Payment Card Industry (PCI) compliance
The Payment Card Industry (PCI) has developed the Payment Application Data Security Standard (PA–DSS) program to assist software vendors in creating secure payment applications. This program helps ensure compliance of the software solution with the PCI Data Security Standards (DSS). The policies and guidelines in the program help maintain a secure retail Point-of-Sale environment.
The Advanced Store solution supports requirements for the retailer’s organization to remain compliant with the PCI DSS. NCR recommends for retailers to follow their corporate security guidelines to meet and maintain their business needs. For more information about the PCI DSS and PCI PA–DSS, refer to the official documentation at www.pcisecuritystandards.org.
System password policy
The Advanced Store solution provides secure authentication features using strong passwords. This feature includes rules in the system to control the password settings such as the password strength, maintenance of password history, and password aging.
The passwords across the AS solution conforms to the following password rules. The values for these rules can be configured. For more information, refer to Associate.
| Password Rules | Default Value |
|---|---|
| Number of new passwords before a password can be reused | Four (4) |
| Minimum number of characters required in a password Note
This rule includes the upper and lower case characters, numeric digits, and special characters. | Seven (7) |
| Minimum number of alphabet letters required in a password | One (1) |
| Minimum number of numeric digits required in a password | One (1) |
| Minimum number of lowercase letters required in a password | One (1) |
| Minimum number of uppercase letters required in a password | One (1) |
| Minimum number of non–alphanumeric characters required in a password | One (1) |
| Number of days before password expires | Ninety (90) |
| Number of successive failed login attempts before being locked out | Six (6) |
| Number of minutes an associate remains locked out | Thirty (30) |
Passwords across the AS solution can have a maximum length of 127 characters, in line with Active Directory password settings. Passwords may also contain Basic Latin Unicode® characters and special characters available on the POS application keyboard, including spaces.
The POS application does support these special characters: ~`|.
Encryption protocol compliance
The Advanced Store solution supports the Transport Layer Security (TLS) 1.2 requirement. This protocol provides enhanced security encryption for protecting payment data. NCR recommends for retailers to apply the TLS requirement on all the servers and terminals across the enterprise.
Federal Information Processing Standards (FIPS) compliance
The Advanced Store solution uses FIPS compliant algorithms. NCR recommends for retailers to apply these guidelines on all the servers and terminals across the enterprise.
