IntelliStore HO
Centralised control of IntelliStore Back Office across all your branches.
Learn more
IntelliStore BO
Our solution to run the store - ordering, cash management, sales reporting and much more.
Learn more
IntelliStore Till
Designed for supermarkets and convenience stores
Learn more
Eposity
An event based framework for your epos data
Learn more
Scan & Go
Meet and exceed the expanding expectations of your customers by saving the most precious possession they have: their time.
Learn more
Online Grocery
Allows you to accept online orders from your customers - either delivered to their door or they can collect from your stores. Get the best of all worlds: Connect click-and-collect or click-and-order with brick-and-mortar.
Learn more
eLoyalty
A complete backend and mobile app online solution, combining Online Grocery Shopping, Scan and Go with our product, Loyalty Link.
Learn more
Richard Coyle
Mar 31, 2015
We have become aware of a new virus that specifically targets epos systems.
PoSeidon is basically a keylogger, capturing credit card data.
However we want to reassure our customers - even if any IntelliStore users were infected with this virus, it wouldn’t be able to capture credit cards, because all data is encrypted between the pin entry device (the PED) and the EFT provider’s servers.
In technical terms, IntelliStore is never passed a plain text PAN or track 2 data so it never has the card numbers in memory.
The only risk might have been our EFT provider’s software stored the card numbers in memory, so we reached out to our EFT providers for their comment. The following providers replied:
"We employ SRED protocol (secure reading and exchange of data). All data is dual encrypted on the ped (2048bit RSA and AES encryption) and only decrypted when it hits our PCI-DSS certified infrastructure." - SagePay
"Our application, RA1, in combination with the iPP is PCI-P2PE certified. This guarantees that all cardholder data returned from the PED is encrypted and the solution architecture ensures that neither software on the PED or the POS can decrypt the data." - Ingenico
"Card information is only ever stored when offline transactions are processed. The transaction information will never be stored in raw form and will always be encrypted. It is encrypted on the PED before it is stored, encrypted again on the POS, then decrypted once it reaches our payment gateway." - Verifone
Hopefully this will re-assure you. If you have any specific questions, please feel free to post on our forum or indeed, in the comments below.