EFT Back-Office Server and the Third-Party interface.

REFTxxxxxxxx.XML

This file is a sanitized copy of the request formulated by BoSrv.exe and which was sent to the processor. Track 2 data is removed, and PAN and Expiration Date are replaced with truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. ** There is NO full PAN, expiration date or any other credit card data in this file.

AEFTxxxxxxxx.XML

This file is a sanitized copy of the answer formulated by BoSrvEFT.exe using the answer received from the third-party client. PAN and Expiration Date are replaced by truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Files under C:\POSERA\MaitreD\DATA\LOG

This folder contains logs that can be used to troubleshoot various features of the Maitre’D software suite. Most of these logs are not related to card processing. Only 3 logs are actually tracking card payments:

• BOSRVEFT.LOG • BOSRVEFTDRV.LOG • EftTrans.log

BOSRVEFT.LOG

This file logs activity from Bosrveft.exe. It contains basic transactional information between Bosrv.exe and Bosrveft.exe as well as XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

EftTrans.log

This file logs card payment transactions in a summary format

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Archive file

Archives are in fact *.zip files stored under C:\POSERA\MaitreD\DATA\Archive. They are used to generate invoice reports and reports on payments. Each archive file is datestamped and contains the data for one single fiscal day only.

Each archive contains a copy of file215.dat. Since Maitre’D version 7.08, File215.dat gets cleared of cardholder data before the archive is created. Therefore, no cardholder data is found in any archive created with Maitre’D version 7.08.000 or later. However, customers upgrading from older versions may have archives containing cardholder data encrypted with 128-bit AES. Following an upgrade to Maitre’D 7.08.000 or later, archives will be sanitized at a rate of 30 archive files per end-of-day, until all archives found in C:\POSERA\MaitreD\DATA are cleared of cardholder data.

Windows System Restore and Windows Backup

Leaving Windows System Restore turned on can cause your system to inadvertently retain cardholder data for undefined periods of time. The same is also true for the Windows Backup and Restore feature included in Windows 7 or later versions. For this reason, both System Restore and Windows Backup MUST be disabled in order to ensure PA-DSS compliance.

Disabling Windows System Restore

The Windows System Restore feature is always enabled by default on new Windows 7 or later installations. Therefore, you must systematically disable this feature on all existing and new installations using Windows 7 or later

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security.

3- Click on System

4- The System window opens. On the left-hand side of the window, click on System Protection.

5- If the protection is set to On for one or more of your drives, select the drive and click the Configure… button.

6- Select the Turn off system protection, and click OK

7- A warning message will appear. Click Yes to delete all existing restore points and disable System Restore for this drive.

Repeat steps 4 through 7 for any other drive for which the protection is still set to On.

8- Once System Restore is Off for all drives, click OK to close the System Properties window.

Disabling Windows Backup & Restore

By default, Windows Backup is not enabled on new Windows 7 installations. However, the Windows Action Center may prompt for this feature to be enabled, therefore users could inadvertently turn on the Backup and Restore feature, thus impairing PA-DSS compliance. For this reason, you need to confirm that Windows Backup & Restore is off and remains turned off.