PA-DSS requirement 2.1
Securely Delete cardholder data after customer-defined retention period
Starting with Maitre’D version 7.08.000.000, cardholder data is only saved and held for the current fiscal day. When the fiscal day is closed, all cardholder data is automatically deleted in a secure manner by overwriting the file that contains this data with a blank version of this file.
Stored Data
| Field | Name | Description | Encryption |
|---|---|---|---|
4 | CC Info | String containing PAN + Exp.Date ONLY | AES 128 bit |
5 | Expiration date | Credit Card expiration date | AES 128 bit |
10 | Account number | Primary Account Number (PAN) | AES 128 bit |
17 | Acquired Bank Reference Data | Identifiers returned by the acquirer / processor Does not contain any card info. | AES 128 bit |
22 | Initial Acquired Bank Reference Data | Identifiers returned by the acquirer / processor Does not contain any card info. | AES 128 bit |
• Whenever the credit card batch is closed, this file is cleared of all the data it contains. This generally happens during the End-of-Day process, but can also be triggered manually if the credit card processor supports it. • DO NOT attempt to manually delete this file using Windows Explorer.
C:\POSERA\MaitreD\DATA\File215.dat
This file is used to store the payment information for the invoices.
Stored Data
| Field | Name | Description | Encryption |
|---|---|---|---|
4 | Folio | Primary Account Number (PAN) + Exp.Date | AES 128 bit |
14 | Card name | Credit Card brand name in clear text | none |
21 | Hash Folio | One-Way hash of PAN for duplicate report | SHA-3 |
24 | Truncated Folio | Truncated folio, plain text (****************9874=**) | None |
• Folio (PAN + Exp.Date) (AES encrypted): Used in case the transaction needs to be voided or modified during the day. This information is removed from File215.dat during the End-of-Day process.
• Cardholder information is removed by overwriting the fields containing cardholder data with a string of characters containing only spaces. The overwritten fields and then re-encrypted.
• During the End-of-Day process, the sanitized copy of that file is placed in an archive file for the fiscal date being closed. The original file is cleared of all the data it contains.
DO NOT attempt to manually delete this file.
Files under C:\POSERA\MaitreD\DATA\INT This folder contains temporary request and answer XML files in encrypted form (AES 128-bit). Files named REFTxxxxxxxx.XML contain full track2 data, but these files are deleted immediately after the answer is received from the processor. If no answer is received, the transaction will time out and the file is also deleted.
Note that under normal circumstances, this folder should appear empty, except for the \Backup\ sub-folder. Normally, REFTxxxxxxxx.XML and AEFTxxxxxxxx.XML should only remain in this folder for a few seconds while they are being processed. After processing is done, the file containing sensitive data is securely deleted.
REFTxxxxxxxx.XML
This file is the request formulated by BoSrv.exe and which will be sent to the processor.
Stored Data:
• Full track2 data • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe
AEFTxxxxxxxx.XML
This file is the answer formulated by BoSrvEFT.exe using the answer received from the third-party client.
Stored Data:
• Bank Reference Data (PAN + Expiration date + acquirer reference data) • The file is encrypted with AES 128-bit • Securely deleted after being retrieved by BoSrv.exe
Files under C:\POSERA\MaitreD\DATA\INT\Backup\
This folder contains XML files for EFT requests and EFT answers sent to and from the EFT Back-Office Server and the Third-Party interface.
REFTxxxxxxxx.XML
This file is a sanitized copy of the request formulated by BoSrv.exe and which was sent to the processor. Track 2 data is removed, and PAN and Expiration Date are replaced with truncated versions.
Stored Data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. ** There is NO full PAN, expiration date or any other credit card data in this file.
AEFTxxxxxxxx.XML
This file is a sanitized copy of the answer formulated by BoSrvEFT.exe using the answer received from the third-party client. PAN and Expiration Date are replaced by truncated versions.
Stored Data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.
Files under C:\POSERA\MaitreD\DATA\LOG
This folder contains logs that can be used to troubleshoot various features of the Maitre’D software suite. Most of these logs are not related to card processing. Only 3 logs are actually tracking card payments:
• BOSRVEFT.LOG • BOSRVEFTDRV.LOG • EftTrans.log
BOSRVEFT.LOG
This file logs activity from Bosrveft.exe. It contains basic transactional information between Bosrv.exe and Bosrveft.exe as well as XML requests to the processor and XML answers from the processor.
This file can be deleted if required. A new, empty file will be automatically created as required.
Stored Data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.
BOSRVEFTDRV.LOG
This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.
This file can be deleted if required. A new, empty file will be automatically created as required.
Stored Data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.
BOSRVEFTDRV.LOG
This file logs activity between Bosrveft.exe and the third-party client. It contains XML requests to the processor and XML answers from the processor.
This file can be deleted if required. A new, empty file will be automatically created as required.
Stored Data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.
EftTrans.log
This file logs card payment transactions in a summary format
This file can be deleted if required. A new, empty file will be automatically created as required.
Stored data:
• Expiration date (truncated) • PAN (truncated) • This file is not encrypted. • ** There is NO full PAN, expiration date or any other credit card data in this file.
Archive file
Archives are in fact *.zip files stored under C:\POSERA\MaitreD\DATA\Archive. They are used to generate invoice reports and reports on payments. Each archive file is datestamped and contains the data for one single fiscal day only.
Each archive contains a copy of file215.dat. Since Maitre’D version 7.08, File215.dat gets cleared of cardholder data before the archive is created. Therefore, no cardholder data is found in any archive created with Maitre’D version 7.08.000 or later. However, customers upgrading from older versions may have archives containing cardholder data encrypted with 128-bit AES. Following an upgrade to Maitre’D 7.08.000 or later, archives will be sanitized at a rate of 30 archive files per end-of-day, until all archives found in C:\POSERA\MaitreD\DATA are cleared of cardholder data.
Windows System Restore and Windows Backup
Leaving Windows System Restore turned on can cause your system to inadvertently retain cardholder data for undefined periods of time. The same is also true for the Windows Backup and Restore feature included in Windows 7 or later versions. For this reason, both System Restore and Windows Backup MUST be disabled in order to ensure PA-DSS compliance.
Disabling Windows System Restore
The Windows System Restore feature is always enabled by default on new Windows 7 or later installations. Therefore, you must systematically disable this feature on all existing and new installations using Windows 7 or later
1- Click on the Windows Start button, and select Control Panel.
2- From the Control Panel home, click on System and Security.
3- Click on System
4- The System window opens. On the left-hand side of the window, click on System Protection.
5- If the protection is set to On for one or more of your drives, select the drive and click the Configure… button.
6- Select the Turn off system protection, and click OK
7- A warning message will appear. Click Yes to delete all existing restore points and disable System Restore for this drive.
Repeat steps 4 through 7 for any other drive for which the protection is still set to On.
8- Once System Restore is Off for all drives, click OK to close the System Properties window.
Disabling Windows Backup & Restore
By default, Windows Backup is not enabled on new Windows 7 installations. However, the Windows Action Center may prompt for this feature to be enabled, therefore users could inadvertently turn on the Backup and Restore feature, thus impairing PA-DSS compliance. For this reason, you need to confirm that Windows Backup & Restore is off and remains turned off.
Last updated
