I pretty sure if your till system was on a secure network and computer correctly secured with anti virus etc you would be able to be PCI compliant.
Allot of the questions in PCI compiance forms seem to me to be specificly writen to sound more complex than they need to be to push people to pay external companies to do security checks etc on network.
The PCI compliance paperwork does not come from the back directly but from an approved third party like trust wave and although I’ve never checked I would guess that either they or a partner company who are reconmended provide a PCI compliance survey for a fee.
anyway rant over.
The hotel uses a web based booking system.
The booking system is PCI compliment.
Unless I’m missing something, how is a https form into which you type in a card number any different to a MSR reader which instantly posts the number via a secure API post to the provider/gateway?
A keystroke recording app would undermind both so so simply.
This is why one point on the PCI compliance was checking the PC for unauthorised devices/use.
On a seperate point on PCI it always tickles me how writing a card number on a peice of paper is so light heartedly accounted for. A small inn in town keeps a page per day diary behind the bar for the bookings for their 5 rooms, each booking has a card number writen in this diary to hold the booking so this book has potentially 1000’s of card numbers in it, but if you don’t electronically store you details the trust wave forms are like 2 pages vs 10’s if you store on computer with password on secure network etc.
Also, all the fuss some people make about ‘you don’t store my card number do you’ is absolutely pointless, they don’t realise that the merchant copy of a card terminal receipt has the full card number on it and the business has to keep that for a period of time as that is their proof/claim to that transaction. Can’t remember the time to keep but is at least 6 months…
Yepper; actually, all you really need is something like a Sonicwall with default settings, lol. All they run is a port scan. A/V and A/M also is required, but they have no way of checking that unless there’s a breach.
You’re right: It’s not any different at all! That’s why it’s so much simpler to use a third-party plugin (usually provided by the merchant)…let them worry about it; this way, you don’t have to change your software very much at all, and you have zero liability.
I completely agree with your ‘rant’, lol. I know this is a multinational project and thus the requirements vary elsewhere, but I could sell the crap out of V5 in the US if this plugin were in place. That’s why I’m ready and willing to help in any way I can, lol. I know this is a subject that’s been beaten to death, but I’d really like to engage in some meaningful dialogue to help make this a reality
You still have the process of taking the card details wether it be manually or by swipe.
This is why work is being done to intergrate gateway provided intergratable card machine with samba.
These machine achieve what your saying and it what the verdict has usually some down to.
I have a dev machine myself from a gateway provider but not had chance to work on it.
You probably can’t see the discussions as in beta section but there are two experienced samba regulars working with the latest custom device creation method demoed by emre in beta category.
These type of machines are stand alone and all samba does is tell it the amount and wait for the responce be it approved or denied.
The issue to date is samba has API abilities to post data in a few ways but it expects a direct responce.
These machines return multiple responses, enter pin, processing, approved for example but we at that point had no way to monitor the responses in the protocol these machines use.
They show in device manager as USB/serial and samba can listed to serial however the gateway provides drivers/utility which use the com port and you must communicate with the utility/driver.
The custom device option has hopefully opened the possibility to intergrate with this type of machine.
I think the two users currently discussing this are making good progress and should hopefully lead to a card intergration using this type of device.
This would not open is up for running a tab which automatically charges after leaving as it requires customer input and that type of setup will require more user config and I doubt emre will push to do that option because of PCI implications but these stand alone linked machines are ideal as you have no interaction with the card details etc and literally just tell it the amount and it tells you when approved.
No PCI to worry about - perfect
Am just about fedup with this, I never claimed to be a PCI compiance expert.
One of the key points which you failed to quote is I said that a HTTP form CAN BE INTERCEPTED by a ‘man in the middle’ something as simple as a kleystroke logger will grab the detail wether its a http, https SSL or whatever form or an API.
How do you think the card details get into the form? magic? you type them in.
Who said these details wernt a bit deal? My point was that there is nothing in the mag swipe which isnt on the card itself… its not like there is a magic number on there that takes all there money.
My point was that the same principles apply wether its pin, swipe or normal card machine, they all use the same info.
If you know better offer a solution rather than just jibbing about how it isnt already a feature.
As already stated a solution for intergrating card terminal is being worked on.
But as with all the other comments you completly ignore the points which matter and fixsate on things which youdont like the replies to.
PS stop making new accounts, your clearly the same person with the same mindset.
The verdict is IF SAMABPOS DOESNT FIT YOUR REQUIREMENTS - DONT USE IT
You have already said there are 100’s of other softwares offering card intergration, if thats the case why are you here giving stick. IF ITS SOMETHING YOU NEED RIGHT NOW - GO USE ONE OF THOSE SOFTWARES… as has been said several times by several people SAMBAPOS DOES NOT CURENTLY HAVE A SOLUTION FOR CARD PROCESSING INTERGRATION
Your questions have been answered between myself and several of the other forum regulars.
If our answers are not to your liking so be it but you very clearly are not interested in the answers just looking for an arguement and I for one am not interested in explaining to you over and over that it is not a feature yet but a solution is being worked on.
Haha… @JTRTech I was wondering how long you’ll be able to stay cool
I don’t know what @Danial expected to happen here but I’m glad @us3598 joined the discussion. Solving it will be a lot simpler as more people joins to discussion with the intention of helping us to deliver a solution.
Our community always supports open discussions. Anyone can freely express their thoughts and we believe every serious business should do that. That tone may frustrate people like me but I learned to stay calm and wait until it starts creating a benefit for community. So @JTRTech and @Jesse thank you very much for supporting that and keeping it useful.
@us3598 payment processors implemented to act like plugins that moderates a payment process. We’re discussing such integration stuff under beta group and I hope we’ll release something working to public soon. I’ll ask admins to add you to beta group so you can track our progress under “SambaPOS Integration Points” topic and share your ideas there.
After that point I don’t think that topic will stay constructive so I’m locking it. If you think we should discuss it further you can create a separate topic.
