Appendix f: security program, Security program, Refer to – Gasboy CFN III V3.6 and Later User Manual
Page 73

MDE-4739A CFN III PCI Secure Controller Software Installation/Upgrade Instructions · July 2010
Page F-1
Security Program
Security Program
Appendix F: Security Program
Security Program
At the SC3 window, type SECURITY and press Enter. Two blank, formatted, floppy disks
are required to store the two security keys.
Note: During the upgrade of version 3.4 or earlier to a PCI-compliant version, preform
Tranwipe procedure outlined in step
on
, before using the Security program and entering the new security keys.
For PCI requirements concerning the security/system keys and other security issues, refer to
MDE-4759 CFN III Payment Application Best Practices Implementation Requirements.
The site’s PCI administrator or their delegate must load the Security Keys. Security encrypts
the transactions as they are stored on the SC3 board set. Therefore transactions from all
versions of 3.4 or earlier cannot be restored into a PCI-complaint system. Transactions can be
restored (Tranback.Dta) from a version 3.6 system to a version 3.6 as long as the exact same
security keys are loaded.
Until new transaction are completed and stored the keys can be changed without issue. When
the security keys are changed any stored transactions encrypted with a different set of security
keys will be unusable, potentially causing site monetary losses. If the keys are changed and no
new transactions are run then the original keys can be restored and the stored transactions
recovered.
Security uses a two-key procedure, Master Key and Pass Key. If these two keys are not
properly loaded and stored the CFN III will not process credit cards with the bank host. The
system will continually post error messages until the two security keys are loaded and updated.
The security keys are the heart of the PCI-compliant system. Strong keys must be used and the
stored key information must be kept in a private secure location.