REALLY, REALLY Important News If You Have a POS (any POS) … and You Take Credit Cards

Stop the presses: Microsoft is discontinuing support for the XP Operating System as of April 8, 2014.

So what does that mean to you? A lot is going to change. And even though all of you know I am a funny guy, this is not funny, so I will present the facts, and give some advice, as usual.

Simply, all merchants who process, store or transmit cardholder data as part of authorization or settlement, are required to comply with the terms of the Payment Card industry Data Security Standard (PCI-DSS). When you signed your credit card agreement with your bank, that was part of the contract.

If you are found to be non-compliant, and if you are compromised, YOU ARE SUBJECT to 1. Heavy fines, 2. Penalties, 3. Charge Backs. And I mean a lot of money. A complete list of your requirements are listed on the website: You should visit the website regularly and understand the requirements.

Specific to this alert and alarm is that one of the requirements is that your POS system uses a Supported Operating System.Since XP will be unsupported after April 8 next year, if you run, and most of you do, XP in your back office and/or on your workstations: as of April 9, 2014, you will not be compliant! Hopefully, you have a good relationship with your processing company, and they will work with you. A real consequence will be obvious if you try to change processors and they tell you that they cannot do business with you until you are compliant!

One choice, and it is not particularly palatable, but it is an option, is to no longer process credit cards through your POS system. You would have to get an old time side swipe, and your processor either sell or rents that to you. With that solution come all of the security and error issues which made you love processing through your POS terminals. Not a great solution, but a solution and a choice.

Windows 7 is the best answer for the POS Payment Application Data Security Standard (PA-DSS) problem. What this means is that if your system works from an office PC or Server, then getting a new one which uses Windows 7 will help you become compliant and not subject to all the nasty and expensive penalties. If you do not use a back office server, or if your workstations are running XP right now, the problem is magnified, and your POS provider will have an appropriate plan of action as to upgrading those workstations as well. If your workstation is relative new (say five years of younger) and do not have a Microsoft operating system, then you are likely in the best position to upgrade at a minimal cost to you.

Keep in mind that there are likely thousands of restaurants that will need upgrades in the next few months to conform to the new requirements, and if you are one of them, the best advice is start learning what you need to do, plan appropriately, budget appropriately, and allow your POS provider to help you with the process. Waiting until Microsoft XP actually expires in April will put you in a very long line of last minute callers, and unless you’re buying your POS from a guy named Merlin or Houdini, then it will take time to properly upgrade your system.

As always, do let me know if I can help, and I will!

About the Author

Henry Pertman is Director, Hospitality Consulting at CohnReznick LLP, located in the firm’s Baltimore, Md. office. He can be contacted at 410-783-4900 or

Leave a Reply

If you want a picture to show with your comment, go get a Gravatar.