Merchant Link SecurityCents

A blog that comments on the latest developments in the world of payments, payment data security and technology, PCI compliance, and more.

By Troy Mechura

The two major payment gateways that provide services to Panasonic SMP users have taken a leadership role in the industry by expressing serious concerns about the security of SMP.  We haven’t heard much from other members of the payments community or even from the software provider itself.  We have heard that many users have been charged with PCI non-compliance fees on top of their regular monthly fees.  While everyone is working hard to ensure that only PA-DSS validated applications are traversing their payment networks, SMP is flying under the radar and getting little attention.

A Little Background…

SMP version 3.0 (only) was grandfathered in under the old PABP rules for 24 months (set to expire 11-15-10) but there is no mention of this grandfathering on the new comprehensive PA-DSS list even though other payment applications were transferred over.  Was this an oversight?  It is a pretty important issue to go unnoticed.  Regardless, we have seen very few merchants using version 3.0.  Most are still using 2.x versions or the last version – 3.5.   Therefore, the vast majority of SMP users are not using a version that is listed on either the outdated PABP list or the new PA-DSS list.

No one seems to want to take a stand on the security of SMP, except the two major payment gateways.  As fines and penalties go, both are in a relatively neutral position in the payment stream and both have expressed grave concerns.  Why such silence from everyone else? And who will be responsible in case of a breach?  Some of the first questions that will likely arise are:

  • What version of SMP were you running at the time of the breach?
  • Where is that version listed as a validated application?
  • Did your dealer, processor, or auditor tell you it was OK to run that version?
  • Did you get this guidance in writing?

There is one thing for certain, SMPLink – built by Bunt Software to install on SMP systems – passed the rigorous PA-DSS validation audit and is compliant according to PA-DSS standards.  Combine this with Merchant Link’s TransactionVault® tokenization technology, and SMP users can run state-of-the-art technology on their Panasonic SMP systems without buying new hardware.

Merchants should not mistake silence for security when it comes to their SMP system.  Visit www.buntsoft.com today to learn more.

Powered By DT Author Box

Written by Merchant Link Staff

Merchant Link Staff

Merchant Link’s SecurityCents blog is essential reading for merchants in the retail, lodging, and restaurant industries looking to secure their customers’ credit card data. Check the blog regularly to read what our industry experts have to say about the latest developments in the world of payments, payment data security and technology, PCI compliance, and more. We invite you to leave comments and share your insights and opinions.

Comments

There is one comment for this post.

  1. Tweets that mention Merchant Link SecurityCents :: PCI Compliance Tokenization :: Why the silence on Panasonic SMP? -- Topsy.com on October 7, 2010 9:38 am

    [...] This post was mentioned on Twitter by securitypro2009, Merchant Link, Troy Mechura, Cliff Torrence, The PCI Maven and others. The PCI Maven said: @pcimaven Merchant Link SecurityCents :: PCI Compliance Tokenization :: Why … http://bit.ly/9jeSnt http://bit.ly/5ok4B3 [...]

Write a Comment