MDE-4759 CFN III Payment Application Best Practices Implementation Requirements · September 2008

Page 1

Introduction

Purpose

The purpose of this document is provide a guide to owners and operators who purchase and
install CFN III systems. This document outlines the best practices and policies required for
CFN III to be operated in accordance with the Payment Card Industry (PCI) Data Security
Standards (DSS).

Application Best Practices

Removal of Non-secure Information

Refer to MDE-4739

CFN III PCI Secure Controller Software Installation/Upgrade

Instructions to upgrade the CFN payment system from a non-compliant version of 3.4 or
earlier to a secure PCI compliant version. After the installation is complete, the embedded
payment controller transaction table must be purged of any information left in memory, which
may retain previous card information. This is a mandatory procedure in order to meet PCI
requirements and cannot be skipped. This process must be executed before the site is allowed
to start processing card data. It would be best to proceed with this process right after the table
sizing is finalized.

To remove the non-secure information, proceed as follows:

1

In the SC3 window, login to the Payment System as an administrator user with an
administrator permission level.

2

Type “FIX TRAN”;I” and press Enter.

3

Type “RESET TRAN”;I” and press Enter.

4

Type “RESTORE TRAN FROM TRANWIPE.DTA” and press Enter. If the message
“Transaction physical record too large” is displayed on the screen, it is harmless, ignore the
message. After this command is executed, the transaction table will be wiped of any
information but unusable.

5

Type “FIX TRAN;A” and press Enter. This command will renumber and correctly set up the
cleaned transaction table. The table is now ready for accepting secure card data.

MDE-4759

CFN III Payment Application Best Practices

Implementation Requirements

September 2008