beautypg.com

Collecting sensitive information, Setting up passwords and access – Gasboy CFN III Payment Application Best Practices Implementation Requirements User Manual

Page 2

background image

Page 2

MDE-4759 CFN III Payment Application Best Practices Implementation Requirements · September 2008

Application Best Practices

Collecting Sensitive Information

Sensitive information, such as Magnetic Stripe Data, Card Validation Codes, PINS or PIN
Block Data can only be collected to solve a specific problem and the data must be limited to
only what is required to resolve the problem. The storage of such data will be encrypted while
it is stored and such data must be securely deleted immediately upon resolving the issue.
Note: No sensitive information will be transferred by e-mail.

Setting Up Passwords and Access

XPE PC Administrator Password

The Windows

®

XP Embedded (XPE) PC System Administrator, as default, is set up without a

password. Upon completion of the system install and the Embedded Payment System
configuration, the PC administrator password must be set up. The password is set up by
logging into the XPE as the administrator user, through the control panel “User Accounts”,
and setting the administrator password. Refer to

“Appendix: PCI Password Requirements”

on

page 4

for PCI password requirements.

CFN III User Passwords and Permission Levels

Contact Gasboy

®

Technical Support if you do not know the CFN III Manager password.

Upgrading from a non-secure version will result in the removal of previous passwords. Refer
to MDE-4739

CFN III PCI Secure Controller Software Installation/Upgrade Instructions for

more information on obtaining a password. Manager permission level access must not be
granted for passwords that are used by general CFN users. CFN general users and managers
must meet the minimum password requirements listed in

“Appendix: PCI Password

Requirements”

on

page 4

. A unique CFN User ID must be used for every individual that will

be accessing the CFN system.

CFN III Remote Access

Two-factor authentication is required for remote access into the CFN III system by employees,
administrators, and third parties.

Passwords and access by vendors for remote maintenance must be enabled only when
explicitly needed and must be disabled thereafter.

See also other documents in the category Gasboy Hardware: