Windows XP and PCI DSS Compliance

Still running Windows XP? While you’re not alone, there is no safety in the dwindling numbers. Using an operating system that is no longer supported by the manufacturer places your office at greater risk for a breach. And, while you may be thinking that the odds of your practice suffering a breach are remote, it’s important to understand just what’s at stake. For the purpose of this article, let’s focus solely on the Payment Card Industry Data Security Standards (PCI DSS) as they relate to Windows XP—or any other unsupported operating system, for that matter.

The PCI Security Council, comprising American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc., governs PCI DSS and thereby provides guidance on the processing, transmission and storage of cardholder data. Adhering to PCI DSS can help protect your office from a breach and the subsequent penalties imposed by a payment brand (such as Visa or MasterCard).

There are 12 PCI DSS requirements. If your office fails to comply with all 12 requirements and suffers a breach, the resulting fines could range from $10,000 to $50,000 per incident. You could also lose credit card acceptance rights. Worse yet, most states have breach notification laws that require you to notify patients if a breach occurs. Imagine having to communicate a breach to your patients. What impact would that have on patient trust?

The sixth PCI DSS requirement applies to the Windows XP situation by requiring that merchants develop and maintain secure systems and applications. It states that your responsibility is to “ensure that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed.” This can only be achieved through the use of a supported operating system.

The good news is that help is available. TechCentral can explain your options and ensure a smooth transition to a supported operating system. More information for XP users is available from TechCentral at Dentrix PowerPay and PowerPay LE customers have an additional resource in Trustwave, an organization dedicated to helping businesses fight cybercrime, protect cardholder data and reduce security risk. Trustwave is partnered with Moneris to help PowerPay and PowerPay LE customers test, validate and maintain PCI DSS compliance. The first step, however, is upgrading to a supported operating system.

You can learn more about Trustwave and PCI DSS by reading Securing Your Dental Practice from a Credit Card Data Breach in Dentrix Magazine or by visiting

The businesses listed here are not owned or controlled by Dentrix or Henry Schein and have created these descriptions of their company, products and services themselves. Dentrix and Henry Schein make no independent assessment of the above descriptions and consumers should contact these providers directly if seeking additional information about their products or services.

Author: Damon Graves, Product Marketing Manager
Published: 07/31/2014
Contact Us