Sage MAS 90 & MAS 200 ERP Software News & Tips
New PCI-DSS Requirements for Handling Credit Cards are Effective July 1

What are PCI-DSS requirements? And what do they mean for you?

If you process credit cards you must comply with these new requirements by July 1, 2010. The new standards may stop you from accepting credit cards.

Within 90 days, requirements established by the five major credit card networks will affect many businesses' ability to accept credit cards. Referred to as the Payment Card Industry Data Security Standards (PCI-DSS), they impose new requirements for merchants to follow, and may apply to your company.

These requirements for merchants involve configuring their IT and payment-processing environments. If your company stores, processes, or transmits card holder data you may be subject to these requirements and must comply by July 1, 2010.

The standards require that merchants:

1. Build and maintain a secure network: Install and maintain a firewall and use unique, high-security passwords with special care to replace default passwords.
2. Protect cardholder data: Whenever possible, cardholder data must not be stored. You must also encrypt any data passed across public networks, including your shopping cart and web-hosting providers.
3. Maintain a vulnerability management program: Use anti-virus and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure the applications you use are compliant.
4. Implement strong access control measures: Access to cardholder data – both electronic and physical – should be on a "need-to-know" basis. Ensure those people with access have a unique ID and password. Do not share logon information.
5. Regularly monitor and test networks: Track and monitor all access to networks and cardholder data. Ensure you have a regular testing schedule for security systems and processes including firewalls, patches and anti-virus.
6. Maintain an information security policy: It’s critical that your organization has a resource for governing your company’s data security. Ensure you have a policy and that it’s disseminated and updated regularly.

See the PCI Frequently Asked Questions (PDF) or PCI for Dummies (PDF) for more information.

Good news for Sage MAS 90 and 200 ERP and Sage MAS 90 and 200 Extended Enterprise Suite (EES) customers
Sage MAS 90 and 200 v4.30.0.18 as well as EES 1.3 using 4.30.0.18 and 4.40.0.1 including EES 1.4 using 4.40.0.1 are in the process of being certified as compliant with PA-DSS.

See the PA-DSS Implementation Guide for Sage MAS 90 and 200 ERP (PDF) for details about the changes.

Also important: Sage Payment Solutions is a Level 1 service credit card processing service provider that is in compliance with PCI-DSS.

If you don’t already own Sage Payment Solutions, Sage has extended their special pricing.

Extended! All Customers: Get a free Credit Card Processing module ($1,100 value) with enrollment in Sage Payment Solutions
In today's economy, it is crucial for businesses to take measures to improve and promote healthy cash flow. Sage MAS 90 and 200 customers who enroll in Sage Payment Solutions will be eligible to have the cost of the Credit Card Processing module waived - a savings of $1,100!

* Valid proof of enrollment in Sage Payment Solutions is required. Regular maintenance applies. This offer does not apply to Sage maintenance or support fees and cannot be combined with any other product offer. To take advantage of this offer, customers must have a current Sage Maintenance Plan. All eligibility is subject to approval.

Contact Integrated Computer Systems Support at 425-820-6120 if you want more information about Sage Payment Solutions or upgrading your MAS 90 to include the PCI-DSS requirements.