Welcome to the POS Log
Welcome to my first Blog ! As the Solution Principal at SAP for Store Solutions, I have the privilege of working with leading retailers, and hearing first hand what is on their minds. This “POS LOG” is intended to connect our community of retailers and similar businesses together with SAP. As always, your feedback is welcome, so please drop me a note or comment on the blog.
SAP POS User Group
In February 2009, a group of retailers that use SAP software in their stores had a first meeting at Beall’s Inc. headquarters in sunny Florida. Long-time and new customers got together with the support of Beall’s CIO Joe Iannello and his team.
Attendees from store systems or store operations represented several companies based in the USA and Canada. SAP Retail team members were also invited to attend.
The goal of this group is to develop a sense of community among SAP’s POS customers; to understand and provide input into the product direction; and to facilitate communication and understanding of SAP’s POS product capabilities.
The agenda included formation of the group and how it will operate, and then solution-related topics. One retailer shared a little history of their implementation and recent upgrade, as well as an overview of their beautiful new stores. SAP solution managers shared information on the product roadmap, recent updates on Payment Card Industry Data Security Standards (PCI DSS), and homework included a fun exercise of submitting new product suggestions.
If you are interested in connecting up with the SAP POS User Group, drop me a note, and I will introduce you to Joe Iannello, the Chair.
Payment Card Industry Data Security Standards – PCI DSS
Retailers and other businesses that handle large volumes of credit card transactions have a mandate to become compliant with the Payment Card Industry Data Security Standards. PCI DSS as its known impacts all point-of-sale (POS) and similar transactional systems. A little over 4 years ago, the major credit card companies raised the bar on information security to protect credit card data.
Effective October 2008, the torch has been passed from VISA CISP to the newly formed PCI Security Standards Council. Each of those 2 web sites provides good advice on security, standards, certification, and lists application software that meets the security standards. Going forward, the PCI SSC will be the maintainer of the standards and also has a list of PA DSS validated payment applications. Visa has the previous list of PABP validated applications. My understanding is the PCI SSC list will be the standard going forward.
Have you found the terminology a bit confusing? If so, I’ll attempt to sort it out:
- PCI DSS = Payment Card Industry Data Security Standards. A set of 12 items that the retailer needs to cover, ranging from anti-virus to information security policy. A retailer needs to go through an audit process to assure their payment processor and the card companies that they are compliant with these practices. Note that an application cannot be PCI DSS compliant – but a retailer can be.
- PCI SSC = Payment Card Industry Security Standards Council. This is the independent organization that is responsible for PCI DSS.
- PABP = Payment Application Best Practices. Application software that was validated prior to the new October 2008 standards would be listed as compliant with PABP 1.4 or earlier releases. The current release SAP Point of Sale meets the latest PABP standard. Not all vendors have met that standard. It’s your assurance that a third party auditor has reviewed the application.
- PA DSS = Payment Application Data Security Standards. This is the new application validation practice, under the PCI DSS. An application that meets PA DSS can be used by retailers to meet PCI DSS if they implement the other PCI DSS requirements. Like PABP, the software is subjected to third party audit. The current SAP Enterprise POS received a PASS, and hopefully the PCI SSC will update their website soon.
Learning more on PCI DSS
Several SAP applications are validated to the new standards. Our professional services team can help you turn on the capabilities of the solutions, and our partners have solutions that may help. For our customers, we provide a security guide for the applications to help you with best practices, and our services partners can help you satisfy your auditor.
Our solution experts scheduled a webinar for POS User Group members on the topic and its implications. If you have questions about PCI, feel free to reach out to me, and I can connect you to the right resources.