ARLINGTON, Texas -- The Pinnacle Corp. said that Pinnacle Palm POS v9.2 has passed the PCI Compliance Audit performed by Coalfire Systems (Coalfire), a Visa approved independent quality service assessor.
During the past three years, Pinnacle has invested in continual security improvements to Palm POS as compliance standards have continued to evolve and become more stringent. Palm POS now meets and exceeds the current Payment Card Industry (PCI) Data Security Standards (DSS) requirements.
PCI DSS is required of all merchants and [image-nocss] service providers that store, process, or transmit credit/debit cardholder data. Intended to protect cardholder data wherever it resides, PCI security requirements are a high bar to meet and will become more complex as threats escalate. Adherence to the PCI digital dozen requirements has become a top priority for retailers. Failure to achieve PCI compliance by predetermined deadlines can result in significant retailer penalties as high as $25,000 per month; fines for a compromise as much as $500,000 per incident.
PCI has become a critical aspect of our industry and there is no room for failure, said Drew Mize, vice president of retail solutions at Pinnacle. As an automation solutions provider in this space, it is imperative that we ensure Palm POS and associated solutions protect retailers from compromise and sensitive cardholder data from falling into criminal handsthis milestone does just that. Our partnership with Coalfire Systems ensures that we have the proper credentials and support from Visa and the other card brands as relates to PCI standards.
Pinnacle also announced that it has entered into a partnership with Coalfire Systems, offering a full-service suite of PCI auditing including reports on compliance, network scans, PABP validation and annual self-assessment guidance to retailers. Based upon Coalfire's experience working with Pinnacle and their extensive knowledge of Pinnacle's Palm POS and its security features, Pinnacle retailers now have a knowledgeable and invaluable resource for PCI and PABP compliance validation. Working together, Pinnacle and Coalfire will provide retailers with an operating environment that is both efficient and secure.
Coalfire Systems' data security and PCI capabilities combined with Pinnacle's POS and automation software expertise will allow retailers to know exactly what they must do to be compliant and how to get there, said Alan Ferguson, vice president of Coalfire.
Working with Coalfire Systems, Pinnacle has added the following security features to Palm POS to finalize the remaining pieces needed to achieve compliance with the PCI standards:
Implemented strong encryption featuring AES 256-bit encryption to ensure card data safety. Strong password management including unique passwords for installers and help desk technicians. Two-factor authentication for remote access and software downloads. Password protection software to lock down access to OS level functions, desktop, data, and other applications. No storage of post-authorization account numbers, PIN or CVV numbers. Works with other security software vendors that specialize in tracking remote access activity.As the industry anticipates ongoing enhancements to the already-astringent PCI Data Security Standards, Pinnacle will continue to work in concert with Coalfire to stay current on all changes to the PCI Standards and other mandates from the PCI Security Standards Council, it said.
Arlington, Texas-based Pinnacle serves the automation technology industry and focuses on the convenience store and petroleum industries. It delivers products that automate the broad spectrum of c-store operations and supply chain management of fuel operations.
Exclusively an IT governance and IT management firm, Seattle-based Coalfire has completed more than 1,500 IT risk management projects for commercial and government organizations to achieve regulatory compliance under an effective, balanced IT governance program, it said. Since 2002, Coalfire has been an auditor for Visa's Cardholder Information Security Program (CISP) and, since its inception, the PCI standard. Coalfire provides onsite PCI assessment and compliance services to merchants, service providers, processors and application developers in the United States, Canada, the Caribbean, Latin America and Europe. And it serves on a committee sponsored by the U.S. Secret Service and hosted by the Federal Bureau of Investigation (FBI) charged with establishing metrics for loss due to cybercrime.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.