High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
S
TAR
-I
NFO
Newsletter for Sage MAS 90 and Sage MAS 200 ERP
May 2010 • Volume 10 • Issue 3
C
redit card fraud, fueled in part by the high volume of Web-basedcredit card transactions, is a seriousproblem. According to the Privacy RightsClearinghouse (www.privacyrights.org),more than 100 million records containingsensitive information have been exposed totheft since 2005. Te targets are not just largeorganizations. In fact, smaller organizations with less stringent security measures in placeare easy targets for thieves.Teft typically does not occur during theInternet credit card processing transactionitself — these transactions are well encrypted.Instead, thieves concentrate on breakinginto databases that store a large number of credit cards transactions, such as a businesses’accounting system. Regulatory bodies aredoing their best to control credit card theftby enacting laws to protect personal infor-mation and to regulate the circumstances in which organizations must publicly report adata breach.Currently, compliance requirements vary according to the number of transactions pro-cessed per year. However, regardless of size,organizations processing credit card data mustcomply with the Payment Card Industry DataSecurity Standard (PCI DSS). Organizationsthat suer a data breach can be ned by theircredit card processor if they fail to comply with the standard. Here we provide a brief overview of the PCI DSS requirements.
Data Storage Dos And Don’ts
You can store the primary account num-ber, the cardholder name, and expirationdate, but this information must be protectedper PCI DSS requirements. You may
not
store the three-digit code onthe back of the card, variously called CAV2,CVC2, CVV2, or CID. You also may notstore the full magnetic stripe data or PINinformation for debit cards.
PCI DSS Requirements
Tere are 12 components of PCI DSSrequirements within the following sixcategories:
Build And Maintain A Secure Network
Payment Card Industry Standards
What’s InsideHeadline News
All Businesses Processing Credit Cards Must Comply
Sage Software offers free Webseminars designed to help youbetter manage your business.Current offerings include:
• Critical Compliance: EnsureYour Ability to Accept Credit Card Payments After July 1, 2010
. PCI, PA-DSS, PCIDSS — What does it all meanfor your business?For the current Sage MAS 90and Sage MAS 200 Webcastschedule or to register
.
— Te rst two requirements relate to the secu-rity of a company’s network.1) Install and maintain a rewall congu-ration to protect cardholder data. A rewallmust be present to control the computer traf-c between a company’s internal network and untrusted external networks. Te rewallmust examine all network trac and block transmissions that do not meet specied secu-rity criteria — whether entering the system by way of the Internet as e-commerce, employ-ees’ access through desktop browsers, employ-ees’ e-mail access, dedicated connection suchas business-to-business connections, or wire-less networks.2) Do not use vendor-supplied defaults forsystem passwords and other security param-eters. Strong system passwords must be used.Te default passwords and settings are wellknown by the hacker community.
Protect cardholder data
— Tese require-ments protect data as it is stored or transmitted.3) Cardholder data stored in the computermust be protected using programming meth-ods such as encryption, truncation, masking,and hashing. If an intruder gains access toencrypted data, without the proper crypto-graphic keys, the data is unreadable and unus-able to that person.4) Encrypt transmission of cardholder dataacross open, public networks.
Vulnerability Management Program
— Tese requirements cover the overall pro-tection of your computer software.5) Use and regularly update anti-virussoftware.6) Develop and maintain secure systemsand applications. When a software vendor,such as Microsoft, issues a security patch, itmust be installed promptly.
Strong Access Control Measures
— Tenext three requirements relate to access toinformation on your computer systems.7) Restrict access to cardholder data by business need-to-know. Give access to card-holder data only to those who need it to com-plete their job responsibilities.8) Assign a unique ID to each person withaccess to your computer or network. Tishelps ensure that each individual is uniquely accountable for his or her actions.9) Restrict physical access to cardholderdata. You must secure hard copies of card-holder data in a restricted access location.
Monitor and Test Networks
— Even with a well-designed rewall and good anti-virus software, new vulnerabilities are beingexposed all the time by malicious individu-als. o track and prevent detrimental activity:10) rack and monitor all access to net- work resources and cardholder data. Youmust log user activities so you can detectand track down the cause of a possible datacompromise.11) Regularly test your security systemsand processes.
Maintain an Information Security Policy
— A strong security policy sets thesecurity tone for the whole company andinforms employees and contractors what isexpected of them.12) Maintain a policy that addresses infor-mation security. All employees should be aware of the sensi-tivity of data and their responsibilities for pro-tecting it.
Sage MAS 90 And PCI DSS
Your Sage MAS 90 and 200 software hasbeen storing credit card data in an encryptedformat for some time. With the release of Sage MAS 90 Version 4.4, the encryptionalgorithms are updated to comply with thelatest PCI DSS standards. Te update alsois being applied in the latest Product Updatefor Version 4.3. If you store credit cardinformation in Sage MAS 90 or 200, it isadvisable to upgrade to one of these versionsas soon as possible to ensure your compliance with the PCI DSS requirements.Te PCI DSS also recommends that if youstore credit card transactions, that you peri-odically purge the data. Te Product Updateincludes a new utility that allows you to safely remove cardholder data periodically, based ona specic transaction or expiration date.If you are unsure of your compliance in any of the standards, give us a call, or contact yourcredit card processor. You can visit the PCIStandards Council Web site for more infor-mation: www.pcisecuritystandards.org.
page 2 • S
TAR
-I
NFO
Newsletter
(( Tips & Tricks ))
Filtering Data In Business InsightsExplorer Views
You can narrow your result set in a BIEView using any one o the ollowingfltering methods:
»
Click on the value to be fltered, and thenclick the
Filter by Selection
button onthe Business Insights Explorer toolbar. Thelist is automatically fltered by the selection.
»
Click the drop-down arrow in a columnheader, and select the value to be flteredrom the list. The list is automaticallyfltered by the selection.
»
Click the drop-down arrow in a columnheader, and then click
Custom
to openthe Custom Filter window. Here you candefne either single-level flter equations orgroups o equations.
Notes:
»
To remove a flter, click the Remove Filterbutton on the Data toolbar.
»
Alternate the Data Grid between flteredand unfltered views by clicking the ToggleFilter button in the Data toolbar.
»
To save a fltered view, click the SaveSettings button in the Explorer toolbar.
Work Smarter With Intelligence From Business Insights
B
usiness intelligence is a term you hear alot these days. In this article we cover thedenition of business intelligence, as well asthe excellent tools available in Sage MAS 90and 200 ERP that give you access to intelli-gence about your business.
Business Intelligence Beginnings
According to Wikipedia, the term BusinessIntelligence was rst used in 1958 by IBMresearcher Hans Peter Luhn. He dened it as:“Te ability to apprehend the interrelation-ships of presented facts in such a way as toguide action towards a desired goal.” Luhnforesaw that computers could be used not just to collect and crunch numbers, but toprovide analysis to support decision making.In 1989 Howard Dresner proposed that theterm
business intelligence
be used to describe:“Concepts and methods to improve businessdecision making by using fact-based supportsystems.” Tis usage gained ground and by the late 1990s was in widespread use.o put it into practical terms that you candirectly relate to your Sage MAS 90 software,business intelligence refers to computer-basedtechniques used to nd and analyze businessdata, such as sales revenue by products ordepartments or associated costs and income.Business Insights for Sage MAS 90 and 200can provide you with historical, current, andpredictive views of business operations to sup-port better decision making.
Business Insights Dashboard
For the executives in your organization who need a quick, high-level picture of thestate of the business, the Dashboard is thetool of choice. Business Insights Dashboardpresents information in a high-level, attractivegraphical format that allows you to instantly ascertain the state of your business. Flexible,yet simple to use, this dashboard is displayed within the Sage MAS 90 Business Desktopand also can be accessed directly within a Webbrowser. If you do see something questionableand need to take a closer look, you can drilldown directly to 20 detailed reports withinSage MAS 90. Data is refreshed automatically through a polling process that ensures the dis-play of up-to-date information.
More Than Just A Pretty Face
Because the Business Insights Dashboardis so visible, many people believe that it is allthere is to Sage MAS 90 Business Insights.However, Business Insights is not only a way to nicely present your data. In fact, theDashboard is just one of three components.Te other two are the Business InsightsExplorer and the Business Insights Reporter.Let’s take a closer look at each.
Business Insights Explorer
Te Business Insights Explorer (BIE) com-ponent allows you to locate key businessinformation quickly and eciently. It canturn your data into knowledge you can useto improve your business. You can quickly answer questions like: Who are my top sales-people? Who are my top customers? What arethey buying? How many new customers did we add last month? What makes BIE so easy to use is thestreamlined grid interface that brings multipledata elements into one view. Tere are 11 stan-dard views, including Contacts, Payments,Invoices, and Sales Orders. Convenient l-tering capabilities enable you to sort, group,reorganize, and rename columns within thegrid. You also can create custom elds basedon simple or complex formulas. You thencan save your specialized views for real-timeanswers tomorrow or next month, and evenshare them with others in the organization.Using BIE, your teams can increase theirproductivity and improve customer satisfac-tion. No more frantic phone calls from salesto your accounting sta asking about custom-er’s payment information. Sales can quickly access customer information, view orderdetail, search for a specic payment amount,and nd any related entries.If you are looking for a particular entry,you can simply type a specic clue, such asthe dollar amount of the transaction, intothe
Look For
eld. Ten, you can easily nar-row the search by a selection in the Searcheld. Tis saves time scrolling and scanningthrough lines of information.ask management options provide quick access to key tasks. For example, when in theCustomer View, you can access CustomerMaintenance, Order Entry, and other cus-tomer-related tasks.For further analysis, a simple right-click can export your data into Excel®, Access®, or XML les.
Business Insights Reporter
When you need a printed report basedon specialized data, the Business InsightsReporter (BIR) is the tool to use. In BIR,data is presented in logical views, so there isno need to try to gure out what table to getdata from or how to link to additional datafor your report. BIR is Wizard-driven, so itguides you through all of the required stepsto create a report. You easily can add calcu-lated elds using simple point-and-click cal-culations, then choose your output format,including Excel, Adobe PDF, or XML, inaddition to printing. We are here to help. If you need training orassistance making Sage MAS 90 work moreintelligently for your business, please give us acall.
Sage MAS 90 and Sage MAS 200 ERP • page 3
Add a Comment