The port that the core listens on for status messages from Ocius Sentinel. The name that Ocius Sentinel is to use for the report file. The folder where Ocius Sentinel is to place the report file. This can be modified in the Ocius Sentinel application, and if so, the name used must be entered here. The name that Ocius Sentinel is to use for the customer receipt. If undefined (commented or blank value) the file would be expected at the root of the same drive, which is where Ocius Sentinel puts the receipt by default. The folder where Ocius Sentinel is to place the customer receipt. Default is Receipt1.txt, it can be modified in the Ocius Sentinel application, and if so the name used should be entered here. The name that Ocius Sentinel will use for the merchant receipt. The folder where Ocius Sentinel is to place the merchant receipt.
The number of milliseconds to wait after an auto logon before sending a transaction. This is to allow for an issue with Sentinel which causes it to occasionally reject or lose messages which are sent too soon after a previous communication. The number of milliseconds to wait before issuing an automatic logon command to Sentinel. If this is set true then the core will log on to the terminal automatically when it receives a transaction (if the POS has not already sent a logon command). This option is used in some deployments, and Verifone would indicate the value to use. The account ID to send with each transaction. The default is * which enables all menus. The menu configuration to send to the terminal when logging on. The IP address of the Ocius Sentinel software. Section 11.3, tied to “penetration testing” from both inside and outside the network and validation of any segmentation and scope-reduction controls.Table 11-2 Verifone Ocius Sentinel - Optional Configuration Settings Setting.Section 9.9, stipulating corporate policies ensure protection of card-reading devices that capture payment card data used in card-present transactions.Section 8.5.1, mandating that service providers with remote access to customer premises must “use and verify” that different authentication credentials are used for each and every customer.Section 6.5.10, which requires implementation of software development policies and procedures to verify that broken authentication and session management are addressed with appropriate coding techniques.Included in that group, maintains Majka, are the following: ”First, players in the payments arena should be aware of, and embrace, what may be viewed as among the more pressing mandates. “However, it’s just as important to realize that PCI DSS itself is merely one very important aspect of a multi-layered approach. Among the standards first issued, several were tagged with the designation as “best practices, ” and beginning this summer - 2015 - those best practices have now become requirements for merchants and providers across the payments landscape.“Each of these new requirements is important to ensuring a more secure environment for handling payment card data, ” notes Majka. PCI DSS 3.0 traces its genesis to late 2017, when the standards were first published and then took effect in January of 2014. Payment Card Industry Data Security Standard (PCI DSS 3.0) was put in place to take things up a notch in the pursuit of safeguarding and improving the security of card transactions.But that’s not enough, says Joe Majka, VP and Chief Security Officer of Verifone, who spoke with PYMNTS last week.Security officers at firms large and small should go over and above what is codified to help make sure payment card data is as secure as possible, and should not let EMV lull them into a false sense of security.