Payment Card Industry(PCI) Data Security Standard (DSS)
Charts now implements all application based PCI provisions as identified in the Payment Card Industry document Data Security Standard – Requirement and Security Assessment Procedures Version 1.2 (October 2008).
It should be noted that full PCI compliance imposes many additional system, network and procedural requirements that are outside the scope and control of the Charts application. It’s recommended that the property seek the advice and assistance of a group who is conversant with the full PCI requirements.
PCI provisions in Charts employs 256 bit Master Keys, 256 bit Encryption Keys and 256 bit AES encryption algorithms to encrypt a guest’s credit card number and credit card expiry date within Charts. No credit card sensitive information is therefore able to be read through inspection of data held in Charts.
Only those receptionists authorized to view credit card details will be able to display these details in full. All other receptionists will only be able to view the first 4 digits and last 3 digits of the credit card number and no credit card expiry information. Credit card details will remain in Charts in an encrypted state until a preset number of days after guest checkout. Once these days have been reached, credit card details are permanently removed from Charts and no level of authority shall be able to display this information.
A privileged utility exists to perform key management functions on a routine basis or when existing keys are considered compromised.
Application PCI Compliance Requirements
Focusing only on those requirements that are within the scope of an application such as Charts, the following items cover requirement paragraphs within the Data Security Standards document:
- Charts can be configured to automatically remove encrypted card holder data that is older than a given number of days after checkout.
- Charts only stores the following data – Cardholder’s name, Primary Account Number (PAN) and expiry date. Primary account number and expiry date are always encrypted.
- As a default Charts does not store the card verification code.
- Charts does not store either the PIN or the encrypted PIN block.
- Unless a receptionist is authorized to view cardholder data, Charts will mask all primary account number digits apart from the first 4 and last 3 digits and mask all digits of the expiry date.
- Render PAN and Expiry Date Unreadable.
Charts uses a 256 bit Master Key that’s constructed from the hashing of two passwords entered by two individuals. No single individual shall know both passwords. This Master Key is stored outside the backed up Charts application data. Charts generates a random 256 bit Encryption Key which is then encrypted using the Master Key and stored in Charts to subsequently be used for encryption and decryption of cardholder data using 256 bit AES algorithm technology.
Data Encryption Process
Charts uses the Master Key to decrypt the Encryption Key. The resultant key is then used to encrypt the cardholders primary account number and expiry date. This encrypted data is then stored in Charts.
Data Decryption Process
Charts uses the Master Key to decrypt the Encryption Key. The resultant key is then used to decrypt the cardholder’s data before display in Charts.
Encryption Key Update Process
Charts uses a privileged application to allow regeneration of an Encryption Key on a periodic basis or when the Encryption Key is considered compromised. The old Encryption Key is decrypted using the existing Master Key. A new randomly generated 256 bit non-readable (Non-ASCII) Encryption Key is created. All encrypted cardholder data is decrypted using the decrypted old Encryption Key and re-encrypted using the new Encryption Key. The new Encryption Key is then encrypted using the existing Master Key before being stored within Charts.
Master Key Update Process
- Charts uses a privileged application to allow change of Master Key. Two individuals are asked to each enter a 16 character password. No one individual shall know both passwords. Charts uses proprietary hashing algorithms to scramble the resultant passwords to form a single new 256 bit non-readable (Non-ASCII) Master Key. The old Master Key is used to decrypt the existing Encryption Key. The new Master Key is then used to encrypt the existing Encryption Key before this is stored within Charts. The old Master Key is destroyed.
- Charts implements column level database encryption.
- Using the privileged application and suitable procedural guidelines, no single individual shall know the entire Master Key.
- Charts stores the resultant hashed Master Key in a file that is outside the backed up Charts application data. This file is composed of one thousand randomly generated 256 bit keys. Only very limited Charts development staff know which of the 1000 keys contain the actual Master Key. The Master Key is stored in a separate file to the file containing the Encryption Key.
- Key management procedures are provided to property management. These detail the Encryption Key Update Process and the Master Key Update Process.
- The use of two individual Master passwords with no one person knowing both passwords. The adoption of hashing algorithms coupled with 256 bit AES encryption algorithms throughout the encryption process.
- Master Keys and Encryption Keys are not distributed outside the Charts application. The Master Key is not backed up on the same media as the remaining Charts data.
- The keys used for encrypting data are stored securely and access to the keys remains extremely limited for both the Encryption Key and the Master Key.
- Update of the Encryption Key is recommended to be done quarterly or if the Encryption Key is compromised. Update of the Master Key is recommended annually or if the Master Key is compromised.
- Once new keys are created, old keys are destroyed.
- The master key requires two halves of a password, each half of which is known by a separate party. No single individual has knowledge of both halves of the password. Even if a single individual knew both passwords, the proprietary hashing performed to generate the final 256 bit Master Key makes it extremely difficult for the final Master Key to be determined. In addition the final Master Key is not stored in readable format.
- Unauthorized key substitution is minimised through the adoption of key obfuscation techniques (hidden keys within a file of 1000 keys).
- Procedures are recommended such that key custodians are required to sign a form specifying that they understand and accept their key management custodian responsibilities.
- Whenever cardholder data is passed over open public networks, this data is encrypted using a 256 bit key only known to authorized key holders and using 128 bit block CBC AES encryption algorithms. The transmission of cardholder data over open public network is limited to the Charts controlled bookings interfaces and bookings between Charts systems.
Charts PCI Security Enablement
Activating PCI Encryption
The privileged PCI utility CHARTSCARD.EXE must first be obtained before PCI provisions in Charts can be enabled.
This tool first initializes Charts for PCI encryption and then makes the Master Key Update and Encryption Key Update facilities available.
By default, once initialized for PCI encryption, all receptionists are NOT enabled for use of the CHARTSCARD utility and are NOT enabled for viewing of credit card details.
Only those receptionists authorized through Charts to use the CHARTSCARD utility may use this utility. In Charts, navigate to the Management Menu and Assign Receptionist Menu. Move to the receptionist whose access you wish to change, press ‘C’ for change, press PAGE DOWN to change access levels for this receptionist, cursor down to the “Credit Card Key Utility” function and enable access using the SPACE bar.
Enabling Increased Card Security
Once PCI encryption has been activated using the CHARTSCARD utility, Option 47 should be enabled with the parameters “AES,<days>[,ENTMASK]” where days is the number of days after checkout before a credit card details are permanently removed from Charts. Where the property is using the Charts Enterprise product, the optional parameter ENTMASK should be used to ensure that credit card details are not stored in Charts Enterprise. By default this information is not stored in Charts Enterrprise.
Enabling a Receptionist to View Credit Card Details
By default, all receptionists apart from MGR will not have access to credit card details.
To enable a receptionist to view credit card details, an authorised person must navigate to the Management Menu and Assign Receptionist Menu. Move to the receptionist whose access you wish to change, press ‘C’ for change, press PAGE DOWN to change access levels for this receptionist, cursor down to the “Able to View Credit Cards” function and enable access using the SPACE bar.
- 256 bit Master Keys
- 256 bit Encryption Keys
- 256 bit AES encryption algorithms