Keystroke Software contains features that allow a merchant to become PCI Compliant. The Keystroke Software is just one of many items needed to
achieve PCI Compliance.
Some of these features include:
Auditing:
In order to meet PCI-DSS requirements, the following Audit Parameters are always turned on (and cannot be turned off): "File Packed", "File Backed Up/Restored", "Clerk Log In or Out", Password Changed or Failed", "Payment Processing", and "Administrative Functions".
Clerk Passwords:
For purposes of enforcing PCI Compliant Passwords, a clerk is considered an Administrator if their security level number is equal to or less than the security level number assigned to any of the following functions:
Edit Clerks
Add Clerks
Change Parameters
File Maintenance
Edit Security Levels
Other Password Information:
If the clerk is an Administrator, then the clerk's password must meet the PCI requirements to include at least 7 characters, at least 1 number (or symbol) and 1 letter. Also, the password's duration must be 90 days (or less), after which it expires.
If the clerk is an Administrator, then the new password must be different than the last 4 passwords already used by that clerk.
The password field now displays the password as the maximum number of masked characters no matter how long the actual password is (except if there is no password, then the field will be blank). When editing a clerk database record, any change to the password will now be checked to make sure it meets the minimum requirements.
The password field itself cannot be edited, even by an Administrator. The entire password must be reentered if it needs to be changed.
Adding New Clerks - If the new Clerk is an Administrator, then the password will automatically be set as expired. As a result, Keystroke then requires that the Clerk enter a new password when first accessing the system.
Auto Logout Time:
Keystroke checks any changes made to the "Screen Saver Time" (max is 15 minutes), "Enter Clerk On Screen Saver" (should be ON), "Password Max Attempts (1 to 6) settings. If a change violates the PCI-DSS, Keystroke displays a warning message and states what the setting should be.
Purge Credit Card Data:
This process occurs during a data files conversion process from data prior to v6.30. If any payment appears to be holding credit card account numbers, Keystroke permanently masks ("Purges") the payment's Reference and Expiration Date fields. If a payment type has the "Parse Reference" parameter turned ON or has an Authorization Method that processes payment cards, then it will be marked as one that needs to be purged. Before the purge process starts, Keystroke first displays messages stating what it is about to do and allows this step do be skipped. Choosing to skip the purge process prompts the display of warning messages stating that these steps need to be completed in order to comply with PCI requirements.
PCI Security Council https://www.pcisecuritystandards.org/:
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council's mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.