I just took over as GM at a pizza place here in Marinette, and we have Revention (running windows XP) and am running into trouble with the fact that the POS is <6 years old, but EOL and out of warranty with Revention, and am trying to figure out an easier solution than the owner shelling out 20+k for POS systems, when an oven or other updates would be far better for the business.
Anybody familiar at all with utilizing a different CC processor that IS pci compliant, with still having an older OS to run seamless credit cards within the point of sale vs an external machine?
Windows XP is no longer supported by Microsoft so there are no more security updates taking it out of PCI compliance. Unfortunately your only options to get compliant are to use a separate stand alone machine or upgrade your operating system. I cannot speak for your POS software so I would recommend talking to them to make sure the version of the POS is compliant. If you do have to upgrade you should make sure to be able to accept the chip (EMV). Feel free to contact me if you have any further questions.
To start with you “should” only have to upgrade the server to become PCI compliant again. That is the only system that actually runs the CC manager software. The rest of the systems just send the info to the server. If you plan on staying with Revention tho, i would recommend upgrading all your stations one at a time.
Revention has recently decided to drop PC support and only support all in ones. So the cost will be about 2k per station. It sounds like your shop isn’t to big, so i would just budget over the course of a year to replace each station every few months.
Most of the pizza places I work with also do carryout and have dine in available. If you swipe a card that has a chip then the liability is on you for a fraudulent transaction. Unfortunately the banks are in control, just trying to shift liability to the merchant.
In regards to just upgrading the server from XP. That will not make you PCI compliant. The entire network needs to be secure.
Revention essentially forced me to go with external machines about 8 months ago. They said they were completely dropping the ability to use the actual POS system for credit card transactions. My guess was they are too lazy/shitty to update their actual software to be compliant so they just decided to remove themselves from the equation all together. The upside I suppose is that now regardless of how shitty their software is or what operating system I am running, my store is somewhat “compliant” because the transaction data never touch the system. Well, other than arbitrary information like ticket number/amount and auth/decline codes of course.
Naturally keep in mind these machines still communicate over the network, and although they are using encryption and in theory somewhat segregated from the point of sales system they are still hackable (as we’ve seen - Target, Home Depot, Etc.) regardless of the point of sales system or operating system you are using, so having your network in compliance is still important.
All that said, running windows XP on a machine that is connected to any kind of network is a terrible idea. There are way way WAY too many vulnerabilities out there that will never be patched due to EOL and more coming every day (wannacry anyone?).
Not caring about being compliant or calling it ‘bullshit’ might be a bad idea. I’m not saying I love the concept by any means, because I don’t, but I know that I’ve been screwed in every way possible in this damn business, even when I think i’ve protected myself to the limit and if anyone has the upper hand, they will use it. I just try to give them the least chances to do so.