PA-DSS requirement 4.1

Implement automated audit trails

Maitre’D includes a wide variety of logs and audit reports that tracks all back-office accesses and credit card transactions. In order to ensure PCI DSS compliance, all the logs pertaining to Electronic Funds Transfer and all audit reports are always enabled and cannot be disabled in any way. No special configuration is required to enable or activate logs, as they are always operational without any user intervention, immediately after installation of the Maitre’D software.

Logs

All log files are actually plain text files that can be viewed with any basic text editor such as Microsoft NotePad, which is bundled will all versions of Microsoft Windows. By default, they are located in the following folder:

C:\POSERA\MaitreD\DATA\LOG

NOTE: The location of this folder cannot be changed after installation.

File: BOSRVEFT.LOG

This log file contains detailed information on Electronic Funds Transfer (EFT) transactions that have been processed. The information in this file comes from the Maitre’D software itself, and all card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log.

File: BOSRVEFTDRV.LOG

This log file contains detailed information on Electronic Funds Transfer (EFT) transactions that have been processed. The information in this file is stored in XML format and comes from the EFT Middleware, such as Datacap DSIClientX or others, and all card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log

File: EftTrans.LOG

This log file contains very basic information on Electronic Funds Transfer (EFT) transactions that have been processed. Only information such as transaction type, date, time, amount and such can be found in this report. All card numbers (PANs) and expirations dates are truncated and cannot be retrieved from this file. No other card data can be found in this log.

Reports

From the Maitre’D report center module, the access log report records and displays the activity occurring on the main back-office. Information like invalid login attempts, access to the report center and other activities.

To generate the Access Log report:

1- Logon to the Maitre’D back-office with appropriate credentials. (Distributor or system owner access).

2- Start the Report Center module

3- Click on the Select a Report Link.

4- Select the Configuration section.

5- Select the Access Log report, and click OK

6- Select the date or date range and time for which you want to generate the report, and click OK.

7- The report will be displayed on the screen.

Log contents

The Maitre’D Access Log will log and display the following information:

• All login events. • Access to all Maitre’D Back-Office modules after logon.

INVALID

• Failed login attempts.

LOCKOUT

• User lockouts and logon attempts by locked users.

Report Name

• Access to “Plain Folios” reports that show credit card PANs and expiration date. • The date range covered by the report is also recorded.

LOGOUT

All logout events.

For all logged events, the following information is also recorded:

• Date of the event. • Time of the event, in HH:MM:SS (Hours:Minutes:Seconds) format. • Type of event. • Maitre’D Back-Office module used. • Username responsible for the event. • Computer name from which the event was generated. • Report ranges (start and end date).

Windows Event Viewer logs

In addition to proprietary reports, all events that pertains to PA-DSS requirements are also logged in Windows Event viewer. This facilitates the inclusion of these events in a commercially available centralized logging product.

Note that logging to the Windows Event Viewer is always enabled in Maitre’D and cannot be disabled in any way through the Maitre’D software. The instructions below are provided to help users locate Event Viewer entries generated by Maitre’D.

To access the Windows Event Viewer:

1- Open the Windows Control Panel.