The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around cardholder data to reduce credit card fraud via its exposure. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes. The security options in the IDPMS setting are enabled by default and cannot be switched off.
The Security setting can be found in the IDPMS settings. The values
are populated automatically and set to the PA DSS required values. Although
the values can be changed to a higher or lower value, IDPMS will set them
back to the default values if they exceed the minimum or maximum value
for the specific settings.
For example: Auto logout time can be set to a lower value but not to a
higher value as 900 seconds, as this is the maximum idle time allowed
by the PA DSS standards. So if a user is not using IDPMS actively for
15 minutes he/she is logged out automatically
To access Option Security, go to Settings > Option > Security:
Minimum password length - The
minimum password length can be set here. The minimum number of characters
is 7.
Maximum password days - Maximum
days after the user password expires and must be renewed.
Check password history - Number
of password changes before a previous password can be re-used.
Maximum login attempts - Maximum
number of login attempts before the user is locked out.
Lock out time - The time between
last unsuccessful login and user being locked out and the time the user
login/name is activated/available again. For example: User has attempted
to login with incorrect password. After x unsuccessful attempts the user
account will be disabled for the time defined in this setting.
Auto lock time - IDPMS will automatically lock any user after a period of system inactivity. The maximum time for the system idle is 15 minutes in PCI DSS environments.
Max Account Inactive days - Maximum number of days a user name can remain unused. After this period the user account is automatically deactivated. Deactivated users can only be reactivated by an IDPMS user with sufficient rights.
Purge credit card data days - All credit card data in guest profiles, reservations and log files is automatically erased/purged after the number of days configured relative to the last depart date.
Enable windows event log - If enabled, events will be stored in the Windows event log.
Hide Disabled Menu items - Each User in IDPMS is linked to a User Group and depending on the User Group, certain menu items are not accessible (disabled) as designated by the system administrator. If this box is checked, these menu items will not appear. If it is not checked, the menu items will be visible but will be greyed out and not accessible.
Disable guest credit card field - If enabled, credit card fields no longer show in the Guest profile, to prevent credit card data from being stored in the profile.