Support for Outdated Software Products/Compliance w/Cardholder Information Security Programs

– William Deery, VP of Operations,
J.D. Associates

We’d like to inform you today of older software product versions which are no longer supported by their developers and subsequently cannot be supported by J.D. Associates. (A hard copy of this announcement was mailed in July.) You may or may not be currently using these versions.

All commercially marketed software has a “life cycle”. As new software versions are released, older versions of that software reach “end of life” and can no longer be supported. At the “end of life” stage, developers stop releasing updates and discontinue all training and support for these versions. These “end of life” versions are considered outdated, out of compliance, and are unorderable. In fact, older Point-of-Sale and EFT solutions are not compliant with CISP (Cardholder Information Security Program) and PCI DSS (Payment Card Industry Data Security Standards). Subsequently, J.D. Associates has no choice but to discontinue support for these products.

As of August 31, 2007 and thereafter, J.D. Associates will discontinue support on the products listed below. We will be happy to assist you in planning an upgrade or discussing alternative solutions with you. The following products are affected:

• Retail Pro Versions 6.51 and below will not be supported.
• Retail Pro Versions under 8.52 have not been updated to help retailers meet CISP and PCI DSS, although we will continue to support Version 7 for some time in order to help plan an upgrade or alternative.
• Microsoft Windows 95, 98, NT will not be supported.
• Retail Pro Accounting Link 2.42 and below will not be supported.
• Credit Pro EFT solution will not be supported and is not on VISA's list of compliant service providers. There are other EFT solutions for use with Retail Pro which are on the list of CISP compliant providers, however they do require Retail Pro Version 8.52 or higher.
• Microsoft RMS versions under 1.3 are not supported and are not compliant. Per Microsoft, RMS Versions 1.3 and above (and their EFT solution) follow guidelines outlined in the PCI DSS Standard V.1 document, that is, they do not retain full credit card information in their system following settlement and they use Microsoft encryption for transmission of credit card information. They do not use "strong" passwords as requested by PCI, but the retail owner can do this on their own.

As your software versions become obsolete and are no longer supported by the developers, we will inform you and help you to come up with a plan. (Please remember, however, that with CISP and PCI DSS, you, the merchant are responsible for compliance with any regulations. Your processor can answer any questions you may have on compliance issues.)

We at J.D. Associates appreciate your past business and will do everything possible to help you find a solution that will be right for you. Please contact Audrey Labrie: 800 564-4488, ext. 250, or send an email for further information or if you wish to upgrade or discuss alternative solutions. Thank you.