QS/1's Keys to Security: Transaction Security

End-to-End Encryption

QS/1 offers end-to-end encryption (E2EE) in its Point-of-Sale (POS) system. E2EE technology encrypts card data at the entry point of a merchant’s POS device (example: signature pad) through a point of secure decryption outside the merchant’s environment (example: QS/1’s PCI-certified Data Center). This technology protects card data from RAM scraper types of malware that can steal card data from the register.

Helpful links:
E2EE article in QS/1’s Insight magazine
E2EE documentation
E2EE webinar


PCI Compliance

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. QS/1 takes its commitment to customers and the industry seriously and obtains yearly certifications for the industry standard. QS/1 is a Level 1 merchant and currently certified for Version 3.2. QS/1’s PCI compliance is audited by Trustwave®. QS/1 also obtains yearly certifications for Payment Application Data Security Standard (PA-DSS). In addition to certification for processing the new chip-and-pin cards using the current EMV standards, it also includes the use of end-to-end encryption (E2EE) for transmissions of card data along with tokenization for customers who must store credit card data for recurring charges.

Helpful links:
PA-DSS Certification press release
PCI-DSS webinar
QS/1’s PCI PA-DSS Certification information


Tokenization

QS/1’s Point-of-Sale system includes PaySentry®, which performs credit card pre-authorization and stores card data. Many prescriptions are picked up and paid for by family members who may use different credit cards and have different addresses than the patient. To protect customers and pharmacies from fraudulent transactions and unnecessary processing fees from card companies, an Address Verification System (AVS) is used to verify card information used for recurring billing and can reduce the PCI scope. For QS/1 Customers who store credit-card data for recurring charges, we offer tokenization. Once a credit card is added or processed, the card number is converted to a token and stored in a database, making it harder to decrypt. This protects the data at rest and can also reduce PCI scope. The process substitutes sensitive data with a non-sensitive equivalent, a token, which has no extrinsic or exploitable meaning or value. The token is used as a map to the sensitive data through a tokenization system.

Helpful links:
QS/1’s Point-of Sale
PaySentry Implementation Guide
POS Procedures for Encryption and Tokenization


Social Security Number Masking

To keep protected health information (PHI) private, all QS/1 Pharmacy Management Systems and our Point-of-Sale system mask social security numbers on the Patient Record, allowing only staff with the proper security access the ability to view and edit. This feature is available in SharpRx, NRx, PrimeCare, SystemOne and Multi-Site Management.

Helpful links:
NRx Service Pack 19.1.20 Enhancements
NRx Service Pack 19.1.20 Webinar


Barcode Login

QS/1’s Point-of-Sale (POS) system allows you to assign specific barcodes for employee identification cards that can be swiped or scanned and prevent unauthorized employees from accessing the system. Our POS security also eliminates unauthorized discounts and controls access with multiple security levels. Apply limits on check cashing, voids and refunds and retain an electronic log for controlled substance pickup.

Helpful links:
Information about QS/1's POS system
Manage Employees in QS/1's POS Help