CP 7.5.18 – New Features – System Area
Here are the latest System related features for CP 7.5.18.
Of note: the PCI DSS Compliance settings were also introduced in the CP 7.5.17 – June 29 Service Pack.
1. Windows 7 Support – (32-bit only)
Microsoft Windows 7 is a supported operating system for use with CounterPoint V7.5.18.
NOTE: CounterPoint can be only be used in a 32-bit Windows 7 environment; 64-bit environments are not supported.
2. PCI DSS-compliant passwords required.
In previous versions, the use of passwords was optional, allowing merchants to decide whether to require users to enter passwords to log in to CounterPoint.
In this version, the use of PCI DSS-compliant passwords is no longer optional. All users must log in to CounterPoint with a unique password that meets the minimum PCI DSS requirements for password length and complexity (i.e., passwords must include a combination of letters and numbers).
Other password settings, including the number of days passwords are valid, the number of unique passwords each user must create before re-using a particular password, and the number of unsuccessful login attempts allowed before a user is locked out of CounterPoint—must also meet minimum PCI DSS requirements.
NOTE: If you are updating to V7.5.18 and you already require passwords that meet the minimum PCI DSS requirements, no further action is necessary. If you are updating to V7.5.18 and you do not require passwords or your password settings do not meet minimum PCI DSS requirements, you will need to take additional steps after updating to V7.5.18. These steps will be required before users can continue using the software in a normal mode.
3. Automatic tracking of login attempts.
Previously, if you were using passwords, you could configure CounterPoint to record login attempts for each user.
In this version, to ensure compliance with PCI DSS requirements, tracking login attempts is no longer optional. All login attempts are automatically recorded in the SECURITY.LOG file in the top-level CounterPoint directory (e.g., C:\SYN, or C:\SYNSHARE\SYN on the server).
3. Disabling the transmission of encrypted credit card numbers.
In CounterPoint V7.5.17, Multi-Site transmission files did not automatically include credit card numbers. However, if your Satellites communicate with your Hub via a VPN, you could choose to transmit encrypted card numbers by selecting Yes from the Xmit card info ? field in "Setup/Multi-Site/Control".
In this version, to further protect sensitive cardholder information, you no longer have the option of transmitting encrypted card number in Multi-Site transmission files under any circumstances. The "Xmit card info ?" field has been removed from "Setup/Multi-Site/Control". This means that Credit Card information is now force to be site specific.
4. Viewing full card numbers in ticket history no longer allowed.
In previous versions, authorized users could view full, unencrypted credit card numbers in ticket history. Each time a user viewed an unencrypted card number in ticket history, the activity was logged to the
SECURITY.LOG file, providing an audit trail.
In this version, to further protect sensitive cardholder information, CounterPoint no longer allows any user to view full, unencrypted credit card numbers in ticket history. In addition, the "View credit card
numbers ?" setting that authorized a user to view unencrypted card numbers has been removed from "Setup/System/Users".
5. PCI DSS-compliant activity logging.
To satisfy PCI DSS requirements, CounterPoint now automatically logs the following activity in the SECURITY.LOG file in the top-level CounterPoint directory:
– Access to sensitive cardholder data outside of an active transaction
– Changes to user records (e.g., creation, deletion, security authorization changes, password reset, account lock and/or disable)
– Changes to "Setup/Draft capture" settings
– Creation or deletion of store records
6. Renumber users utility.
CounterPoint now includes a Renumber users utility, which allows you to change the User ID values for a group of users by specifying the Old user ID and New user ID for each user record you want to update.
This utility also updates the User ID values in all associated documents and historical transactions, as well.
Contact CCS Support to arrange for help in upgrading to this release, to get the benefits of these new features.