3.0 KEK Changes

We have made a few changes related to PA-DSS / PABP with 3.0 at the recommendation of our credit card auditors:

1. Passwords expire at 90 days or less. The ability to set the window higher has been removed. I think the credit card companies discovered that even though everyone stated to set this to no more than 90 days, it was typically set to 365-999.

2. KEK viewing on reset, Manual KEK is gone. There is really no need for showing the KEK to the end user or ever keying it in. The only time this was ever needed was to recover a partial batch that was not sent before the HASP key was lost. Credit card companies all store the auth card numbers / expiration dates and will send them to the merchant in the event the current batch is lost... so no real need to manually input the KEK but the risk could be quite high if the KEK was somehow stored with the data.

3. Windows File Sharing support is being removed. While it is not 100% gone for the Terminal or Management Console applications, it has been removed for Handheld and Micros CE. Also, certain features like redundancy, status notifications, and file integrity monitoring only work when using onePOS socket communications.

4. File Integrity Monitoring, including watching the data, exes, and journals folders for unknown files, dropped in files, files changed via Windows File Sharing. A new report, Reports - Electronic Payments - System Integrity, has been created to view any such issues as well as having the last issue display on the Management Console screen. You will need to remove all files from the exes, data, and journals folder that should not be there (backups of merchandise files, journal files, businfos, etc).

5. Full logging of manager activity. We now log all manager activity along with more details on the activity. A new report, Reports - Transactions - Manager Activity, has been created to view the activity.

We will be releasing 3.0.00 on Friday July 30.