https://www.vetsurgeon.org/f/non-clinical-questions/23577/penetration-testing-for-internet-connected-pdq-machines Those of you who have internet connected PDQ machines are aware of compliance issues, so please could you tell us which services are practices using for the PDQ compliance piece and how much? Regs JGW en-USTelligent Community 10https://www.vetsurgeon.org/thread/148034?ContentTypeID=1Tue, 01 Dec 2015 07:33:39 GMT146601cc-3922-4be7-9974-7e1d4e45a66b:8d58bdac-f96c-4222-811d-cb3ba8325e23J G Wray<p>[quote user=&quot;robloxley&quot;]Some starters - make sure your terminal is PCI PED compliant[JGW - tick]; don&#39;t store card details full stop (be aware that if you routinely record phone calls or audio with CCTV in reception you may be storing card details and have to address their security)[JGW - tick]; sit the terminal behind a firewall[JGW tick]; ensure that any wifi network is secure/separate[JGW - see below]; educate employees about security issues[JGW- tick][/quote]</p> <p>The Wi fi thing is interesting, because it is secure, but there are plainly merits in isolating the various different networks from each other. Thus, a LAN for the PMS, a LAN for the PDQ, a LAN for the VoIP setup and a separate WLAN forWifi in the practice for staff with their devices and clients. ANother option is to use a second telephone line and a cheap and cheerful Broadband deal with Wifi for the WLAN. </p> <p>As far as the compliance piece is concerned, we&#39;ve closed down all but two ports on the router, one being a LAN2LAN VPN and therefore with restricted permissions and the other a remote access and control port protected by https. Has anyone had a problem arguing for these? I suppose the other question is, whether anyone is payig for a regular scanning service or doing it themselves?</p><div style="clear:both;"></div>https://www.vetsurgeon.org/thread/148008?ContentTypeID=1Mon, 30 Nov 2015 21:06:46 GMT146601cc-3922-4be7-9974-7e1d4e45a66b:58c1ac80-6065-4407-8430-9a6262377e8bRob Loxley<p>Some starters - make sure your terminal is PCI PED compliant; don&#39;t store card details full stop (be aware that if you routinely record phone calls or audio with CCTV in reception you may be storing card details and have to address their security); sit the terminal behind a firewall; ensure that any wifi network is secure/separate; educate employees about security issues</p> <p>There is lots of free advice for small businesses to get compliant and you shouldn&#39;t necessarily need to pay someone to do this, if you are reasonably technically minded</p> <p>If you have a credit card machine connected through a PC then you need to go to further lengths to secure the PC from attack to ensure PCI DSS complaince</p><div style="clear:both;"></div>