PCI Compatibility


'The twentieth century criminal profile was said to rob banks because “that’s where the money is.” The same motivation in our digital age makes merchants the new target for financial fraud. Occasionally lax security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems. 

It’s a serious problem – more than 234 million records with sensitive information have been breached since January 2005, according to Privacy Rights As a merchant, you are at the center of payment card transactions so it is imperative that you use standard security procedures and technologies to thwart theft of cardholder data. 

Merchant-based vulnerabilities may appear almost anywhere in the card-processing ecosystem including point-of-sale devices; personal computers or servers; wireless hotspots or Web shopping applications; in paper-based storage systems; and unsecured transmission of cardholder data to service providers. Vulnerabilities may even extend to systems operated by service providers and acquirers, which are the financial institutions that initiate and maintain the relationships with merchants that accept payment cards.'

Source: PCI Security Standards organisation

So what does all this mean for you? It means that as a merchant you need to protect yourself and your customers from fraudulent activities by ensuring your systems are PCI compliant. Compliance with PCI security standards is important in the sense of providing protection for card holders and preventing harm being done to the business as aresult of potential problems as well as being compulsary.All our MICROS-Fidelio solutions including OPERA, Suite8, MICROS 3700 and 9700 are compliant with PCI security standards. Some of the common features of our products are as follows:

  • Customer credit card information is stored in the system after being encyrpted (with CC Mask and Triple–DES 128 bit).
  • Access to critical information i.e. user authorization is based on the “need to know” principle.
  • Users even if they have the authority cannot view credit card information.
  • Users who do not have passwords cannot access the system.
  • There cannot be 2 users with the same user name in the system. The user activities from all terminals are logged.
  • Access to the system including access and changes to personal information are logged.

*Payment Card Industry Data Security Standards (PCI DSS) are security standards set by Payment Card Industry (PCI) Security Standards Council established in 2004 for the purpose of securing credit card information used via POS, Internet and e-mail. 

This is where Protel can help. You may contact use to find out more about PCI compliance.

You can also access more detailed technical information on MICROS Information Security compliance by clicking here.