Re: mobile POS system

[Ellen Smout <esmout () UWO CA>]

Hi Mark

Does the POS device conform to the new standards?  The list of compliant
POS devices can be found at
https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html?mn=&dv=1&pv=

If you are speaking of wireless between the device and the base station
it is my understanding that this is the POS vendors responsibility and
that if it is on the above list there is compliance on this issue.

If this is something other than communications between a handheld unit
and the basestation then buyer beware and yes you will have to comply to
all the wireless references in the PCI Standards document.  Avoidance
might be simpler, safer and less costly.

It my understanding that the liability lies with the Merchant id, so if
you hold the merchant id you hold the risk, if you don't the risk can be
lessened but not unnecessarily disappear.

If for example you have a parking kiosk that is wireless (cellular) and
you do not hold the merchant id you are probably not liable by your
payment processor the holder of the parking kiosk vendor (holder of the
merchant id) is liable by their payment processor.  But good practice
would suggest that you encourage them to become compliant soon as it's
your backyard the kiosk is sitting in and your reputation may suffer as
a consequence of a breach.

Clear as mud with an evolving standard.

Ellen Smout


Mark Monroe wrote:
> Does anyone out there support mobile POS systems with PCI compliance? If
> so, what systems are you running, how do you handle the wireless
> networking, and what restrictions do you have on it?
>
> I have all of the official PCI guidelines, it just seems that wireless
> and pci do not really mix.
>
> Thank You,
>
> Mark Monroe

Attachment: esmout.vcf
Description: