StorefrontBacktalk

This is page 3 of:

Forgotten Apps Pose PCI Danger, Visa List Shows

June 10th, 2010

AutoGas. AutoGas Regal. All versions prior to Streamline 2 V4.10.

CAM Commerce Solutions. Profit$. All versions prior to V3.5 release 9.

Comdata. Trendar. All versions prior to V617.

Emporos Systems. MerchantSoft POS V7.0.0.3c.

Elavon, formerly Southern DataComm. ProtoBase Client Suite for Windows with SofTrans. All versions where NetSend V2.0.0.49 and lower were implemented.
ConnectUp. All versions.
PopsOn. All versions.
ProtoBase V4.80.xx.
ProtoBase V4.7x.xx.
PBAdmin V4.01.xx.
PBAdmin V5.00.xx.

Excentus. Reward Fuel Controller. All versions prior to V3.0.

First Data, formerly ICVERIFY. ICVERIFY for Windows V2.x.

Focus POS Systems. Focus POS. All versions prior to V6.11.23.

Gilbarco Veeder-Root. Passport. All versions prior to V6.00.xx.
G-SITE ADS G-SITE ADS–Chicago. All versions prior to V22.1.0.3.
G-SITE Concord/Buypass. All versions prior to V6.4.03.
G-SITE Exxon Mobil. All versions prior to and including V4.8.38.

Gilbarco Veeder-Root, formerly Gasboy International. CFN III PLUS (NBS, Paymentech, Buypass) V3.5.

HighTech Payment Systems. PowerCARD-Switch V1.0-2.0.

HotSauce Technologies. HotSauce Restaurant Management Solutions (RMS). All versions prior to V5.9.6.1.
EVS V1.

IBM. ACE Electronic Payment Support (EPS) V6. All levels prior to S106.
ACE Electronic Payment Support (EPS) V5. All levels prior to P150.
ACE Electronic Payment Support (EPS) V4. All levels prior to N166.
ACE Electronic Payment Support (EPS) V3. All levels prior to M207.
StorePay. All versions prior to V5.0.

Integrated Business Systems. Club Management System V6.42.0.0.

ISD. Message Sentry V1 for iSeries.
Message Sentry V1 for Unix.
Message Sentry V1 for Mainframe.
Payment Switch Framework Authorization & Settlement Suite V1.0.

MenuSoft. Digital Dining. All versions using a DDServ.dll file prior to V7.3.0350.

Micros. 8700 HMS V2.70 through V2.70.14*.
8700 HMS V2.50 through V2.50.20*.
8700 HMS V2.11.0 through V2.11.9*.
8700 HMS V1.00 through V2.10.
9700 HMS. All versions prior to V2.50.
Opera Enterprise Solution V5.0.
Opera Enterprise Solution V4.0.1.
Opera Enterprise Solution V4.04.02.
Opera Enterprise Solution V3.6.1E03.
RES V3.2.0*.
RES V3.1.0*.
RES V1 through V3.0.

Multi-Systems. WinPM V1.90.
WinPM V1.80.
WinPM V1.63.
WinPM V1.62.

NCR. ScanMaster. All 2.1.xx.xx Versions prior to V2.01.00.30.
ScanMaster. All 2.0.xx.xx Versions prior to V2.00.03.12.
ScanMaster. All 1.2.xx.xx versions prior to V1.2.3.26.
ScanMaster V1.1.6.xx.

osCommerce. osCommerce V2.1.

Posera. Maitre’D. All later versions prior to V2005 Service Pack 3.
Maitre’D. All versions prior to V2003 Service Pack 11.
Maitre’D. All versions of V2002.

Postilion (S1 Corp.). Realtime Framework. All versions prior to V4.2 Service Pack 3.

Radiant Systems. Aloha Suite. All versions prior to V5.3.15.
RPOS (Petroleum and Convenience Stores). All versions where sites accept debit card transactions at the Island Card Reader higher than and including V5.3 and V6.6.

Retail Pro International. Retail Pro V9.00.xx.xx through V9.14.xx.xx.
Retail Pro. All versions prior to and including V8.52.xx.xx.

SpeedLine Solutions. SpeedLine POS. All versions prior to and including V4.3.

TAM Retail, a division of Lode Data Systems. The Assistant Manager. All versions prior to V9.0.

TSYS Acquiring Solutions. POS PARTNER. All versions.

VeriFone. Ruby PTIPAK (Chase Paymentech). All versions prior to V4.00–Base 161 PABP.
Ruby, Topaz Buypack (First Data) V4.01.xx.
Ruby, Topaz Buypack (First Data) V2.10.xx.
Ruby, Topaz Buypack (First Data) V2.09.xx.
Ruby, Topaz Buypack (First Data) V2.08.xx.
Ruby, Topaz (Store & Forward Fleet and Debit) Buypack (First Data) V4.07.xx.
Ruby, Topaz (Store & Forward Fleet and Debit) Buypack (First Data) V4.06.xx.

Xpient Solutions. IRIS V3.7.6 through V3.7.14.

Posted in E-Commerce, In-Store, IT Strategy/Industry, Payment Systems, Security/Fraud, Software

2 Comments | Read Forgotten Apps Pose PCI Danger, Visa List Shows

Steve Sommers Says:
June 10th, 2010 at 11:43 am
I have no idea the reason Visa or PCI SSC does not publicly post this list. I have two guesses: 1) legal reasons — Visa is affraid they’ll be sued for libel? or 2) security reasons like you mentioned — but hackers have a better network for distributing this information and most likely already know these vulnerable apps and many more.

*The asterisks next to the various Micros versions indicate that there are secure third party drivers that can bring them into compliance.
Tom G Says:
July 1st, 2010 at 7:08 pm
It’s logical not to publish the list, although I would personally benefit from its publication.

Two of my competitors are on the list, but the systems listed are very old. Many consumers would look at the brand name and just reject them as potential choices to be on the safe side. VISA doesn’t want it list to be a kiss of death for an established brand.

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Kindle Convenience - StorefrontBacktalk is now available natively on the Kindle so you can read us on the place without a connection.

Read StorefrontBacktalk's Retailing Column every month at Retail-Week.com. Please click here for an archive of those columns.

Read StorefrontBacktalk's Retail Realities Column every week at CBSNews.com. Please click here for an archive of those columns.