pa-dss | Schulz Consulting

What Versions Of PC Charge Are PA-DSS Compatible For Use With MAS 90 or MAS 200

June 28, 2010 by Wayne Schulz

Apparently there’s some confusion over exactly which versions of the Verisign PC Charge software is compatible with Sage MAS 90 and MAS 200.

Erika Jelovsek, SR Product Manager at Sage Software has this update which was just posted on the MAS 90 LinkedIn Group:

There has been a bit of confusion regarding this topic lately, in part fed by a recent communication from Wells Fargo credit card services to PC Charge customers. Sage and VeriFone (the providers of PC Charge) have been working together to help clear the confusion, and this post is part of that clarification effort.

Version 5.8.3 of PC Charge IS MOST DEFINITELY certified as compliant by the PCI Council, and I have a copy of a letter sent to VeriFone from the PCI Council that verifies this. In fact, because 5.8.3 is compliant is why that version was selected by the MAS team to be autoshipped to our Sage ERP MAS 90 and 200 customers with their version 4.4 shipments.

At this point I do not know if Wells Fargo will be sending a corrected communication to PC Charge customers, although VeriFone has requested that they do so. Meanwhile, version 5.9.1 is currently undergoing quality assurance compatibility testing with the MAS team, and, as always, once it has been verified as compatible, the Compatibility Matrix will be updated to reflect that change in status. However, there is no need to rush to upgrade to that version at this time because version 5.8.3 is PCI Compliant.

There have been some questions about the difference between PABP 1.4 certification and PA-DSS 1.2 certification as stated on the PCI Council’s website. As I understand it, PABP is the certification standard used prior to PA-DSS. As such, it has an Expiry Date in December of 2010, making it acceptable for new deployments until that time. So, versions 5.8.1 and 5.8.2 of PC Charge are also still acceptable for use until the expiry date.

Sage Posts Updated PA-DSS Credit Card Implementation Guide for MAS 90 & MAS 200

March 30, 2010 by Wayne Schulz

Sage has just updated their 27 page PA-DSS Credit Card Processing Guide. As scheduled, Sage released updates to version 4.3 and 4.4 of Sage MAS 90 and MAS 200 which bring both products up to compliance when the rules in their guide are followed.

From the guide:

The purpose of this PA-DSS Implementation Guide is to instruct merchants, resellers and integrators on how to implement Sage MAS 90 and 200 ERP and Sage MAS 90 and 200 Extended Enterprise Suite into their environment in a PA-DSS compliant manner. It is not intended to be a complete installation guide. The software, if installed according to the guidelines documented here, should facilitate and support a merchant’s PCI compliance. This guide applies to Sage MAS 90 and 200 ERP and Sage MAS 90 and 200 Extended Enterprise Suite as released by Sage. Any modifications to the application, for example Customizer, Web Services, Extended Solutions and other Master Developer enhancements, must be reviewed to determine their impact to the PA-DSS requirements.

The Payment Application Data Security Standard (PA-DSS) is a set of security standards that were created by the PCI SSC to guide payment application vendors to implement secure payment applications.

Implementation Guide_MAS90v43018__44001.pdf

PA-DSS Guide for MAS90 & MAS200 Credit Card Processing

February 7, 2010 by Wayne Schulz

Payment Application Data Security Standard – aka PA-DSS is a set of security standards created by the PCI SSC to guide payment application vendors with implementing secure payment applications.

This PA-DSS Implementation Guide follows PA-DSS version 1.2 and PCI DSS version 1.2. It is not a complete “how to” nor does it cover each and every situation for every company setup. Check with your merchant/processor for any special instructions.

This guide my be updated from time to time — and security regulations also periodically change. Please check with your processor and review all relevant regulations. While we strive to keep all information current – we disclaim all responsibility for updating this information. You are advised to check with your processor and not rely solely on this document.

The Sage guide for PA-DSS and PCI DSS setup covers Sage MAS 90 & MAS 200 Versions 4.30.18 and 4.40.1

– Secure deletion of sensitive data and protection of stored cardholder data
– Password and account settings
– Logging
– Wireless networks
– Network segmentation
– Secure remote updates
– Remote access
– Encrypting network traffic

View the full guide (as authored by Sage on January 28, 2010) at the link below:

Warning: Always check for updated regulations that may pertain to your company. Use the below Sage document as a tool and not a “how to”. We advise you to always consult with your payment processor for final rules and regulations. Schulz Consulting is not the author of the document below and we are not responsible for results you may encounter from using Sage’s guide.

Update – Erika Jelovsek, Product Manager for Sage MAS provides this feedback over on the MAS90 LinkedIn Discussion Forum:

This Implementation Guide was posted as part of the Sage PA-DSS audit that is currently underway for Sage MAS 90 and 200. It is important to note that the only versions of Sage MAS 90 and 200 that will be submitted for the audit will be 4.30.0.18 and 4.40.0.1. These versions (Product Updates 18 and 1 respectively) will be released in late March 2010. Stay tuned forinformation to be posted on Sage sites and sent in the partner and customer newsletters in the next few weeks. I encourage all Sage MAS 90 and 200 partners to download the Guide from the Sage site and begin to review it.

Implementation_Guide_MAS90v430018_44001.pdf – for Sage MAS 90 & MAS 200 v4.30.18 and 4.40.1 (January 28, 2010)

Contact Us