Digital Dining - The Complete Restaurant Point of Sale & Restaurant Software Solution

This outline is intended to address Digital Dining's ability to assist the end user remain compliant with "Cardholder Information Security Program"(CISP). The majority of the requirements should be addressed with proper network security, which is not part of the Digital Dining application itself. However Digital Dining strives to help the end user be compliant where possible.

Using the PCI Data Security Standard as its framework, CISP provides the tools and measurements needed to protect against cardholder data exposure... The PCI Data Security Standard consists of twelve basic requirements

PCI Data Security Standard
Build and Maintain a Secure Network	Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data	Protect stored data Encrypt transmission of cardholder data and sensitive information across public networks
Maintain a Vulnerability Management Program	Use and regularly update anti-virus software Develop and maintain secure systems and applications
Implement Strong Access Control Measures	Restrict access to data by business need-to-know Assign a unique ID to each person with computer access Restrict physical access to cardholder data
Regularly Monitor and Test Networks	Track and monitor all access to network resources and cardholder data Regularly test security systems and processes
Maintain an Information Security Policy	Maintain a policy that addresses information security

(Source: http://usa.visa.com/merchants/risk_management/cisp_overview.html?it=c|/merchants/risk_management/ cisp.html|How%20to%20Comply#anchor_2 September 21, 2005)

For a detailed document outlining these standards, please use the following link:
https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf

The following requirements can be partially addressed through proper configuration and implementation of Digital Dining.

Digital Dining can be configured to automatically delete stored credit card data after cards have been processed. Using "History Maintenance", Digital Dining can be configured to automatically delete data at any specified number of days after "End Of Day processing", which cannot occur until credit cards have been processed for the day. This configuration can impact requirements seven and nine. Though requirement three above cites the need to "Protect Stored Data", using the auto delete functionality can dramatically reduce the amount of data stored, and so have an impact on that requirement as well. One of the best ways to protect data is not to store it.

Digital Dining does encrypt data sent to the processor, over the Internet, using SSL (Secure Socket Layer). This addresses requirement four in most cases.

Digital Dining has extensive password security that can be enabled for all function pertaining to credit card data. All printed credit card data is masked, showing only the last 4 digits of the card number. These functions can have an impact on requirements seven, nine, and ten.

In summation Digital Dining can help the end user address requirements four, seven, nine, and ten, and can reduce exposure that could be caused by failing to comply with requirement three. Please make sure that you review all procedures that are involved with network security, since this is the area that is most vulnerable and cannot be controlled through Digital Dining. With each upcoming version of Digital Dining we will do our best to include new features as new standards are introduced that will continue to reduce the end user's risk by protecting, removing, and never storing sensitive data.

Related Digital Dining Products

Bar/Quick Service
Counter/Quick Service
Handheld POS
Delivery
Table Management
Table Service
Back Office
Frequent Dining
Inventory
Gift Certificate
Reservations

Digital Dining is a Trademark of
Menusoft Systems Corporation
www.DigitalDining.com