You are here: Procedures > Windows Settings for PCI

Windows Settings for PCI

There are several Windows settings that must be configured to prevent the system from inadvertently capturing credit card (PAN) information. The main objective is to reduce the threat of the possibility of malware stealing PAN information in virtual memory. In most circumstances, credit card data is not contained within the rmwin folder when using Paygistix. However, if the Pop Up Mode is enabled in Station Configuration, there will be the possibility that credit card data is captured in the POS computers virtual memory via a keyboard entry or standard MSR swipe. It is imperative you use the following steps to eliminate this possibility. This is done by clearing the system pagefile. sys at shutdown, disabling System Management of PageFile.sys, and disabling system restore. These settings only need be configured on all computers with an MSR attached or where credit data is entered manually. The following instructions are for Windows 7.

Clearing the System Pagefile.sys on Shutdown

Windows has the ability to clear the Pagefile.sys upon system shutdown. Doing so will purge all temporary data from the pagefile.sys (temporary data may include system and application passwords, cardholder data (PAN/Track), etc.).

NOTE: Enabling this feature may increase windows shutdown time.

  1. Click on the Windows "Start" and in the search box type in "regedit".

  2. On the program list, right click on regedit.exe and select "Run as Administrator"

  1. Navigate to HKEY_Local_Machine\System\CurrentControlSet\Control\Session Manager\Memory Management. Double click "ClearPageFileAtShutdown".

  1. Change Value data from 0 to 1

  1. Click OK and close Regedit

NOTE: If the value does not exist, right click on the Memory Management folder, select "New" on the drop down menu select "DWORD (32-bit or 64 bit depending on OS) Value" and add the following:

  • Value Name: ClearPageFileAtShutdown

  • Value Type: REG_DWORD

  • Value: 1

Disabling System Management of PageFile.sys

You will want to disable memory page swapping to the hard drive. The following steps will show you how to tweak virtual memory settings in Windows by disabling (pagefile.sys).

  1. Right Click on Computer > Select "Properties"

  2. Select "System Protection" on the top left list

  3. Select the "Advanced" tab and click "Settings" under Performance section

  1. Click the "Advanced" tab in the Performance Options window and click "Change" under Virtual Memory

  1. In the Virtual Memory window:

    • Uncheck "Automatically manage page file size for all drives"

    • Select "Custom Size"

    • Enter the following for the size selections:

      • Initial Size - as a good rule of thumb, the size should be equivalent to the amount of memory in the system.

      • Maximum Size - as a good rule of thumb, the size should be equivalent to 2x the amount of memory in the system.

    • Click "Set"

  1. Return to default windows screen by clicking "OK" three times

  2. Reboot the computer

Note: you may want to increase the size of your RAM to counter the effects of disabling pagefile.sys

Disabling System Restore

The following steps describe how to disable system restore points. This is critical as a system restore point may

inadvertently capture cardholder data if it is not disabled and compromise your PCI DSS compliance.

  1. Right Click on Computer and Select "Properties" on the pop up menu pop up.

  1. Select "System Protection" on the top left list.

  1. Click "Configure" under the System Protection tab.

  1. Click to enable "Turn off system protection", click "Apply", and then click "OK" to close System Protection window.

  1. Click "OK" to close System Proprieties window.

  2. Reboot computer.