PCI Tools

PCI requirements address security issues related to the protection of sensitive account holder data. Protection is more than just data encryption or masking. If your company is privately held or too small to trigger the PCI watchdogs, there are still important issues to consider. The following software applications were developed to address the concerns PCI introduced.

StoreGazer

• 4690/TCx Sky Installed Software Level Reporting: StoreGazer’s nightly census retrieves information from the 4690/TCx Sky’s product control files and stores it in the database.  The version and change level of each software product is reported to make sure that the correct software is installed in the stores.
• 4690/TCx Sky Stolen Pin Pad Report: StoreGazer uses the event recording technology to report the removal or change of any pin pad on the 4690/TCx Sky system.  Security can be instantly notified via email or a page that this activity has occurred and needs to be investigated.
• Centralized 4690/TCx Sky Operator Password Solution: StoreGazer allows the retailer to manage user ids, passwords and permissions on the 4690/TCx Sky store controller for the operating system and sales application from a central site for one or more stores simultaneously.  Users can be added or deleted in one operation.
• 4690/TCx Sky Complex Password Support: StoreGazer supports both the standard 4690/TCx Sky passwords and the enhanced security or complex passwords available in the Toshiba 4690 OS Version 5.2 and later.
• 4690/TCx Sky Controller Command Line Logging Reporting: StoreGazer takes advantage of the Toshiba security feature for command line logging on the store controller.  COPS retrieves this information and stores it in the central database so that reports can be generated on operator activity using the command line interface.
• 4690/TCx Sky File Change Detection Reporting: StoreGazer compares a user supplied list of critical files against a “golden master” copy of the files to make sure that the file date, file size and CRC code all match.  Any files that do not match are flagged in the database for reporting to the security department.
• 4690/TCx Sky User Activity Tracking: StoreGazer tracks users on the 4690/TCx Sky store controller when they log on and log off the store controller.  It also reports when the user executes the Dredix program or the file change program including the file name.  The activity is reported in an audit log format with the timestamp of the activity.
• 4690/TCx Sky User ID Change Reporting: StoreGazer tracks changes to user ids, passwords and permissions on the 4690/TCx Sky store controller.  The headquarters user is alerted when a store level password is going to expire in the next week.  Change activity is captured in an audit log.
• 4690/TCx Sky  Telnet / FTP / Secure FTP Tracking: StoreGazer tracks all 4690/TCx Sky Telnet / FTP and Secure FTP activities on the store controller.  Even attempted log ins by unidentified or unauthorized users are captured along with the TCP/IP address so that security can analyze where the intrusions are originating.

EDJCrypt

• Encryption and Decryption modules: EDJCrypt modules support AES, Triple-DES, and Blowfish encryption algorithms in both 4690/TCx Sky CBasic and C++.  Protect sensitive data in transaction logs and electronic journals.
• 4690/TCx Sky Protected Key Management: EDJCrypt KeyManager functions create encryption keys on a secure server at the head office.  The encrypted keys are stored in a key set that is internally encrypted.  The 4690/TCx Sky KeyAgent supplies keys to the EDJCrypt modules upon request.

Signoff Sentry

• Automatically Sign Off Terminal, Controller, and Telnet Sessions:
  The Signoff Sentry application consists of a single executable program for the 4690/TCx Sky OS which will sign off or disconnect a user’s session automatically after a period of inactivity or a specific time each day. Configurable options are available for terminals, controllers, and telnet sessions.