Purpose of this document

The purpose of the PA-DSS implementation guide is to provide guidance and instructions for customers, resellers and integrators to implement a payment solution into a merchant environment in a PCI DSS compliant manner.

PCI DSS

PCI DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. The scope of PCI DSS applies to all major payment card brands and is managed by one single centralized organization

PCI DSS and PA-DSS Version 3.2 were released in April 2016 and May 2016 respectively and the standard is available on the PCI council website1

The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.

PA-DSS

Shortly after the development of the PCI DSS standard, the Payment Application Data Security Standard (PA-DSS) was developed to meet the requirements of the PCI DSS. Like PCI DSS, the PA-DSS standard has a broader scope than its Visa counterpart in the fact that it applies to all major payment card brands and is managed by one single centralized organization

Relationship between PA-DSS and PCI DSS

The use of a PA-DSS compliant application like Maitre’D 7.08 does not automatically make an entity PCI DSS compliant. PCI DSS is a comprehensive set of rules and conditions that must be met in order to create a PCI DSS environment. Using PA-DSS compliant applications is just one of these conditions.

Acronyms and terms

PA-DSS: Payment Application Data Security Standard. PCI DSS: Payment Card Industry Data Security Standard. Merchant: The owner/operator of the restaurant in which Maitre’D is installed. User: A name that has been added to the Maitre’D database by the merchant to allow system logon access. We: Throughout the sections of this document, the term “we” is used. This term always refers to the Maitre’D development team that created and designed the software application. PAN: Personal Account Number or Primary Account Number. This is the number that is embossed on payment cards. PIN: Personal Identification Number. This is the number used by the customer to identify him/herself and which replaces the signature in EMV environments or anywhere PIN Pads are in use. CAV2/CVC2/CVV2/CID: These acronyms are all used to refer to the 3 or 4-digit code that is either printed or engraved (as opposed to embossed) on credit cards and used to increase security. POS: Point of Sale. LAN: Local Area Network DMZ: De-Militarized Zone. This is the area of a LAN that is not protected by a corporate firewall and open to public access from the Internet.

In order for a site to become PCI DSS compliant, PA-DSS compliant applications must be used, and these applications must be installed in a PA-DSS compliant manner. Also, steps must be taken to make sure that any remaining trace of non-compliant application or data is securely removed from the system.

The goal of this implementation guide is not to repeat or explain the entire PA-DSS 3.2 specification. A large portion of PA-DSS is aimed at how software developers should design their products in order to help merchants become PCI-DSS compliant. Of course, there would be no added value in re-stating these requirements here. Therefore, the topics discussed here will only be those that apply to resellers and support technicians installing the application as well as merchants using the application. The list of topics covered in this guide is in accordance with Appendix A: Summary of Contents for the PA-DSS Implementation Guide, from the PCI PA-DSS Requirements and security assessment Procedures, Version 3.2 (May 2016).

Compliance with PA-DSS Standard

The current version of Maitre’D that is certified as PA-DSS compliant is:

Maitre’D 7.08.000.000

All versions of Maitre’D 7.08 released afterwards are also compliant with PA-DSS

List of topics covered

• Delete sensitive authentication data stored by previous payment application versions. • Delete any sensitive authentication data (pre-authorization) gathered as a result of troubleshooting the payment application. • Securely delete cardholder data after customer-defined retention period. • Protect keys used to secure cardholder data against disclosure and misuse. • Implement key-management processes and procedures for cryptographic keys used for encryption of cardholder data. • Implement secure key management functions. • Provide a mechanism to render irretrievable cryptographic key material or cryptograms stored by the payment application. •Use unique user IDs and secure authentication for administrative access and access to cardholder data. • Use unique user IDs and secure authentication for access to PCs, servers, and databases with payment applications. • Implement automated audit trails. • Facilitate centralized logging. • Use only necessary and secure services, protocols, components, and dependent software and hardware, including those provided by third parties. • Securely implement wireless technology. • Secure transmissions of cardholder data over wireless networks. • Store cardholder data only on servers not connected to the Internet. • Implement two-factor authentication for all remote access to payment application that originates from outside the customer environment. • Securely deliver remote payment application updates. • Securely implement remote access software. • Secure transmissions of cardholder data over public networks. • Encrypt cardholder data sent over end-user messaging technologies. • Encrypt non-console administrative access.

Throughout this document, some of the topics above may be combined to facilitate reading, understanding and application of required measures. In some cases, topics may not apply to Maitre’D directly. In such cases, the reason why the topic does not apply will be explained.

Overview

Maitre’D is a Point of Sale Software Suite with an integrated Back-Office application that allows restaurants to manage their operations from front-end sales to inventory control and employee management. Maitre’D helps restaurant owners and managers streamline and centralize operations, track the status of the restaurant in real time, analyze data and follow trends from past periods, and plan for the future.

Integrated Electronic Funds Transfer (EFT)

A fully integrated electronic funds transfer (EFT) module allows Point of Sale transactions information to be sent to debit and credit card processors, speeding up transaction processing time. This ensures accuracy throughout the transaction by limiting keypunch errors.

Using a generic EFT interface, Maitre’D is compatible with a wide variety of industry standard processors. Internet Processing support allows credit card transactions to be completed within 2 or 3 seconds through a completely secure Internet channel.

Maitre’D Back-Office Server

The Maitre’D Back-Office Server is the central control unit for the entire network. It holds the database containing all the information on transactions, employees, items and configuration data. No data is stored on POS workstations, so a workstation can go down or new workstations can be added or removed without affecting the network.

The Maitre’D Back-Office Suite is installed on the Maitre’D Back-Office Server and allows the restaurant owner or manager to perform all management tasks and customize Maitre’D. Typically, a Maitre’D Server will have a local reports printer attached to it, allowing reports to be generated using the Report Center module. It is recommended to keep the computer hosting the Maitre’D Server in a safe location.

For businesses that operate in a constrained environment and are limited by space, or simply want a more cost-effective solution, Maitre’D can be configured to offer every function using a single workstation computer. The Maitre’D Back-Office Server can be installed on a stand-alone workstation and function as the Back-Office Server and the Point of Sale workstation at the same time.

Point of Sale (POS) Workstation

The Point of Sale (POS) workstation is a computer used by servers, bartenders, hostesses and other staff employees to enter customer transactions. POS workstations run the Maitre’D Point of Sale software, and users can access customized screens depending on their roles. Typically, POS workstations also have a local printer connected to them that generates a cash receipt and may also have an additional device such as a scale, a magnetic card reader, a scanner, or a biometric reader.

Integrating the Electronic Funds Transfer (EFT) Module with the Point of Sale

Maitre’D Back-Office includes an Electronic Funds Transfer (EFT) module which allows Maitre’D to communicate with third party applications that are responsible for contacting a financial institution and authorizing credit card transactions. By processing transactions using the Maitre’D EFT module instead of a separate EFT system, typing errors are reduced to a minimum by eliminating double entry.

The Back Office manages all authorization requests for the restaurant and because it interfaces to a third party application, such as Datacap - DSIClientX™, and Datacap’s XML ActiveX client control, a single line for communication is required.

The following are some of the advantages of using the Maitre’D EFT module.

Secure Transactions

Maitre’D supports most industry standard EFT devices. Using a secure Internet connection, transactions can be processed and approved in about 2 or 3 seconds, ensuring that guests do not have to wait a long time to pay for their checks.

Flexible Batch Management

All EFT transactions are recorded and stored as batches. Batches can be closed at any time of the day and a multiple number of batches can be closed in one day. Maitre’D opens new batches when required.

Manual Transaction and Refunds

Transactions can be entered manually without having to go through the workstation. This allows users to enter adjustment transactions and return transactions which are refunds given to guests on their credit cards. Maitre’D will keep track of all manual transactions and will generate reports to show all the manual transactions.

EFT Reports

A number of EFT reports allow restaurants to analyze EFT transactions such as sales per media type and per terminal, the number of returns and much more. It is important to specify that the Maitre’D Back-Office does not store any credit card’s track 2 information in its databases. For operational purposes, Maitre’D keeps an encrypted copy of the card number and expiration date. This data is encrypted using the highly sophisticated AES (Rijndael) encryption algorithm. End users with access levels lower than the system owner and distributor can only get a truncated version of the credit card account information if his Maitre’D access level allows the user to get to that data. To troubleshoot a credit card processing problem, a credit card account number can only be found on a report by using the system owner or distributor access level.

Multi-Level Password Protection

The Maitre’D employee management system offers a multi-level password system, allowing one password to be created for employees when they want to access regular POS functions, and another if they want to access management level functions. This adds an extra layer of protection by separating management functions and prevents non-authorized users from accessing sensitive information. Although login validation can be done by entering the employee number and password on a POS workstation, Maitre’D can also validate users using magnetic cards or biometric devices. A biometric device requires users to use their fingerprints to validate their identity. The device is connected to the Maitre’D POS workstation and automatically validates users by matching fingerprints contained in the device’s database.

Reports

Multiple pre-configured reports are available to employees to view their performance and other sales information. Generic reports such as the Division sales report and the Categories sales report can be assigned to employee roles so that every employee configured with that role has access to those reports. Other reports such as the Open Table report and Activity report can be assigned to specific employees so that only those employees have access to the reports. Once again, by combining reports from roles and employee files, restaurants can customize each employee to only have access to the reports he or she needs.

Delete sensitive authentication data stored by previous payment application versions

Maitre’D 2003 SP11 or Maitre’D 2005 SP3

If you were previously using PABP/CISP compliant versions of Maitre’D, no actions need to be taken to meet this requirement. Although PABP and CISP are now obsolete standards, they did prohibit storage of full Track 2 data. Maitre’D versions that were PABP/CISP compliant are Maitre’D 2003 SP11 or higher and Maitre’D 2005 SP3 or higher. For these versions of Maitre’D, only the PAN and expiration date were stored in encrypted form. The rest of the card data and authentication data was always deleted after authorization and never stored anywhere. Therefore, if you are upgrading from one of these versions, no further action is needed to meet requirement 1.1.4.

Maitre’D 99, Maitre’D 2000, Maitre’D Millennium, Maitre’D 2003 (SP10 or lower), Maitre’D 2005 (SP2 or lower)

Following an upgrade from one of these versions, some logs may include unencrypted PAN information. In order to meet PA-DSS requirement 1.1.4, these logs must be securely deleted using a special utility that will completely wipe the files making sure that they cannot be retrieved later with forensic tools.

A free tool called SDelete by Mark Russinovich can be downloaded from Microsoft Technet and used to securely delete files. Simply follow the link below, and read the instructions and information provided on Microsoft Technet to learn how to use this tool.

Using SDelete, simply delete all the files stored inside this folder: C:\POSERA\MaitreD\DATA\LOG The SDelete tool also has the ability to securely wipe free space on your hard drive using the U.S. Department of Defence clearing and sanitizing standard DOD 5220.22- M. This ensures that any trace of data from previously deleted files is made totally irretrievable, even by using any kind of forensics analysis tool.

Please read the information provided on the Microsoft Technet site to learn how to sanitize the free space on your hard drive. This procedure will wipe the free space on your hard drive, removing information that could have been left behind after deleting files.

This requirement does not apply to Maitre’D, as it never stores any sensitive authentication data, even when troubleshooting. As stated before, only the PAN and expiration dates are stored in encrypted form, which is allowed by both PA-DSS and PCI DSS.

Because cardholder data is not saved in history, there is no retention period to be configured. Cardholder data will only be retained for the current fiscal day, which is the shortest possible period that can be allowed. Cardholder data is securely deleted automatically when the End-of-Day runs.

If you are upgrading from an earlier version, you need to make sure that archives are migrated to the new version. The process of migrating archives is explained in the Maitre’D 7.08 migration documentation and will not be re-explained here. Please consult the appropriate documentation for more information.

After all your Maitre’D archives have been migrated, many years’ worth of archives may need to be purged of credit card PANs and expiration dates. Maitre’D takes care of this process for you. It is entirely automated and requires absolutely no intervention on your part whatsoever. Depending on the number of archives to be stripped out of PANs and expiration dates, the entire process may take a few days to complete. The way this is done is that Maitre’D purges up to 30 archives during the end-of-day process, and resumes the purging process during the next end-of-day until all archives have been processed. The purging process was designed that way to create as little downtime as possible for end-users, and be totally transparent.

Once the automated purge process is completed for all archives, the Maitre’D database will no longer contain any PAN or expiration date older than the current fiscal day.

As soon as Maitre’D is installed and configured for use with integrated card payments, PANs and expiration dates are masked. Essentially, as soon as a payment type is marked as “Electronic Funds Transfer”, the PAN and expiration dates are masked, and it is not possible to configure the system otherwise.

Limiting access to full PANs

Since Maitre’D version 7.08.000.000, all access to full PANs and expiration dates are blocked. While this data is held in encrypted form in File144.dat and File215.dat for the duration of the fiscal day, this information cannot be viewed through reports or otherwise displayed on screen for the user to see. In earlier versions of Maitre’D, a report called Media by Media (Plain Folios) used to allow certain types of users to see full PANs and expiration dates. This report has been removed, and the files used by that report no longer hold full PANs or expirations dates.

Configuration

No special configuration is required. There is actually no way to configure Maitre’D to cause it to display full PANs or expiration dates. As explained previously, PANs and expiration dates are saved in encrypted form in File144.dat and File215.dat for the current fiscal day only. No tools are provided to display this information to the users. The only business reason that warrants saving this information is to be able to finalize pre-authorizations or void transactions without having the actual credit card in hand. There is absolutely no valid business reason to keep cardholder data any longer.

Starting with Maitre’D version 7.08.000.000, cardholder data is only saved and held for the current fiscal day. When the fiscal day is closed, all cardholder data is automatically deleted in a secure manner by overwriting the file that contains this data with a blank version of this file.

Stored Data

• Whenever the credit card batch is closed, this file is cleared of all the data it contains. This generally happens during the End-of-Day process, but can also be triggered manually if the credit card processor supports it. • DO NOT attempt to manually delete this file using Windows Explorer.

C:\POSERA\MaitreD\DATA\File215.dat

This file is used to store the payment information for the invoices.

Stored Data

• Folio (PAN + Exp.Date) (AES encrypted): Used in case the transaction needs to be voided or modified during the day. This information is removed from File215.dat during the End-of-Day process.

• Cardholder information is removed by overwriting the fields containing cardholder data with a string of characters containing only spaces. The overwritten fields and then re-encrypted.

• During the End-of-Day process, the sanitized copy of that file is placed in an archive file for the fiscal date being closed. The original file is cleared of all the data it contains.

DO NOT attempt to manually delete this file.

Files under C:\POSERA\MaitreD\DATA\INT This folder contains temporary request and answer XML files in encrypted form (AES 128-bit). Files named REFTxxxxxxxx.XML contain full track2 data, but these files are deleted immediately after the answer is received from the processor. If no answer is received, the transaction will time out and the file is also deleted.

Note that under normal circumstances, this folder should appear empty, except for the \Backup\ sub-folder. Normally, REFTxxxxxxxx.XML and AEFTxxxxxxxx.XML should only remain in this folder for a few seconds while they are being processed. After processing is done, the file containing sensitive data is securely deleted.

REFTxxxxxxxx.XML

This file is the request formulated by BoSrv.exe and which will be sent to the processor.

Stored Data:

• Full track2 data • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

AEFTxxxxxxxx.XML

This file is the answer formulated by BoSrvEFT.exe using the answer received from the third-party client.

Stored Data:

• Bank Reference Data (PAN + Expiration date + acquirer reference data) • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

Files under C:\POSERA\MaitreD\DATA\INT\Backup\

This folder contains XML files for EFT requests and EFT answers sent to and from the EFT Back-Office Server and the Third-Party interface.

REFTxxxxxxxx.XML

This file is a sanitized copy of the request formulated by BoSrv.exe and which was sent to the processor. Track 2 data is removed, and PAN and Expiration Date are replaced with truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. ** There is NO full PAN, expiration date or any other credit card data in this file.

AEFTxxxxxxxx.XML

This file is a sanitized copy of the answer formulated by BoSrvEFT.exe using the answer received from the third-party client. PAN and Expiration Date are replaced by truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Files under C:\POSERA\MaitreD\DATA\LOG

This folder contains logs that can be used to troubleshoot various features of the Maitre’D software suite. Most of these logs are not related to card processing. Only 3 logs are actually tracking card payments:

• BOSRVEFT.LOG • BOSRVEFTDRV.LOG • EftTrans.log

BOSRVEFT.LOG

This file logs activity from Bosrveft.exe. It contains basic transactional information between Bosrv.exe and Bosrveft.exe as well as XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

EftTrans.log

This file logs card payment transactions in a summary format

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Archive file

Archives are in fact *.zip files stored under C:\POSERA\MaitreD\DATA\Archive. They are used to generate invoice reports and reports on payments. Each archive file is datestamped and contains the data for one single fiscal day only.

Each archive contains a copy of file215.dat. Since Maitre’D version 7.08, File215.dat gets cleared of cardholder data before the archive is created. Therefore, no cardholder data is found in any archive created with Maitre’D version 7.08.000 or later. However, customers upgrading from older versions may have archives containing cardholder data encrypted with 128-bit AES. Following an upgrade to Maitre’D 7.08.000 or later, archives will be sanitized at a rate of 30 archive files per end-of-day, until all archives found in C:\POSERA\MaitreD\DATA are cleared of cardholder data.

Windows System Restore and Windows Backup

Leaving Windows System Restore turned on can cause your system to inadvertently retain cardholder data for undefined periods of time. The same is also true for the Windows Backup and Restore feature included in Windows 7 or later versions. For this reason, both System Restore and Windows Backup MUST be disabled in order to ensure PA-DSS compliance.

Disabling Windows System Restore

The Windows System Restore feature is always enabled by default on new Windows 7 or later installations. Therefore, you must systematically disable this feature on all existing and new installations using Windows 7 or later

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security.

3- Click on System

4- The System window opens. On the left-hand side of the window, click on System Protection.

5- If the protection is set to On for one or more of your drives, select the drive and click the Configure… button.

6- Select the Turn off system protection, and click OK

7- A warning message will appear. Click Yes to delete all existing restore points and disable System Restore for this drive.

Repeat steps 4 through 7 for any other drive for which the protection is still set to On.

8- Once System Restore is Off for all drives, click OK to close the System Properties window.

Disabling Windows Backup & Restore

By default, Windows Backup is not enabled on new Windows 7 installations. However, the Windows Action Center may prompt for this feature to be enabled, therefore users could inadvertently turn on the Backup and Restore feature, thus impairing PA-DSS compliance. For this reason, you need to confirm that Windows Backup & Restore is off and remains turned off.

The Windows System Restore feature is always enabled by default on new Windows 7 or later installations. Therefore, you must systematically disable this feature on all existing and new installations using Windows 7 or later

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security.

3- Click on System

4- The System window opens. On the left-hand side of the window, click on System Protection.

5- If the protection is set to On for one or more of your drives, select the drive and click the Configure… button.

6- Select the Turn off system protection, and click OK

7- A warning message will appear. Click Yes to delete all existing restore points and disable System Restore for this drive.

Repeat steps 4 through 7 for any other drive for which the protection is still set to On.

8- Once System Restore is Off for all drives, click OK to close the System Properties window.

The following is a list of all places on disk where cardholder data is stored, be it in encrypted form or in truncated form. Each disk location is provided with a description of its contents

C:\POSERA\MaitreD\DATA\File144.dat

This file is used to store EFT information that is passed to the EFT interface. This file is cleared when the EFT batch is closed, which normally occurs on a daily basis. Note that batch closing policies and procedures vary according to each payment processor.

Stored Data

• Whenever the credit card batch is closed, this file is cleared of all the data it contains. This generally happens during the End-of-Day process, but can also be triggered manually if the credit card processor supports it. • DO NOT attempt to manually delete this file using Windows Explorer.

C:\POSERA\MaitreD\DATA\File215.dat

This file is used to store the payment information for the invoices.

Stored Data

• Folio (PAN + Exp.Date) (AES encrypted): Used in case the transaction needs to be voided or modified during the day. This information is removed from File215.dat during the End-of-Day process.

• Cardholder information is removed by overwriting the fields containing cardholder data with a string of characters containing only spaces. The overwritten fields and then re-encrypted.

• During the End-of-Day process, the sanitized copy of that file is placed in an archive file for the fiscal date being closed. The original file is cleared of all the data it contains.

DO NOT attempt to manually delete this file.

Files under C:\POSERA\MaitreD\DATA\INT This folder contains temporary request and answer XML files in encrypted form (AES 128-bit). Files named REFTxxxxxxxx.XML contain full track2 data, but these files are deleted immediately after the answer is received from the processor. If no answer is received, the transaction will time out and the file is also deleted.

Note that under normal circumstances, this folder should appear empty, except for the \Backup\ sub-folder. Normally, REFTxxxxxxxx.XML and AEFTxxxxxxxx.XML should only remain in this folder for a few seconds while they are being processed. After processing is done, the file containing sensitive data is securely deleted.

REFTxxxxxxxx.XML

This file is the request formulated by BoSrv.exe and which will be sent to the processor.

Stored Data:

• Full track2 data • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

AEFTxxxxxxxx.XML

This file is the answer formulated by BoSrvEFT.exe using the answer received from the third-party client.

Stored Data:

• Bank Reference Data (PAN + Expiration date + acquirer reference data) • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe

Files under C:\POSERA\MaitreD\DATA\INT\Backup\

This folder contains XML files for EFT requests and EFT answers sent to and from the EFT Back-Office Server and the Third-Party interface.

REFTxxxxxxxx.XML

This file is a sanitized copy of the request formulated by BoSrv.exe and which was sent to the processor. Track 2 data is removed, and PAN and Expiration Date are replaced with truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. ** There is NO full PAN, expiration date or any other credit card data in this file.

AEFTxxxxxxxx.XML

This file is a sanitized copy of the answer formulated by BoSrvEFT.exe using the answer received from the third-party client. PAN and Expiration Date are replaced by truncated versions.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Files under C:\POSERA\MaitreD\DATA\LOG

This folder contains logs that can be used to troubleshoot various features of the Maitre’D software suite. Most of these logs are not related to card processing. Only 3 logs are actually tracking card payments:

• BOSRVEFT.LOG • BOSRVEFTDRV.LOG • EftTrans.log

BOSRVEFT.LOG

This file logs activity from Bosrveft.exe. It contains basic transactional information between Bosrv.exe and Bosrveft.exe as well as XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

BOSRVEFTDRV.LOG

This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored Data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

EftTrans.log

This file logs card payment transactions in a summary format

This file can be deleted if required. A new, empty file will be automatically created as required.

Stored data:

• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.

Archive file

Archives are in fact *.zip files stored under C:\POSERA\MaitreD\DATA\Archive. They are used to generate invoice reports and reports on payments. Each archive file is datestamped and contains the data for one single fiscal day only.

Each archive contains a copy of file215.dat. Since Maitre’D version 7.08, File215.dat gets cleared of cardholder data before the archive is created. Therefore, no cardholder data is found in any archive created with Maitre’D version 7.08.000 or later. However, customers upgrading from older versions may have archives containing cardholder data encrypted with 128-bit AES. Following an upgrade to Maitre’D 7.08.000 or later, archives will be sanitized at a rate of 30 archive files per end-of-day, until all archives found in C:\POSERA\MaitreD\DATA are cleared of cardholder data.

Windows System Restore and Windows Backup

Leaving Windows System Restore turned on can cause your system to inadvertently retain cardholder data for undefined periods of time. The same is also true for the Windows Backup and Restore feature included in Windows 7 or later versions. For this reason, both System Restore and Windows Backup MUST be disabled in order to ensure PA-DSS compliance.

1- From the Windows Control Panel, go to System and Security / Administrative Tools / Services.

a. If you have access to the Windows Run… Command, you may also type Services.msc in the Run… Box and click OK. This will take you directly to the Windows Services management console.

2- Locate the Windows Backup service. Right-click the service, and select Properties.

3- The properties for the Windows Backup service opens. Stop the service by clicking the Stop button.

4- From the Startup Type drop-down list, select Disabled. Click OK to save your changes and close the service properties window.

5- Back to the Windows Services management console, make sure that the Windows Backup service Status is blank (stopped) and that its Startup Type is set to Disabled

With the Windows Backup service disabled, if you attempt to access the Windows Backup and Restore tool, you will get a blank window, which is normal. The Windows Backup and Restore tool is now completely disabled and can no longer be used.

Disabling these messages alone will not totally prevent users from activating the Windows Backup & Restore feature, but it should prevent them from doing so inadvertently. To completely disable the service, see Disabling Windows Backup service above.

1- Click on the Windows Start button, and select Control Panel.

2- From the Control Panel home, click on System and Security

3- Click on Action Center

4- The Action Center window opens. Click on Change Action Center settings

5- In the Maintenance messages section, remove the checkmark from the Windows Backup checkbox.

6- Click OK to save your settings, then close the control panel.

From this point forward, you will no longer see any reminders about the Windows Backup and Restore tool.

This section will list all locations where PANs can be displayed. Please note that file locations and logs are already listed in PA-DSS Requirement 2.1 above, so these will not be repeated here. Instead, this section will focus on printed receipts, POS screens and reports where PANs could be displayed.

Printed receipts and transaction records – Tableside service

Standard Guest Check

When the customer has finished ordering food items, a guest check is printed. The guest check does not bear any payment information. It lists all the items purchased, applicable taxes, discounts, gratuity and service charge.

Transaction Records

If the customer decided to pay using a payment card, the employee operating the POS will swipe the card at the POS, and a pre-authorization request will be sent to the card processor. If approved, the transaction record will be printed. There will be one copy for the customer and one copy for the merchant, which the customer has to sign. Both copies will bear the masked PAN and expiration date of the credit card being used.

In most tableside service establishments, the customer will enter a tip amount followed by a total amount before signing the merchant copy. In this scenario, the employee will need to finalize the transaction with the tip amount.

Optional documents

After finalization of the transaction and if requested by the customer, a transaction receipt can be printed. Transaction records can also be reprinted at will, in case the originals are lost or damaged, or simply requested by the customer. The receipt bears the masked PAN, while reprinted transaction records bear the masked PAN and expiration date.

Counter Service (Fast Food operations)

Standard Guest Check

Contrary to table side service, Guest Checks printed in Fast Food mode will be printed only after the payment has cleared. Therefore, the guest check will carry payment information, including the masked PAN in case of credit card payments.

Transaction Records

Like their table side service counterparts, transaction records produced in fast food mode will bear the masked PAN and expiration date. The main difference is that there is no tip and total lines, as the customer is not expected to leave tips.

Optional documents

After the transaction is completed and if requested by the customer, a transaction receipt can be printed. Transaction records can also be reprinted at will, in case the originals are lost or damaged, or simply requested by the customer. The receipt bears the masked PAN, while reprinted transaction records bear the masked PAN and expiration date. Note that reprinted transaction records are identical to the originals.

Declined transactions

In the event that a card gets declined, transaction records will be printed. Both the merchant and customer copies will bear the masked PAN and expiration date.

POS screens

Payment finalization

When finalizing a payment with tips, the masked PAN is displayed on screen. The full PAN can never be displayed

Reprint receipt

When recalling an earlier transaction in order to reprint receipts or transaction records, the masked PAN is displayed on screen. The full PAN can never be displayed.

Back-Office reports

The Maitre’D Back-Office suite comes with over 300 different reports that cover all aspects of restaurant operations. Out of these, only a handful will display masked PANs and expiration dates. As for full PANs and expiration dates, there is only one report that shows them, and this report is only available to System Owner or Distributor access levels

Here is the list of reports that displays masked PANs and expiration dates:

• Medias

• Medias by Employee

• Medias by media

• Medias by Revenue Center

• Medias Summary (Folios)

• Duplicate Credit Cards Report

In Maitre’D, the System Owner and Distributor access levels can access all functionalities and change any setting in the system. As you create users for the Maitre’D back-office, make sure that these access levels are given only to users with an operational requirement to be able to perform these actions. Also, PCI DSS and PADSS require that every back-office user logs in with a unique username and password combination. Here is a detailed walkthrough to setup back-office user accounts:

In Maitre’D, as soon as the system is configured for use with integrated card payments, it is automatically set so that all credit card payments will have the PAN and expiration date truncated without further configuration or user intervention.

Of course, other payment types using magnetic cards can be configured to show PANs in clear, like in-house receivable accounts or gift cards, loyalty programs, etc.

2.4: Protect keys used to secure cardholder data against disclosure and misuse.

In Maitre’D 7.08 or later, a new cryptographic key is dynamically generated for every new transaction and remains valid only for that single. This key is generated by a proprietary algorithm that was developed in-house by cryptographic experts following the guidelines provided in the following NIST publications:

• NIST Special Publication 800-90C – Recommendation for Random Bit Generator (RBG) Constructions.

• NIST Special Publication 800-90A – Recommendation for Random Number Generation Using Deterministic Random Bit Generators.

• NIST Special Publication 800-57 Part 1 – Recommendation for Key Management.

Using this special algorithm, the cryptographic key can be generated and re-generated as needed, and therefore the key never needs to be stored in order to encrypt of decrypt card data. This way of managing the crypto keys without storing them is more secure than storing encrypted crypto keys.

2.5 : Implement key management processes and procedures for cryptographic keys used for encryption of cardholder data.

Since the process of creating new encryption keys is entirely dynamic, there is no need to establish a formal key management process. With Maitre’D 7.08 or later, a new cryptographic key is automatically generated for every single transaction. The resulting key can only be used for a specific transaction and for that fiscal day and will automatically become obsolete at the beginning of the following fiscal day.

2.6 : Provide a mechanism to render irretrievable cryptographic key material or cryptograms stored by previous payment application versions.

In Maitre’D 7.08, cryptographic keys are dynamically generated and are never stored. Furthermore, Maitre’D does not keep any historical cardholder data, therefore there is no need for any cryptographic key to be retained for any period of time.

Maitre’D will automatically force users to change their passwords every 90 days. Also, Maitre’D keeps a history of each user’s passwords so that the last 4 passwords cannot be re-used. In case a password becomes compromised or if you have any doubts to that effect, you can force any user to change their password by checking the User must change password at next login box in their account’s properties. Of course, you need to be logged in with Distributor or System Owner access in order to do this.

Once the EFT interface is properly setup, media types needs to be created for each credit card brand that will be accepted in the establishment.

1- Logon to the Maitre’D Back-Office with appropriate credentials. (Distributor or System Owner)

2- Start the Point of Sale Control Module

3- Click the Payments menu, and select Media Types…

4- The list of all current media types will be displayed. Click the Add button

5- A blank Media Type window will open directly on the Media Type branch

Media Type ID #

The Media Type ID number is automatically determined by Maitre’D when the Media Type is created. Maitre’D will always use the lowest available number between #2 and #23 inclusively.

Description

Enter a meaningful description for this media type. This description will be shown on the media selection screen, on transaction records and receipts as well as on Maitre’D Back-Office reports. For merchants using integrated payments with Datacap – DSIClientX, the description will generally be the actual card brand, such as Visa, MasterCard, AMEX, Discover, etc.

Payment Type

For credit card payments, select the Charge option from the drop-down list.

Payment Surplus

• Select Tip Entry if the establishment accepts tips for servers.

• Select NULL if the establishment does not accept tips.

Configure all remaining options according to the customer’s preferences and requirements.

1. Click on the Option branch.

Print Receipt (Optional)

(Optional) Enable this option to allow for a receipt to be printed after the transaction has been processed.

Check on Receipt (Optional)

(Optional) Enable this option to have the detailed check print on the receipt.

Folio

Enabled. This option needs to be enabled in order for credit cards to be read properly. It is mandatory for any credit card media type.

Keyboard Input

Disabled. This option needs to be disabled for credit card media types. For other types of payments, enable this option to display a full keyboard that allows for alphanumeric characters when the workstation requests a folio reference number for a media type, to allow letters in addition to numbers.

Included in Report

Enable this option so that this media type is shown in Back-Office reports. Disabling this option will cause this media type to be hidden in the reports.

Open Drawer (Optional)

Enable this option to make the cash drawer open when this media type is used. Configure remaining options according to the customer’s needs and preferences.

1. Click on the Card Property branch.

EFT Category

For credit card payments, set this drop down list to the card brand corresponding to this payment.

Type

For credit card payments, set this drop down list to Credit.

Electronic Funds Transfer

Enable this option. This option needs to be enabled on all Credit payment types. This is the option that will automatically trigger the credit card’s PAN and expiration date to be masked. Also, credit card payments will simply not work if this option is disabled.

Hide Card Number

Enable this option. This option will automatically become enabled as soon as Electronic Funds Transfer is enabled.

Validation

Optional. Enable this option to use the card validation function that will detect the card type as it is being swiped instead of having to select the media type manually at the payment screen. For this feature to work, the card validation section also needs to be filled.

Expiration

Enable this option. This option triggers the verification of the card’s expiration date for credit card payments.

Debit card

Disable this option for credit card payment types. Enable it for debit cards.

1. Click OK to save changes. The new media type will appear in the list.

Electronic Funds Transfer (EFT) Interface

1. Logon to the Maitre’D Back-Office with appropriate credentials. (Distributor or System Owner)

1. Start the Electronic Funds Transfer Module.

1. Click the View menu, and select Options…

1. Click on the Interface branch.

Interface

Set the Interface drop-down list to DATACAP - DSICLIENTX.

Protocol

Set the Protocol drop-down list to Generic (USA and Canada).

Lane Identification

This is required by some payment processors. There is usually a unique identifier for each POS workstation accepting card payments and another one for the Maitre’D Back- Office. This information is provided by the card payment processor.

Moneris

Enable this option if your processor is Moneris Payment Solutions.

Password

This is required by some payment processors. Enter the password provided by the card payment processor, if any.

IP Address

If using NETePay or any other application provided by Datacap, type in the IP Address or URL where the application is residing. If the application resides locally, use the LocalHost address of 127.0.0.1.

Process Control

Enable this option to show a progress bar whenever the EFT interface is processing an operation such as transactions, batch closing, restarting, etc. Note that on fast computers and high-speed internet, the progress bar may not appear long enough to even be visible.

Shared Folder

This option cannot be used with the DATACAP – DSICLIENTX protocol. Instead, it displays the current shared folder used by the Maitre’D Suite.

1. Click on the Identification branch.

Store Number

Enter the store number provided by the card payment processor.

Merchant Number

Type in the Merchant Number provided by the card payment processor or by Datacap.

EMV

This option is not available with the DATACAP – DSICLIENTX interface.

Use Pre-Authorization

Enable this option to use the Pre-Authorization functionality. With Pre-Authorization, employees are able to authorize a payment for the total amount of the guest check and later add any tip amount decided by the customer.

Automatic EFT Pre-autho.

Enable this option to be able to use incremental pre-authorizations in order to run a bar tab on a credit card.

Pre-Authorization %

This field can be used to pre-authorize an amount greater than the check total. This is useful to make sure that a credit card has enough credit to cover for the value of a check + tips. For example, if the percentage is set to 15% and the check total is $100.00, Maitre’D would request a pre-authorization for $115.00.

Maximum overflow

Use the Maximum Overflow percentage to verify that the finalization amount entered by employees cannot surpass a certain percentage of the total check value. For example, if this percentage is set to 20% and the check total is $100.00, Maitre’D will not let the employees finalize this transaction with an amount greater than $120.00.

Default Automatic EFT

Enter the default amount to be used for authorization when opening a bar tab with a credit card.

Error Message Language: French

Enable this option for French-speaking markets.

1. Click on the Operation branch.

POS Refresh

This is the delay, in seconds, after which the POS will check the Back-Office server for an answer to the transaction request. The default value is 3 for processors operating on high-speed internet.

Number of Terminals

This is the number of simultaneous transactions that can be handled by the Maitre’D Back-Office server.

End of Day

Enable this option to allow for the End-of-Day to be done even if there are transactions in the current batch. If this option is disabled, the batch will need to be closed before the End-of-Day can be done.

Operation Trace

Disable this option. This option is no longer used and currently has no effect with the Datacap – DSIClientX protocol.

Name on EFT Receipt

Enable this option to print the cardholder name on the EFT transaction records.

Fast Food wait for confirmation

Enable this option to have employees with the Fast-Food function wait on the media type screen for the EFT response using the Datacap – DSIClientX protocol. If the transaction is declined, they can choose another form of payment without having to recall the transaction.

Order Wait for Confirmation

Enable this option to have employees with the Order function wait on the media type screen for the EFT response using Datacap – DSIClientX protocol. If the transaction is declined, they can choose another form of payment without having to recall the transaction.

Alternate Card Masking

Enable this option to partially hide the debit card number to show only the first 10 digits and mask the last 4 digits on the EFT voucher in Canada. The rest of the card account number will be replaced by 'xxxx'. This option does not affect credit cards and has no effect with the Datacap – DSIClientX protocol.

Partial Authorization

Enable this option to facilitate the acceptance of gift cards sold by credit card issuers like Visa and MasterCard. With this option enabled, Maitre’D will first query the processor/acquirer with the card number. If the card is found to be a Visa or MasterCard gift card, the processor will return the balance left on the card. If the balance amount can’t cover the full value of the check, Maitre’D will apply that amount towards the check and request another form of payment to cover the remaining amount.

Wait for EFT Finalization

Enable this option to force workstations to wait until the response from the processor is received before processing another card on the same check.

Gratuity on EFT Receipt

Enable this option to print the total gratuity amount that was added to the check through over-tendering or gratuity options on the EFT transaction records.

Close batch with pending transactions

This option is not available with the DATACAP – DSICLIENTX protocol.

Close debit batch

Enable this option to close the debit card batch as part of the End of D ay process.

Close EMV PIN Pad batch at EOD

This option is not available with the DATACAP – DSICLIENTX protocol.

External Close Batch

Enable this option if an external application is used to close the credit card batch.

Close internal batch only

Enable this option to force Maitre’D to reset its internal batch count during the End-of- Day process. This is required if a third-party application is used to close the credit card batch and that Maitre’D is not used at all for that task.

Program

This is optional. Select the executable that will launch the third-party application used to close the credit card batch. Maitre’D will launch that executable for you when you close the batch through the Maitre’D EFT module, under File / Close Batch…

1. Messages branch.

Use the 5 lines provided to print custom messages on EFT transaction records. This is optional and can be left blank if not used.

1. Pay at the table branch

All the settings on this page are not supported by the DATACAP - DSIClientX protocol, so leave everything blank/unchecked.

1. Remote Payment Device branch

All the settings on this page are not supported by the DATACAP - DSIClientX protocol, so leave everything blank/unchecked

1. Home Page branch.

Use Default

Enable this option to use the default home page when accessing the Electronic Funds Transfer module. Disable this option to use a customized home page.

Media Types

Once the EFT interface is properly setup, media types needs to be created for each credit card brand that will be accepted in the establishment.

1- Logon to the Maitre’D Back-Office with appropriate credentials. (Distributor or System Owner)

1. Click the New button to start the process.

2. User Name Type a user name for this account. The user name should allow the person logging in to be identified.

3. Access Level

Choose an access level for this user:

Distributor

This access is restricted to Maitre’D Certified technicians and installers. All other access levels are unable to see or grant this access.

System Owner

The System Owner access level is restricted to the restaurant management. Only top-level managers should have this access, as this allows them to create and delete other users, as well as to perform administrative duties on the system.

Access Levels 2 through 8

These access levels can be fully customized, and don’t allow decrypted PANs and expiration dates to be shown anywhere. These access levels can be used for anyone requiring access to the Maitre’D back-office software.

1. Password

Type in a password for the new user. The password must be at least 7 characters, and comprised of a mix of letters and numbers.

1. Confirm Password

Confirm the password for this new user.

1. User must change password at next login

Enable this option to force the user to change the login password during the next login. This option should be used for every new account and afterwards if there is a doubt that an account password may have been compromised.

1. Apply

Click the Apply button to create the user without exiting the User Editor. This will allow you to create more users.

1. OK

Click OK to save your changes and exit.

• Never share your password with anyone, for any reason, under any circumstances.

• Use complex passwords. Maitre’D already forces you to use a minimum of 7 characters with a mix of letters and numbers, however:

  • Try using 8 or more characters. Long passwords are harder to guess.

  • Avoid using combinations like 123abcd, or 123456a, or abcdef1, etc. These combinations are easy to guess and can get your system compromised.

  • Avoid using combinations of adjacent letters and numbers on the keyboard, such as “qwertyu

  • Avoid using common words with letters replaced by numbers or symbols, such as “P@ssw0rd” or M1cro$0ft. Unfortunately, hackers know these tricks, too.

  • Try using 8 or more characters mixed in with capital letters, numbers and special characters. A very effective technique is to choose a phrase which only you would know, then take the first few letters of each word to start building your password. Then, throw in a few numbers and add a special character or two

• Do not use any word from any dictionary in any language. Hackers can use sophisticated dictionary attacks; therefore, any dictionary words are not safe to use as passwords.

• Never use any kind of personal information as your password, such as your spouse’s name, children’s names, birth dates, anniversaries, etc.

• Make sure that only key personnel have Distributor or System Owner access. Give lower access to everyone else.

• If you have even the smallest doubt that someone may know your password, have it changed immediately.

• When an employee quits or gets fired, immediately delete this person’s account from Maitre’D. If you need to keep the account for audit purposes, then immediately change the password.

• Strictly enforce passwords management policies with all employees using any part of your computer system.

This requirement applies to the Maitre’D main back-office PC as well as Maitre’D Auxiliary Servers and Maitre’D Backup Servers. Although only the main back-office and backup server actually contains data, all 3 types of server allow access to cardholder data and therefore need to be protected by strong passwords.

Main back-office

On the main back-office, a user with administrative rights must be logged in all the time for Maitre’D to run, but also for other payment applications to run, such as Datacap DSIClientX, Datacap NETePay, Datacap EPay Admin, etc. It is very important that the username used for the main back-office PC is not used anywhere else on the network, and it also needs to be protected by a strong password, known only by the person logging in. Maitre’D supports multi-user environments, so any user with administrative rights will be able to run all necessary applications. Every manager that will be responsible for the main back-office PC must use a unique username and password to login to the main back-office PC. Additionally, the username and password used for the main back-office needs to be different than the one used for other PCs.

Backup server

The backup server PC contains a copy of the data from the main back-office, and all payment applications are in a dormant state. For this reason, the backup server needs to be protected by a strong, unique username and password, exactly like the main backoffice. Since the backup server also requires a user to be logged in all the time, make sure that only the restaurant owner or managers have a username and password that allows access to the backup server PC.

Auxiliary back-office

The auxiliary back-office does not contain any data. It is simply a terminal that allows access to the data that sits on the main back-office. Auxiliaries only work when installed on the same LAN as the main back-office. They cannot be used to access data from another main back-office on another network or across the internet.

Since the auxiliary back-office allows access to credit card numbers, the Windows computer on which an auxiliary sits must be protected by strong, unique usernames and passwords. Each user logging in to that auxiliary back-office PC must use a unique username and password.

POS Workstations

POS workstations do not store any data in any way, shape or form, and they do not allow any card information to be accessed or viewed in any way. However, to maintain the security of your network, strong and unique usernames and passwords must be used to login to Windows before the POS workstation software is started. Also, each employee using POS workstations must sign in with a unique employee code and a password.

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- From the main back-office screen, start the Server Control module.

3- Click the View menu, and select Options…

4- Under Advanced, click on the Miscellaneous tab

5- Make sure that the Use Username Login option is checked, and click the OK button at the bottom of the window.

This will ensure that all users are forced to enter a username and a password to login to the back-office software. This is required for PA-DSS compliance.

1- Start the Maitre’D Back-Office software and logon with appropriate credentials. Either Distributor or System Owner access is required for this task.

2- From the main back-office screen, click on the Tools menu, and select the User Editor option.

3- The User Editor window will be displayed. All existing users with access levels equal or lower than yours will be listed here, if any.

Click the New button to create a new user.

Click the Delete button to permanently delete an existing user.

This button is only available to Posera technicians to reset an account’s password history for troubleshooting purposes.

Click the UnLock button to unlock a locked account.

Click the Discard button to clear information that was entered during the process of creating a new user.

Click OK to commit changes and exit out of the User Editor tool.

Click Apply to commit changes without exiting from the User Editor Tool.

Click Cancel to exit out of the User Editor tool without saving changes.

After 5 unsuccessful login attempts, Maitre’D will automatically lock the user account. To unlock an account, someone with Distributor or System Owner access needs to login, access the user editor, select the locked account and click the Unlock button.

Locked accounts are marked with a padlock icon:

By default, on new Maitre’D installations, any Maitre’D Back-Office module that is open will automatically close itself after being idle for 15 minutes. Also, in Maitre’D 7.08.000 or later, this option is systematically enabled and grayed out on systems where the Electronic Funds Transfer module is in use. This prevents the option from being accidentally disabled and ensures PA-DSS / PCI DSS compliance. However, it is good practice to verify that the Use Inactivity Timeout option is enabled in Server Control / View / Options / Advanced / Miscellaneous.

To do so:

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- From the main back-office screen, start the Server Control module.

3- Click the View menu, and select Options…

4- Under Advanced, click on the Miscellaneous tab

Make sure that the Use Inactivity Timeout option is checked, and click the OK button at the bottom of the window.

If the Use Inactivity Timeout option is not grayed out, it may indicate that the Electronic Funds Transfer module could have been setup incorrectly. In that case, please review the configuration as outlined in earlier sections of this document

Maitre’D supports a wide range of wireless handheld devices and tablets. Also, more and more sites want to offer wireless internet access to their customers. Combining these two factors can pose some serious security challenges if it’s not done properly.

There are far too many wireless routers and access points available on the market today to list all of them here or to give detailed setup instructions for them all. However, here are some guidelines that need to be followed in order to implement a secure wireless network to be used with Maitre’D. Please refer to your hardware’s documentation for instructions specific to your devices.

Physical segmentation

1. Use separate devices to be used for general internet access and for the secured Maitre’D network

• If the merchant provides free and unsecured Wi-Fi for customers, make sure that a completely separate device is used for that purpose, and make sure that this unsecured wireless network cannot “see”, connect or interact with the Maitre’D network in any way, shape or form.

• Although some devices have a “guest access” feature, which is meant to allow internet access to guests while blocking access to other computers, it is not recommended to use it. Using a separate device for your guests is much more secure.

• In addition to using a separate device for general Wi-Fi access, this type of access needs to be segregated to its own network segment.

1. Install a firewall between any wireless networks and systems that store cardholder data.

• If wireless devices are used as point of sales, the wireless network that supports them must be separated from the Maitre’D Back-Office network by a firewall.

• Any wireless traffic (including specific port information) should be documented.

• A “Deny all” rule must be present and only authorized traffic is permitted between the wireless environment and the cardholder data environment

Encryption

1. Enable encryption

• Use Wi-Fi Protected Access II (WPA2) encryption for your wireless network. WPA2 is more complex and more secure than WPA. WPA2 is required to comply with industry best practices as described in IEEE 802.11i-2004 standard.

• DO NOT use WEP encryption. This type of encryption has been proven insecure and very easy to breach. In fact, the use of WEP encryption as a security control is prohibited by the PCI SSC since June 30th, 2010. If your device does not support WPA2 or better encryption, see if an update is available from the manufacturer of your device. If not, you will need to have that device replaced to remain PCI DSS compliant.

• AVOID using WPA encryption. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities until the more secure WPA2 encryption was developed. While still technically allowed by the PCI SSC, this type of encryption is not as secure as WPA2. If your device does not support WPA2 or better encryption, see if an update is available from the manufacturer of your device.

1. Use long and complex passphrases

• The WPA2 passphrase consists of a string comprised of 8 to 63 printable ASCII characters. Although WPA2 uses strong encryption, it is still vulnerable to password cracking attacks if the user relies on a weak passphrase.

• Use a passphrase comprised of at least 20 characters, containing a mix of capital and lower case letters, mixed in with numbers and special characters. Contrary to a password, passphrases need to be entered only once and do not need to be memorized, therefore they can be more complex.

• Even though it is called a “passphrase”, do not use any dictionary word in any language. Also, never use personal information such as your name, your spouse’s name, your children’s names, birthdates, phone numbers, etc

Change vendor’s default settings

1. Change the default username and password to access your router or wireless access point.

• Most manufacturers use a default username and password used to configure the device after it’s first taken out of its box. These usernames and passwords are the same for every single device from a given manufacturer, so it is absolutely imperative to change them as soon as possible, and use strong passwords. Refer to PA-DSS requirement 3.1 for guidance on strong passwords.

1. Change the default Service Set Identifier (SSID) of your wireless network.

• Using the default “out-of-the-box” SSID for a wireless network tells wouldbe hackers that your wireless network was setup by a novice, and that other settings may also have been left to their default values.

• The complexity of the SSID has no real impact on security, however bear in mind that it is used as a “salt” with WPA2 encryption. Hackers use Rainbow Tables containing hashes obtained from common SSID’s and common passphrases to speed up brute force or dictionary attacks. For this reason, you should avoid using any SSID that is in the top-1000 SSID’s list found at https://wigle.net/stats#ssidstats.

• When defining an SSID, make sure to use something unique, that you can easily remember and identify, without giving clues as to the network usage or the hardware in use.

• Do not use an SSID which could give hints or clues as to the make or model of your Wi-Fi router or access point, such as “LinksysWRT54G” for instance.

• Do not use an SSID which could suggest what your network is used for, such as “WiFi for credit cards” or “MaitreD Wireless”.

Filtering

1. Enable MAC Address filtering on your access point or router.

• Every single networking device on the planet has a unique hardware address known as a MAC Address. For the Maitre’D wireless network, make sure that only known MAC Addresses are allowed. All modern wireless routers and access points should allow you to configure a list of allowed MAC addresses.

• Remember that MAC Address filtering does not replace strong encryption. It should be used in addition to WPA2 encryption.

SSID Broadcast

1. Do NOT disable SSID Broadcast.

• Disabling SSID broadcast causes your router or access point to stop advertising (broadcasting) its SSID. This may sound like a good thing, but it’s really not.

• First of all, finding a “hidden” SSID is a trivial effort for anyone with minimal knowledge in Wi-Fi technology. Tools readily available on the internet allows anyone to easily find any SSID in minutes.

• Secondly, disabling SSID Broadcast forces connecting devices (handhelds, tablets, etc.) to constantly transmit the SSID in their requests to the wireless router. In turn, this allows a hacker to impersonate your router using a laptop or even a smartphone and obtain your credentials that way. Also note that connecting devices will continue to call out for the wireless router even when out of range, which may get these devices compromised

• Most (if not all) wireless routers and access points have SSID Broadcast enabled by default. Be sure to leave it enabled, even if it may seem counter-intuitive.

WPS PIN Recovery

1. Disable WPS PIN Recovery

• Wi-Fi Protected Setup (WPS) is a security protocol created by the Wi-Fi Alliance and introduced in 2006. The goal of this protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access (WPA), as well as making it easy to add new devices to an existing network without entering long passphrases.

• A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key.

• Given this security flaw, the WPS PIN Recovery feature needs to be disabled. If your router or access point does not allow for this feature to be disabled, see if a firmware update is available from the manufacturer or have the device replaced.

Remote Login

1. Disable remote login for your router.

• Some routers allow remote management through some form of remote access tool, allowing you to connect to your router from anywhere in the world. Make sure to completely disable that feature.

• If you need to remotely manage your router for whatever reason, only enable the access for the time it is required, and make sure to change the default username and password

Wireless Administration

1. Disable wireless administrati

• Some wireless routers and access points allow the device to be managed wirelessly. Make sure to disable that feature. This will force you to use a network cable in order to connect to the router to manage its settings, but it also prevents anyone within range from trying to hack into your router’s setup program wirelessly.

SNMP Protocol

• Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

• This protocol is more often used on enterprise-grade equipment, but some smalloffice and even home-user devices now feature SNMP capability.

• Malicious users may use the SNMP protocol to gain knowledge of the network topology and use this knowledge to identify and target more vulnerable systems.

• SNMP uses passwords known as “Community Strings” for authentication. There are generally two community strings: One for read-only access, and one for readwrite access. The default community string that provides the monitoring or read capability is often "public". The default management or write community string is often "private".

• If the SNMP protocol is not actively being used, it should be disabled altogether. If it is being used, then it is imperative that both monitoring and management community strings be changed from their default manufacturer’s values, which are well-known by any would-be attacker.

Updates

1. Update your devices’ firmware

• All wireless routers and access points have internal software that makes them work. This software is burnt onto special memory chips and is referred to as “Firmware”. From time to time, manufacturers will release new firmware versions for your devices to fix bugs, improve functionality or patch security issues. Make sure to check your manufacturer’s website periodically and update the firmware as soon as a new version becomes available.

The main goal of centralized logging is to provide one single, centralized location where logs from multiple systems can be stored and consulted. Essentially, centralizing comes down to copying logs generated by a Maitre’D system to a separate computer in a different location.

In addition to basic convenience, centralization protects log files against accidental or intentional deletion and prevents malicious users from tampering with them.

In an ideal setting, the centralized log server should be in a separate network and at a different location. In the event that the Maitre’D Back-Office computer gets compromised, the log server is less likely to become affected and the logs will remain available to troubleshoot the issue.

Exporting events from Windows Event Viewer

The Windows Event Viewer uses the Common Log File System (CLFS), which is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs. It was introduced with Windows Server 2003 R2 and included in later Windows operating systems. CLFS can be used for both data logging as well as for event logging.

Developed by Microsoft, CLFS includes various APIs and interfaces which allows thirdparty software developers to create tools that facilitate centralized logging. Essentially, these tools are able to read events from the Windows Event Viewer in real-time or nearreal-time on multiple PCs and collect the data in one centralized location in order to safeguard the logs. This protects the logs against accidental or intentional deletion and prevents tampering with the logs.

Commercially-available products such as Splunk exist to setup centralized logging servers. There are also hosted and cloud-based services that can take care of centralized logging without the need to setup dedicated servers. There are far too many solutions available out there to list them all here. Please check with existing software and service providers and ask for a solution that will allow centralized logging of events from Windows Event Viewer.

Other logs and reports

Maitre’D includes a wide variety of logs and reports that can be used either for troubleshooting purposes or for legal auditing. All Maitre’D logs are stored on the hard drive as text files, and these can easily be consulted. As for audit reports, they are actually Crystal Reports, which can be exported in many standard formats, such as PDF, CSV, Excel, Dbase, Etc

Text logs

As explained previously, logs are stored in C:\POSERA\MaitreD\DATA\LOG. These logs are in fact plain text documents which can easily be copied to another PC and read with readily available applications such as NotePad. Because plain text files are so common, they can be monitored “as-is” by most third-party event logging applications or software suites.

Crystal Reports

Once a report is generated, it can be exported to many different formats, including Comma-Separated Values (CSV), Tab-Separated text, plain text and many others. To export the Access Log report, proceed as follows:

1- Generate the Access Log report as previously explained in the PA-DSS Requirement 4.1 section.

2- Click on the Export button. The button is shaped like an envelope and located near the top of the report window

3- From the Format drop-down, select the format towards which you want to export the report data

4- From the Destination drop-down, select the Disk File option, and click OK.

5- Depending on the format that was selected, you may need to configure additional settings, such as the separator character and delimiters. Do so, and click OK.

6- Select a destination folder and a file name, and then click OK

7- The export file will be generated and saved.

Maitre’D includes a wide variety of logs and audit reports that tracks all back-office accesses and credit card transactions. In order to ensure PCI DSS compliance, all the logs pertaining to Electronic Funds Transfer and all audit reports are always enabled and cannot be disabled in any way. No special configuration is required to enable or activate logs, as they are always operational without any user intervention, immediately after installation of the Maitre’D software.

Logs

All log files are actually plain text files that can be viewed with any basic text editor such as Microsoft NotePad, which is bundled will all versions of Microsoft Windows. By default, they are located in the following folder:

C:\POSERA\MaitreD\DATA\LOG

File: BOSRVEFT.LOG

This log file contains detailed information on Electronic Funds Transfer (EFT) transactions that have been processed. The information in this file comes from the Maitre’D software itself, and all card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log.

File: BOSRVEFTDRV.LOG

This log file contains detailed information on Electronic Funds Transfer (EFT) transactions that have been processed. The information in this file is stored in XML format and comes from the EFT Middleware, such as Datacap DSIClientX or others, and all card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log

File: EftTrans.LOG

This log file contains very basic information on Electronic Funds Transfer (EFT) transactions that have been processed. Only information such as transaction type, date, time, amount and such can be found in this report. All card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log.

Reports

From the Maitre’D report center module, the access log report records and displays the activity occurring on the main back-office. Information like invalid login attempts, access to the report center and other activities.

To generate the Access Log report:

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- Start the Report Center module

3- Click on the Select a Report Link.

4- Select the Configuration section.

5- Select the Access Log report, and click OK

6- Select the date or date range and time for which you want to generate the report, and click OK.

7- The report will be displayed on the screen.

Log contents

The Maitre’D Access Log will log and display the following information:

LOGIN

• All login events. • Access to all Maitre’D Back-Office modules after logon.

INVALID

• Failed login attempts.

LOCKOUT

• User lockouts and logon attempts by locked users.

Report Name

• Access to “Plain Folios” reports that show credit card PANs and expiration date. • The date range covered by the report is also recorded.

LOGOUT

All logout events.

For all logged events, the following information is also recorded:

• Date of the event. • Time of the event, in HH:MM:SS (Hours:Minutes:Seconds) format. • Type of event. • Maitre’D Back-Office module used. • Username responsible for the event. • Computer name from which the event was generated. • Report ranges (start and end date).

Windows Event Viewer logs

In addition to proprietary reports, all events that pertains to PA-DSS requirements are also logged in Windows Event viewer. This facilitates the inclusion of these events in a commercially available centralized logging product.

Note that logging to the Windows Event Viewer is always enabled in Maitre’D and cannot be disabled in any way through the Maitre’D software. The instructions below are provided to help users locate Event Viewer entries generated by Maitre’D.

To access the Windows Event Viewer:

1- Open the Windows Control Panel.

2- Within the Control Panel, click on System and Security

3- Scroll down and click on Administrative Tools.

4- Double-Click on the Event Viewer icon.

5- Within the Event Viewer, click on the arrow next to Windows Logs to expand the list.

6- Click on the Application log

7- The Application log opens. Within this log, events generated by Maitre’D are identified with the source defined as “MDEventLog

Since Maitre’D version 7.08.000, cardholder data is encrypted with strong encryption before being sent from the POS to the main Back-Office for processing. This encryption is enabled by default and cannot be disabled. There are no settings or options in the Maitre’D software that would allow for this encryption process to be disabled, either accidentally or on purpose.

If your wireless network is protected by WPA2 as it should, this means that there are now two layers of encryption protecting the cardholder data. First, a potential attacker would need to breach your wireless network, which should be very hard to achieve if it is properly protected. In the unlikely event that an attacker succeeds in breaching your wireless network, the cardholder data would still be protected by strong AES-128 encryption.

As a reminder, in order to use wireless communications in a secure manner, make sure to:

• Securely implement wireless technology as outlined in PA-DSS requirement 6.1 above.

• Use and manage wireless technology in a secure manner as outlined in PA-DSS requirement 6.3 below.

Patches and updates should only be downloaded and installed by trained and certified Maitre’D resellers and support technicians. This section details how users are notified of updates availability and the general delivery process for updates. Installation and rollback procedures are also provided here for convenience and can also be found in the Maitre’D 7.X installation guide

Versioning methodology

Overview of numbering scheme

The version numbering scheme used in Maitre’D comprises of four parts: a.bb.ccc.ddd, where:

The scheme is displayed as a.bb.ccc.ddd, for example, 7.08.000.000, represents version 7, Service Pack 8, critical correction 0 and minor release 0.

In the event that a major issue is discovered shortly after the release of an update, an emergency fix will be created, which once applied, will increment the number corresponding to the nature of the fix.

For example, if a new update caused a major crash in the inventory module, it would be considered as a major issue, but would not impact credit card transactions, security or any PA-DSS requirements. Therefore, the fix for that issue would simply increase the minor correction version (ddd).

Another example, if an issue is discovered which impacts a PA-DSS requirement, the emergency fix released would increment the Critical Issue Resolution release number (ccc).

The version information is shown in multiple places during the installation process. Once the software is installed, the version information can be verified in the Help / About… menu of any module.

Main installer – InstallShield Wizard

Service pack / Update installer – InstallShield Wizard

Help / About… Menu

The version information is embedded in the executables’ File Version information (in the form a.b.c.d) and in the Product Version (in the form a.bb.ccc.ddd), as shown below.

In order for wireless technology to be used securely, it must first be implemented in a secure manner. Please refer to PA-DSS requirement 6.1 to learn how to securely implement wireless technology.

Change all default settings upon installation

As soon as new equipment is purchased, the first thing that should be done after taking the equipment out of its box is to change its default settings such as usernames and passwords, SSID’s, wireless encryption keys and SNMP community strings.

This needs to be done before the equipment is installed in or around the card data environment in order to prevent malicious users from using known factory default configurations to gain unauthorized access to the card data environment.

Change credentials, keys and passwords frequently

Change wireless encryption keys, passwords, passphrases and SNMP strings as soon as someone with knowledge of the keys/passwords leaves the company or changes positions.

Also, if there is any doubt or possibility that unauthorized individuals may somehow have obtained any knowledge of keys, passwords, passphrases or strings, have all of them changed immediately. These credentials should only be given to people who have a legitimate need to know.

Install firewalls between wireless networks and card data environment

In addition to perimeter firewalls which protect the card data environment from the “outside world”, additional firewalls need to be installed between wireless networks and the card data environment.

For example, if wireless devices are being used as point of sales with the Maitre’D system, the wireless network that supports these devices need to be segregated with a firewall in order to protect the Maitre’D Back-Office server which contains cardholder data.

For example, if wireless devices are being used as point of sales with the Maitre’D system, the wireless network that supports these devices need to be segregated with a firewall in order to protect the Maitre’D Back-Office server which contains cardholder data.

The firewalls must be configured with a default “Deny All” rule which systematically blocks all network traffic, and then specific rules need to be created so that only the traffic necessary for business purposes is allowed through the firewall.

Additionally, MAC Address filtering should be employed to that only authorized wireless devices are allowed to communicate over the wireless network used by point of sale devices.

Use industry best practices

Please refer to PA-DSS requirement 6.1 above to setup and use the wireless environment in a secure manner. This section was created by following guidelines of IEEE 802.11i-2004. Also, some recommendations found in requirement 6.1 are based on security threats or weaknesses that were discovered after the release of IEEE 802.11i and therefore meet or surpass this standard.

Before an update is fully released and made available to all the Maitre’D reseller community, it is first released to select few resellers who reported specific issues that are corrected by the new update. The same principle applies to new features. Resellers who originally requested the new feature will be given the chance to “beta-test” new features before they are actually released. Normally, the pre-release period will vary from one week to several weeks, depending on the number of bug fixes or the complexity of the new features to be released. If an issue is discovered during the pre-release phase, corrections will be made and the pre-release period will be extended as necessary.

After the pre-release period, Maitre’D resellers and support technicians will be notified that a new update is available through a monthly newsletter or a special e-mail communication if the update is released in-between two newsletters.

Maitre’D does not have or make use of any automated update mechanism. Updates needs to be manually downloaded from a secure server where resellers login with a unique username and password. Downloads are tracked, and a SHA-2 hash is displayed next to the download link so the authenticity of the downloaded file can be verified.

Maitre’D Service Packs can only be downloaded from the distributor’s section of our secured website, at the following address:

You need your distributor username and password in order to be able to login and download anything from our website.

If any file was downloaded or otherwise obtained from another source, please delete these files and re-download the service pack installer from our website.

Take note of the current software and database version

Knowing which version you are starting from is extremely important is case there is a need to roll-back the service pack for whatever reason.

To check the current version:

1- From any back-office module, click on the Help menu, and select the About… option.

2- The version information will be displayed:

Program / System

The program and system versions correspond to the version of the Maitre’D software that you are currently using.

Database

Knowing the database version is crucial in case you ever need to rollback a service pack upgrade. Please write it down before starting the upgrade process

Updates should only be downloaded and installed by trained and certified Maitre’D resellers and support technicians.

Before installing a service pack:

• Take note of the current version of Maitre’D you are using.

• Make sure that the system is NOT set in 24-hours operation mode.

• Make sure that the End-of-Day has been done and that there are NO SALES or OPEN TABLES in the current day

• Take a full system backup of the system you are about to upgrade.

Before installing a service pack, 24-hour operation mode must be disabled. You must also disable this option before performing the end-of-day

1- Logon to the Maitre’D Back-office with appropriate credentials. (System owner or distributor)

2- Start the Point of Sale Control module

3- Within the Point of Sale Control module, click on the View menu, and select Options…

4- Click on the Option branch, and make sure that the 24 Hours Operation option is disabled (un-checked). Click OK to save changes and exit.

Older service packs are not available for download from our website. If you do not have a copy of the service pack that is currently installed at the restaurant you are about to upgrade, you can get it within the Maitre’D file system:

1- Browse the C:\ drive to C:\POSERA\MaitreD\PRG\Setup.

2- Within the Setup folder, you will find a file called MD7BOSP.exe. This is the service pack file that is currently installed. Copy that file to a removable media for safekeeping, in case a rollback is needed late.

Before installing a service pack, you need to make sure that there are no sales, no open tables and no transactions of any kind in the current day. The best way to make sure that there are no transactions in the system is to perform an end-of-day just before installing the service pack.

1- Have the restaurant manager make sure that there are no pending transactions, open checks or open tables in the system.

2- Logon to the Maitre’D Back-office with appropriate credentials. (System owner or distributor)

3- Make sure that the end-of-day is not already done. To do this, start the Point of Sale Control module, then click on the View menu and select the Setup Dates option.

4- Look at the Last Closing Date value:

a. If the Last Closing Date corresponds to 2 or more days ago, then you can proceed with the End-of-Day procedure.

b. If the Last Closing Date corresponds to yesterday’s date, you will have to make a judgment call:

i. Before noon, Maitre’D will simply not allow you to do an End-ofDay. However, if no transactions were even started for the current day, you may still be able to install the service pack

ii. If it is past noon and that the restaurant is closed for the rest of the day, confirm with the restaurant owner or manager that it is okay for you to perform an end-of-day now

iii. In any other situation, you will need to setup another appointment with the restaurant to get their system updated immediately after the End-of-Day has been done.

5- Double-check to make sure that 24-hour operation mode is DISABLED. (see above)

6- Start the Server Control module.

7- Click the End-of-Day link on the main page.

8- Maitre’D will verify that there are no open checks or tables.

9- When you see the prompt saying “Current Operations Suspended”, click OK and the End-of-Day will proceed.

10-There are 35 steps in the End-of-Day process. During the process, please avoid using the computer, as the progress bars will appear and disappear and steal the focus from other applications.

11-After completion of step #35, the Maitre’D Back-Office server will restart itself and the POS workstations will become usable again.

1- Connect the removable media which contains the service pack file that was downloaded from the Maitredpos website.

2- Locate the service pack installer, which should be called MDBO7AABBBCCCDDD.exe, where “AA” corresponds to the service pack level, “BBB” corresponds to the critical fix number and “CCC” corresponds to the build number. “DDD” corresponds to an internal build number.

a. For example, the service pack file for Maitre’D 7.08.000 is called MDBO708000000004.exe.

3- Double-click on the service pack installer to start the Install Shield Wizard. The Install Shield Wizard will initialize the installation process.

4- After a few seconds, the Install Shield Wizard welcome screen will appear. Click the Next button to continue.

5- Read the End User License Agreement, and click Yes to continue.

6- Choose the path where the service pack will be installed. The Install Shield gets this information from the Windows registry. If the information seems incorrect, make sure to point to where the MaitreD\DATA\ folder was installed. Click Next.

a. If an error dialog box saying “End of day must be done before update”appears:

This means that:

i. End-of-Day was not done, or transactions have been entered at one of the workstations since the End-of-Day was done, or;

ii. Your system had 24-hour operation mode enabled when the Endof-Day ran the last time.

iii. You will need to do the service pack upgrade at another time.

7- The Install Shield Wizard will copy files. This could take a few minutes, during which your computer could appear to be unresponsive. Please be patient.

8- A prompt will ask you to restart your computer. It is absolutely imperative that the computer is fully rebooted after a service pack upgrade. Select Yes, I want to restart mu computer now.” Click the Finish button to close the Install Shield Wizard and restart your computer.

9- After the computer restart, log back into Windows. The Maitre’D POS Server will start automatically. Then, the Maitre’D database will be updated if required. Not all service packs require a database update, so you may not always see that progress bar following a service pack update.

10-Maitre’D will then re-create workstation data automatically to force the connected workstations to apply the latest updates.

Before making any major change like a service pack upgrade, you should always take a full system backup.

1- Logon to the Maitre’D Back-office with appropriate credentials. (System owner or distributor)

2- Start the System Configuration module.

3- Click on the Backup menu and select the Archiving Setup option

4- Select the Alternate Media radio button, and then click on the “…” button to browse for the folder where the full system backup will be saved. Click OK to save the changes.

5- Click the Backup menu again, but this time, select the Save Full System option

6- A dialog box will inform you of what is about to happen. Click Yes to proceed

7- Another dialog box reminds you that any database changes made after the Endof-Day will not be saved. Click OK and the process will begin automatically.

8- Progress bars indicate the status of the backup operation.

9- A dialog box confirms that the Full System Backup operation was successful. Click OK.

10-Inside the folder you selected earlier, you will find a folder called FULL0001. This is your full system backup. Copy it to a removable media for safekeeping.

After the service pack has been applied, check the entire system to ensure that everything is working correctly:

• Check that all workstations are operational

• Verify that all peripherals are working correctly, such as receipt printers, bar and kitchen printers, customer displays, card readers, PIN Pads, etc.

• Use a training employee to test all the normal sales operations.

• Logon to the back-office and test daily administration and management duties, such as verifying punch cards, taking back-office reports, etc.

• If possible, test a credit and a debit transaction to ensure that all systems are up and running before customers start showing up.

Maitre’D by itself does not accept remote connections. However, most modern operating systems include remote access tools such as Microsoft Remote Assistance and Microsoft Remote Desktop. Also, many web-based remote access tools are available, such as Cisco System’s WebEx or Logmein.com’s LogMeIn.

In order to be PA-DSS compliant for all remote access originating from outside your network to the Maitre’D Back-Office server must use multi-factor authentication. The solution you use must be configured for user authentication with at least two out of the following 3 factors:

• Something you know

• Something you have

• Something you are

Something you know

Something you know could be any combination of username, password, PIN or passphrases. Note that using the same factor twice does not count as two-factor authentication. Thus, using two or even three layers of different usernames and passwords does not count as two-factor authentication, and is therefore not compliant with PA-DSS nor PCI-DSS requirements.

Something you have

Something you have is typically something you can physically hold in your hands, and which will be used to authenticate you. An example of this is security tokens. These tokens have a password displayed on them, which changes every minute. When connecting remotely, the use of a username and password (Something you know) in combination with such a token (something you have) would meet PA-DSS requirement.

Something you are

Something you are means using biometric readers. For example, a system that allows you to login only after entering a username, password and a fingerprint scan would meet the two-factor authentication requirement.

Definition of multi-factor authentication

Multi-factor authentication means using at least two of the three factors described above. Using one factor twice does not count as multi-factor authentication. For example, using two or more layers of different usernames and passwords along with PINs and passphrases does not count as multi-factor authentication. You need to use two different factors out of the three factors listed above to meet the multi-factor authentication requirement.

A perfect example of two factor authentication is the use of passcode generating tokens along with username and password authentication. The Username and password part constitutes “Something you know” while the passcode-generating hardware token counts as “something you have”. In this scenario, the remote access system is configured to request the username, the password and the token’s passcode.

Maitre’D has very few dependencies in regards to 3rd party software, services or protocols. These will vary depending on the modules that are used.

Hardware dependencies

Maitre’D has no specific hardware dependency.

Software dependencies

EFT Client software

When an integrated solution is in use, a 3rd party client software or “middleware” needs to be used. Maitre’D will pass the credit card information to the middleware for processing. Information coming back from the acquirer/processor takes the opposite way, from the internet to the middleware, and then back to Maitre’D.

Supported EFT middleware for integrated credit card payments:

• Datacap DSIClientX version 3.86 (File version 3.8.6.0, dated December 3rd, 2012)

Service dependencies

Crypkey License

The Crypkey license service is required to validate the Maitre’D license activation key, and needs to be running all the time.

Protocol dependencies TCP/IP

The TCP/IP protocol is required for network communication

The Maitre’D back-office PC needs to have internet access in order to be able to process credit cards. However, you have to make sure that this PC is behind a corporate firewall, which effectively makes it invisible to the outside world. Also, you need to make sure that the Maitre’D back-office software does not reside on the same PC as other services, such as a web server (IIS, Apache, etc.), DNS or DHCP servers, etc. Generally speaking, any server should have only one primary function, and this is especially important for the Maitre’D Back-Office server which contains sensitive data.

For clarifications as to the actual meaning of this requirement, please read the PCI PADSS v3.2, articles 9.1a and 9.1b.

Basically, you need to make sure that the Maitre’D Back-Office PC and all workstations are on the Local network, behind the corporate firewall. What this requirement is stating is that any PC containing any kind of cardholder data should never be located in the DMZ (De-Militarized Zone) or in any other network location which could be accessed directly from the internet or from the “outside world” in general.

Implications for Maitre’D Meal Zone

If Maitre’D Meal Zone is in use, (also know as “External Ordering Service”, Online Ordering Service or MDWebService), you need to make sure that this service IS NOT installed on the same PC as the Main Maitre’D back-office. Maitre’D Meal Zone should be installed on a different PC sitting in the DMZ. Failing to do this automatically puts your system is a non-compliant status towards PA-DSS requirement 9.1.

Ports and Exceptions list for firewalls

Here is a list of all default ports and processes commonly used in Maitre’D 7.08. Use this list to help in building rules and exception for firewalls and Anti-Virus software.

TCP Ports

TCP Port 1001

Traffic: Inbound and Outbound

Protocol: TCP

Services: Applications

Applications: BOSRV.EXE, POS.EXE, STARTER.EXE.

Network: LAN only

This is the default port used by the Maitre’D Back-Office server to initiate communication with the workstations and needs to be open for inbound and outbound traffic on the local network only. This port is user-configurable in Server Control / View/ Options / Advanced / TCP/IP Port.

TCP Port 1002

Traffic: Inbound and Outbound

Protocol: TCP

Services: Applications

Applications: All Maitre’D applications

Network: LAN only

This port is used by workstations to initiate communication with the Maitre’D Back-Office server and needs to be open for inbound and outbound traffic on the local network only. This port number could change depending on what has been configured as default communication port. The port number will always be Default Port + 1. For instance, if the default port is set to 5000, then workstations will use TCP port 5001 to initiate communications.

Ports for Electronic Funds Transfer (EFT)

Traffic: Inbound and Outbound

Protocol: Varies according to service provider

Services: Varies according to service provider

Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider.

Network: LAN and Internet

Ports used for EFT vary according to processors / acquirers. Please review the documentation provided by your EFT processor / acquirer to learn which ports need to be opened. For some interfaces, the TCP port is user-configurable through EFT / View / Options / Interface. In all cases, ports used need to be opened for inbound and outbound traffic over the local network as well as over the internet.

Note on Threaded Communication

If your system has the Threaded Communication enabled (ThreadedComm=2 in the bo.ini) more ports are actually used by Maitre’D to communicate with workstations. With this option enabled, Maitre’D receives data over ports 1001 and 1002, and then replies to the workstation over another port so that TCP Ports 1001 and 1002 remain free

The port number that will be used by Maitre’D to reply to the workstation is determined by the Windows network driver. Typically, the first available port will be used. These extraneous ports are used for outbound communication only, so they should not be blocked by your local firewall.

Processes / Applications

Bosrv.exe

This is the Main Back-Office server process which needs to be running at all times for your Maitre’D system to work. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

Bosrveft.exe

This is the process managing all Electronic Funds Transfer (EFT) transactions. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

BoReport.exe

This application is actually the Report Center module. It does not need to communicate through firewalls, but it does need to be excluded from virus scans or other software which may interpret BoReport.exe’s behavior as a threat.

GHServer.exe

This is the process that manages E-Global Head-Office server communication with restaurants. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

GHClient.exe

This is the process that manages E-Global communication from the restaurant to the Head-Office server. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

MDProcessor.exe

This is the process that manages the Maitre’D Schedule and Table Management Interfaces. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

Maitre’D Hot Fixes and Service Packs

The Maitre’D software does not update itself remotely. Patches, hotfixes and service packs are all hand-tested in our QA labs before being released.

Once released, the hotfixes are stored on a secure server. Only authorized and qualified Maitre’D technicians are allowed to login to this server to download the hotfixes. Once downloaded, the hotfix needs to be installed manually by an authorized Maitre’D technician.

Authorized and qualified Maitre’D service technicians can download the latest service packs from the following secure website (Username and password required):

Any file obtained by any other means than our secured website should be deleted and re-downloaded to preserve the integrity of the chain-of-trust.

Additionally, the SHA hash is displayed next to the service pack download link. This hash can be counter-verified with various checksum utilities that can be downloaded from the web.

Every service pack that is released undergoes a full suite of automated regression and backwards compatibility testing. Once a hotfix has passed all of these tests, every new fix included in a service pack is hand-tested by our team of experienced QA analysts.

With such a combination of automated and hand testing, our service packs are very unlikely to be found faulty or to create any problems after release. However, should there be a requirement or a situation that warrants downgrading service packs, here is the procedure to do so.

Warning! Risk of loss of sales data!

The manipulations explained in this section involve copying and moving files and folders. Also, the procedure is time-sensitive, and if not carried out correctly within the allotted time frame, loss of sales data can occur. Such a loss would be irreversible and permanent. Therefore, backup copies of your data need to be taken before undertaking this procedure.

Emergency rollback: This is a “0-Day” procedure.

This means that the emergency uninstall procedure needs to be carried out the same day as the service pack upgrade. This procedure is in place to allow resellers to backout of an upgrade that was done by mistake or if you immediately realize that the upgrade will pose a problem.

When a new service pack is installed, Maitre’D automatically copies all its data and program files into a backup folder in case an emergency rollback is required. This procedure can only be used on the same day as the service pack update. Any sale or configuration change done since the upgrade will be lost following the rollback. Also, if you attempt this procedure after an end-of-day has occurred, you may not be able to restart your system after the rollback.

1- This procedure could take anywhere from 15 to 30 minutes. Make sure you have enough time to proceed, plus extra time to spare in case you need to cancel the operation.

2- If not done already, take a full system backup, plus a complete copy of the C:\POSERA\ folder. Copy all files to a removable drive for safekeeping.

3- Shutdown all the POS workstations on the site, and make sure nobody attempts to start them up while you are working on the main back-office.

4- Close all Auxiliary Back-Offices and Backup servers, if any.

5- On the main back-office, stop the Maitre’D Back-Office Server. This is done from the Server Control module, under the File menu, select the Stop Server option.

6- Close all Maitre’D Back-Office modules.

7- Browse to C:\POSERA\MaitreD\

a. Rename the PRG folder to OLD-PRG.

b. Rename the DATA folder to OLD-DATA.

8- Browse to C:\POSERA\MaitreD\Backup\

a. Copy the PRG folder to C:\POSERA\MaitreD.

b. Copy the DATA folder to C:\POSERA\MaitreD.

9- Restart the computer. After the computer restart, make sure the Maitre’D BackOffice server starts automatically, and then start all the POS workstations.

10-Perform your system verification to make sure everything works properly.

11- After confirmation that everything works perfectly, you can delete the OLD-PRG and OLD-DATA folders.

Maitre’D supports sending reports through e-mail. However, this feature is automatically disabled through hard-coding for any report which may contain credit card information such as the PAN or expiration date. Therefore, it is impossible for Maitre’D to send sensitive data through e-mail, or any other end-user messaging technology, for that matter.

Training programs are given outlining information security and PA-DSS responsibilities at least once per year for all internal staff and distributors. Roles and responsibilities concerning internal personnel must be assigned to specific individuals must include the following:

• Overall accountability for meeting all the requirements in PA-DSS

• Keeping up-to-date within any changes in the PCI SSC, PA-DSS Program Guide

• Ensuring coding practices are followed

• Ensuring distributors receive training and supporting materials

• Ensuring all internal staff receive training and supporting material

Maitre’D itself never transmits any data over public networks. Maitre’D interfaces with 3rd party applications such as Datacap DSIClientX which takes care of encrypting the data with strong cryptography as well as sending it wherever it needs to go. As Maitre’D uses middlewares to proceed to the transactions, the middlewares verify that only trusted keys and/or certificates are accepted by establishing a secure TLS 1.1 or higher connection with the acquirer interface.

Also, middlewares are configured to prevent fallback to an insecure version or configuration as middleware use only TLS 1.1 or higher to transmit the cardholder data.

Please consult the documentation supplied by the software manufacturer of the application you are using to learn how cardholder data is secured when transmitted across the Internet, how to deploy a secure implementations of security protocols and configure the proper encryption strength for the encryption (TLS 1.1 or higher).

Review the PCI SSC website at www.pcisecuritystandards.org to ensure that the application you are using has been validated as PA-DSS compliant.

This guide is provided to all internal staff, customers and distributors upon release of the payment application. The PA-DSS Implementation guide provides relevant information specific to the application itself and is reviewed on a yearly basis as well as when any changes are made to the application or any PA-DSS requirements.

The Implementation Guide is available in the installation file and it is located under the following folder:

C:\POSERA\MaitreD\PRG

Customers, resellers, and integrators can access to the PA-DSS Implementation Guide can be downloaded on the Posera’s portal:

https://distributors.maitredpos.com/distributors/support/softwareanddocumentation/Default.aspx

When a new update is available, an email is sent to the security officer. Only certified Maitre’D technical can download updates via the secure portal and install the new version or update within the customer’s environment.

Maitre’D in itself does not offer any kind of remote access. However, when you install any kind of 3rd party remote access software or web-based solution, you must verify that the communications are fully encrypted using strong cryptography with technologies such as SSH, VPN, or TLS 1.1 or higher for encryption of any non-console administrative access to the Maitre’D application or servers within the cardholder data environment.

Maitre’D does not use any insecure services such as NetBIOS, file sharing, telnet or unencrypted FTP to manage the application.

As described in a previous section, use a software with multi-factor authentication and follow guidelines described in this section to encrypt all non-console administrative access.

If you use remote access software to access Maitre’D or other components of the payment application you are using, you need to configure its settings to be as secure as possible. Please consult the documentation that came with your remote access software or solution.

Guidelines

Here are some guidelines that will help securing remote access:

• Change default settings in the remote access software (for example, change default passwords and use unique passwords for each customer).

• Allow connections only from specific (known) IP/MAC addresses. (Also known as MAC Address Filtering)

• Use strong authentication and complex passwords for logins (See PA-DSS Requirements 3.1.1 through 3.1.10)

• Enable encrypted data transmission according to PA-DSS Requirement 12.1

• Enable account lockout after a certain number of failed login attempts (See PADSS Requirement 3.1.8)

• Configure the system so a remote user must establish a Virtual Private Network (“VPN”) connection via a firewall before access is allowed.

• Enable the logging function.

• Restrict access to customer passwords to authorized reseller/integrator personnel.

• Establish customer passwords according to PA-DSS Requirements 3.1.1through 3.1.10.