beautypg.com

Appendix f: security program, Security program, Refer to – Gasboy CFN III V3.6 and Later User Manual

Page 73

background image

MDE-4739A CFN III PCI Secure Controller Software Installation/Upgrade Instructions · July 2010

Page F-1

Security Program

Security Program

Appendix F: Security Program

Security Program

At the SC3 window, type SECURITY and press Enter. Two blank, formatted, floppy disks
are required to store the two security keys.

Note: During the upgrade of version 3.4 or earlier to a PCI-compliant version, preform

Tranwipe procedure outlined in step

m

on

page 45

in

“Master Password and PCI

Security Setup”

, before using the Security program and entering the new security keys.

For PCI requirements concerning the security/system keys and other security issues, refer to
MDE-4759 CFN III Payment Application Best Practices Implementation Requirements.

The site’s PCI administrator or their delegate must load the Security Keys. Security encrypts
the transactions as they are stored on the SC3 board set. Therefore transactions from all
versions of 3.4 or earlier cannot be restored into a PCI-complaint system. Transactions can be
restored (Tranback.Dta) from a version 3.6 system to a version 3.6 as long as the exact same
security keys are loaded.

Until new transaction are completed and stored the keys can be changed without issue. When
the security keys are changed any stored transactions encrypted with a different set of security
keys will be unusable, potentially causing site monetary losses. If the keys are changed and no
new transactions are run then the original keys can be restored and the stored transactions
recovered.

Security uses a two-key procedure, Master Key and Pass Key. If these two keys are not
properly loaded and stored the CFN III will not process credit cards with the bank host. The
system will continually post error messages until the two security keys are loaded and updated.
The security keys are the heart of the PCI-compliant system. Strong keys must be used and the
stored key information must be kept in a private secure location.