|
|
|
|
|
|
by dogma1138
2993 days ago
|
|
|
Even on P2PE terminals the PoS is in scope of the PCI-DSS if not the PA-DSS certification (alright I’m not sure how any PoS vendor will fly without PA) as they do (or can) pass some CHD through it even if it’s not the card numbers or the track data. CHD under the PCI standards also covers PII card holder information which does reaches the PoS for handling refunds, managing promotions, club membership etc. Even vPOS applications like those tiny card readers that hook to an iPAD as the PoS do a lot of leg work despite of them being P2PE.
They check for root, they check for iOS version (security update) they check for proxy etc. That’s all part of the PA-DSS certification for the application developer. While it’s possible that a retailer who’s big enough so VISA can’t say we won’t gonna allow you to take payments with our cards, and the fines are smaller than the cost of adopting compliance to use these. I wouldn’t imagine any PoS vendor even going with that since it would essentially put them at huge risk from both the PCI standpoint and general reputation damage. As for certifying these there isn’t a single PA or PCI-DSS QSA out there that would accept ReactOS as a useable operating system because if something goes wrong the QSA is liable if they certified something they shouldn’t have. |
|
|
These are specifically marketed by banks as not requiring any certifications of the PoS.