What's New

What's New
Online Store
Product Information
Technical Support       

Support Our Troops

Never Forget

Hit Counter
Visits Since
November 2003

This page displays notices regarding product updates, scheduled releases, or problems and solutions that may affect all customers.

Latest News

bulletDomain Point of Sale™ *DISCONTINUED*
bulletPABP/PA-DSS Security Latest News
bulletPABP/PA-DSS Security + Position Statement
bulletSecurity Considerations + New Version v2.20 Released!
bulletNew Version v2.11 Released!
bulletInternet processing and no gateway fees - September 2004
bulletNew Dial-up Numbers for First Data - June 2004
bulletScare Letter - August 2003
bulletNew Demo Version Available - May 2003
bulletNew Paymentech Phone Numbers - December 2002
bulletProcessing via the Internet - May 2002
bulletMerchant Master No Longer Supported - February 2002

Domain Point of Sale™ *DISCONTINUED*

bulletDear Domain Point of Sale Customer:

Domain Entertainment has ceased all credit card product software sales and support operations.

The last sale of any Domain Point of Sale products occurred on July 12, 2010 and on January 1, 2011 Domain Entertainment officially closed its doors to any new sales of the Domain Point of Sale software.

As a courtesy to existing resellers, I have been continuing to provide some support.  However, I no longer have the time or ability to effectively provide ongoing support of the product.

Any continued use of the software is strictly for use at the customers’ own risk. There is no warranty of any kind and there is no implication that it will comply with any existing or future card regulations or requirements.

I appreciate your support of the Domain Point of Sale product throughout these many years, but the reality is that recent sales of the software have failed to keep pace with the expenses of Visa and Mastercard certification requirements, and these continued and ever changing requirements continue to raise expenses beyond what is reasonable or acceptable for small and medium sized software developers like myself.
Back to Top


bulletPABP/PA-DSS Security Latest News
bulletOn December 20, 2010, after requests for more information from some merchant account providers, I sent off another e-mail to the PCI Security Standards Council and received a response that read in part as follows:

"...The Council does not maintain a compliance program. The individual payment brands enforce compliance through their individual programs. They can answer compliance-related questions about merchant levels, fines, compliance dates, etc. The response you received a year ago has not changed. You can request an exemption directly from the payment brands..."

However, payment brands have begun the process of hassling Merchant Service Providers who provide their end users with software that has not been "certified."  Certification is an unneccessary and expensive process that is intended to move some of the liability of credit card companies to smaller merchants and card processing software.

Although Domain Entertainment had previously certified Domain Point of Sale, this is a process that must be done again and again and it only becomes more and more costly.  As such, Domain Entertainment will no longer be certifying the Domain Point of Sale software at this time.

bulletOn December 11, 2009, after several e-mails attempting to gain clarification of PABP/PA-DSS policies and procedures, I sent the following e-mail to the PCI Security Standards Council

"Since this PABP compliance was begun by Visa I’ve been concerned with the fact that there are no price controls in effect for validation as well as the problems which I’ve spelled out in my e-mail to you regarding the fact that my software is NOT an internet gateway, all data is stored locally and none of that data is critical data, the software is essentially a dial-up terminal with internet connectivity integrated by libraries provided by the clearing houses themselves which are already PA-DSS compliant. There has never been a breach of cardholder data from anyone using the Domain Point of Sale software either locally or remotely because there is no critical data stored.

There is no reason that a software based terminal such as mine would need certification equivalent to those of PayPal, SecurePay, or others which provide an internet front end with global data storage – that just is not the case here. My software is nothing more than a terminal that can operate without an internet connection being present at all and has no remote user or automated capabilities, everything must be done manually on the local PC."

bulletOn December 12, 2009, I received the following response:

"I’ve gotten some additional information regarding your situation. Exemptions are not for PCI to grant as we are not involved in any form of enforcement against the PA-DSS standard. In other words, PCI doesn’t “make” any application go through the process of validation. If an application is part of authorization or settlement and handles cardholder data through that process, they can elect to have that application go through testing and be listed as a Validated Payment Application but PCI itself does not mandate anything.

If you would like an “exemption”, you will need to address that with whatever client that wants to buy/use your product, as merchants are not required to purchase validated applications either but purchasing an application on the list may reduce a merchant’s cost for PCI DSS compliance."

bulletSo what does this mean?  My interpretation of what this e-mail says is as follows:
bulletPayment applications are not required to comply with PA-DSS security standards by the PCI-SSC and therefore the PCI-SSC cannot "exempt" an application from compliance,
bulletThe PCI-SSC does not enforce the PA-DSS standard nor any requirement that applications be validated,
bulletThe PA-DSS validation process is elective and purchasers of the application can "exempt" the application if they so choose,
bulletMerchants are not required to purchase PA-DSS validated applications.

That being said, Domain Entertainment strives to ensure that the Domain Point of Sale software meets recommended security standards and encourages customers to follow the security procedures outlined on this page and any that may be posted on this website in the future.

It is also recommended that customers that are not running the most recent version of the Domain Point of Sale software purchase an upgrade to the latest version from our online store to insure they are using the most secure product and are able to receive the best discount rate when processing payments.

Back to Top



PABP/PA-DSS Security and Domain Entertainment's Position on it!

Domain Entertainment's Domain Point of Sale software is currently PABP / PA-DSS (Payment Application Best Practices / Payment Application Data Security Standard) certified until 09/30/2009 (at which time DPOS must be recertified or the PCI SSC will recommend that the existing software not be distributed to NEW customers).

Applications, such as DPOS, are no longer required to be listed on the PABP / PA-DSS website as certified and Domain Entertainment, in opposition to the new PA-DSS requirement that payment of $1,250.00 be submitted yearly just to be listed on a website, in addition to the serveral thousands of dollars in certification fees, will instead inform users of the PABP / PA-DSS status of the Domain Point of Sale software here on the Domain Entertainment website.

PABP, originally enacted by Visa, is being taken over by an entity calling itself the Payment Card Industry Security Standards Council (PCI SSC) and will be called PA-DSS as of October 1, 2008 at which time the PABP list of certified applications that used to appear for no charge on the Visa website will be removed that website and will then appear on the PCI SSC website for those companies willing to pay out $1,250.00 to be listed on the website.

Prior to stating Domain Entertainment's opposition to this entire scheme, be aware that the information below will not be describing much more than what has already been stated on the internet in several places. You can type in "PCI SSC", "PABP", or "PA-DSS" into your favorite search engine and find plenty of others giving the same information and more. For even more interesting reading, do a web search for "credit card hackers" and determine for yourself who you think PABP / PA-DSS protects.

Domain Entertainment has been opposed the PABP / PA-DSS scheme from its inception due to its lack of cost regulation by Visa and now by PCI SSC. Certification under the scheme must be done either Annually (or Bi-Annually if submitting a report of no change) at a fee ranging from several thousand to tens of thousands of dollars. Certification providors are unregulated and may charge whatever fee they see fit and application providers who provide solutions to small and medium sized businesses such a Domain Entertainment are charged the same fees as huge corporate web based auction sites, what may be considered pocket change for these huge corporations is a significant amount of revenue for smaller companies like Domain Entertainment.

Let me first describe what it takes to get the software from a company to the customer and then tell you how PABP / PA-DSS fits in.

1. First, the software company must request current operating specifications from whatever processor they wish to support (such as FDMS, Global, Paymentech, ECHO, etc.) - this is who actually takes the credit card information you put into the software and tells you whether the transaction is approved or not.

2. The software company then spends many man hours writing the software to meet those specifications prior to application testing.

3. Once the software meets the specifications, the processor (FDMS, etc. as above) requires that the software go through application testing to insure that the data is being sent correctly and that everything works. The processor will not certify the application on their network until it is working correctly and passes their application testing procedures.

4. Any time a change in the software is made which affects the data transmission, it must go back through this software application testing, this must be done individually for every processor that the software supports (Domain Point of Sale supports 8 credit card processors and 5 check guarantee processors).

5. There are also card industry rules that must be followed as far as what card information can be stored on your computer and displayed on receipts.

At this point the software can normally be sold to the customer for use, however, a couple of years ago Visa began requiring PABP certification which requires that companies pay thousands of dollars to a 3rd party company to basically come and retest what has already been tested.

What does PABP / PA-DSS do for you? In my opinion, under the guise of protecting your data and your customers, what it really does is give credit card companies additional insulation from liability. I believe PABP / PA-DSS was probably created in response to the ongoing news stories of hackers stealing and downloading millions of credit card numbers.

I also believe that most of the rules enacted by credit card companies in the last several years have only made it more difficult for merchants to be able to defend against chargebacks and fraudulent charges than ever before as well as made it more difficult for software companies to keep up with their ever increasing demands and now ever increasing fees, but you are encouraged to research this on your own and come to your own conclusions.

The bottom line here is that Domain Entertainment provides an affordable PC software solution to small and home based businesses. Unlike web based processing solutions, there is no additional monthly fee to use the Domain Point of Sale software which can help small businesses save hundreds of dollars each year in unnecessary fees.

The Domain Point of Sale product has never been on the list of applications that store sensitive cardholder data nor has it ever been considered a high risk application. That's because it stores all transaction information on your local PC, not at a source on the internet, and that transaction information is stripped of all but minor, allowable identifying information (such as the last few digits of a card number), transactions are sent via phone line or via the internet using secure software communication libraries written by the internet processor themself, not by Domain Entertainment.


Back to Top



Security Considerations + New Version v2.20 Released!

bulletOngoing changes in the credit card industry are requiring that merchants themselves become more and more involved in securing the cardholder data that they handle.  In our continuing efforts to make these ongoing transitions as painless as possible, Domain Entertainment has released version v2.20 to assist with these changes.

Additionally, the following information is being provided to assist our customers complying with current card industry PCI security requirements - please implement these changes to your system as necessary, and keep in mind that these are *minimum* requirements, so you may wish to expand on them (note that these changes pertain to the Windows XP OS and may vary slightly depending on your version of Windows):
bulletIn the Control Panel->Security Center, the Windows Firewall Should be ENABLED or a suitable alternative firewall should be used.
bulletIn the Control Panel->User Accounts, any Guest Accounts should be turned OFF and any Administrator accounts should be protected with secure passwords.
bulletFile Sharing (or Simple File Sharing) should be DISABLED.
bulletIn the Windows Control Panel->Performance and Maintenance->Administrative Tools->Local Security Settings->Local Policy->Audit Policy, auditing for all items shown here should be ENABLED and turned on.
bulletIn the Windows Control Panel->Performance and Maintenance->Administrative Tools->Local Security Settings->Account Policy->Password Policy:
bulletEnforce password history should be set to 4 passwords remembered
bulletMaximum password age should be set to 90 days
bulletMinimum password length should be set to 7 characters
bulletPassword must meet complexity requirements should be set to Enabled
bulletStore password using reversible encryption should be set to Enabled
bulletIn the Windows Control Panel->Performance and Maintenance->Administrative Tools->Local Security Settings-> Account Policy->Account Lockout Policy:
bulletAccount lockout duration should be set to 30 minutes
bulletAccount lockout threshold should be set to 6 invalid logins
bulletReset account lockout counter after should be set to 30 minutes
bulletAdditionally, should this product be used in a wireless lan (WLAN) environment, you must verify that:
bulletAppropriate encryption methodologies are in use for any wireless transmissions, such as: VPN SSL/TLS at 128 bit, WEP (Wired Equivalency Protocol) at 128 bits, and/or WPA.
bulletIf WEP is used and the key rotation process is manual, verify processes are in place to rotate shared WEP keys at least quarterly and whenever key personnel leave.
bulletIf WEP is used, verify that another methodology is in use, in addition to WEP, to protect the data.
bulletFor automated key rotation processes, verify that keys change every 10-30 minutes.

Failure to implement these requirements in their entirety may put your system and your data at risk.


Back to Top

New Version v2.11 Released 08/24/2005

bulletAdding support for two new processing solutions (FDMS Nashville [Terminal Based] and Global Payments East) both supporting dial-up and TCP/IP (via Datawire) transaction processing capabilities, along with various program enhancements, version 2.11 of Domain Point of Sale has been released ahead of schedule.

Most existing owners of Domain Point of Sale v2.10 (those which purchased their software on or after September 1, 2004) will be eligible for a free upgrade to this new version which can be downloaded by clicking here.  Owners of prior versions of the software will be able to purchase a software upgrade through the online store.

Please be aware that all software and software upgrade purchases are FINAL and there will be no refunds.  Also be aware that once a new version has been released, older versions are no longer available for download or purchase due to the ever changing requirements of the credit card industry, so DO NOT try to install an upgrade which you are not eligible for or have not purchased!
Back to Top



Process through your internet connection using version 2.10 of Domain Point of Sale

bullet Domain Entertainment™ is proud to announce that Version 2.10 of Domain Point of Sale™ is the first PC based software to allow processing through the internet for FDMS Omaha via Datawire.  In addition, this new version also allows processing via the internet for the Paymentech and Nova host systems.

This means that if you currently use one of these systems for processing, that you can upgrade to v2.10 of Domain Point of Sale™ and process transactions through the internet using your DSL, Cable, ISDN, or other internet connection*.  Previously only available to those customers processing through Nova, it is now be available to those processing on the Paymentech and First Data Omaha systems.  Future support for IPN processing is also planned for the Global Payments East and ECHO systems.

This also means that if you are currently processing through a virtual terminal and pay a monthly gateway fee that you can switch to the Domain Point of Sale™ software and stop paying monthly gateway fees!**

This release is the first release of Domain Point of Sale™ shipped exclusively on CD and upgrades are available through the online store.  Like all upgrades of Domain Point of Sale™ the upgrade price includes download access to any upgrades released within approximately one year of activation.

Back to Top

*Note: For processing through your internet connection, you must also contact your merchant services to have them setup your username/password for Paymentech, or to setup your Datawire ID for FDMS Omaha.  No additional setup is currently required for Nova.

**Note: Domain Point of Sale™ can take the place of a virtual terminal for keyed and swiped processing; if you currently use a gateway for automated processing of your web based store you will need to continue using it for that purpose.  If you are not currently using Domain Point of Sale™ you may contact your merchant services to purchase a copy.


New Dial-up Numbers for First Data - June 2004

bulletEffective immediately First Data is phasing out their 950 dial up numbers and will shut them down completely by the end of December 2004.  You can get to the dialup numbers in the Domain Point of Sale™ by going to Configuration->Modem in the program.  Change any 950 numbers as follows (all other numbers should be left as they are):

Any phone number of 9501324 should be changed to 18663048515.

Any phone number of 9501809 should be changed to 18008747680.

Future versions of Domain Point of Sale™ will have the new numbers installed by default.
Back to Top

Scare Letter - August 2003

bulletA recent letter was sent out by processors telling merchants that if they did not comply with a new Mastercard and Visa mandate which requires terminals to hide all but the last 4 digits of a card number and the expiration date on printed receipts that they could be fined $10,000.  Some people may be unaware of the timelines for complying with this mandate.
bulletVisa requires that existing terminals meet this requirement by July 1, 2006
bulletMastercard requires that all terminals meet this requirement by April 1, 2005

Domain Point of Sale, as of the 04/01/01 version, already complies with a similar California law (CC1747.9) that requires all but the last 5 digits of a card number to be masked on printed receipts, all current versions of Domain Point of Sale already meet the more strict Visa and Mastercard requirements and can be purchased from our online store.

It's important to note, however, that some states have laws which have similar requirements that take effect earlier (or later) than the Visa and Mastercard requirements; currently the earliest compliance requirement for existing terminals is January 1, 2004.  You can see if your state has a particular requirement by going to the website located here  http://www.paymentech.net/sol_mersupcen_art_accnumrul_page.jsp

Back to Top

New Demo Version Available - May 2003

bulletThis new demonstration version allows potential customers to perform a live system check to get their modems functional and/or test for compatibility prior to purchase; it also displays the most recent features of Domain Point of Sale.
Back to Top

New Paymentech Phone Numbers - December 2002

bulletPaymentech has announced their self-owned dial-up network for transaction processing which will result in new phone numbers for processing.  Those customers processing through the Paymentech network should change their primary phone number (phone number 1) to 18775295686 and their secondary phone number (phone number 2) to 18002269864.  This change only applies to versions of Domain Point of Sale released prior to January 2003; subsequent versions have the new phone numbers stored as the default in the software.
Back to Top

Processing via the Internet  - May 2002

bulletAs of the May 10, 2002 version of Domain Point of Sale the software now supports processing over the internet, including cable and dsl modems, through the NOVA host system.  This release supports processing on the FDMS Nashville (Envoy, EHC Host Based) system as well as adds CVV2 and VOID functionality to several previously supported systems.
Back to Top

Merchant Master No Longer Supported - February 2002

bulletDomain Entertainment no longer produces the privately labeled Merchant Master version of it's Domain Point of Sale software product.  The final batch of Merchant Master labeled software shipped by Domain Entertainment was sent out on July 26, 2001 and consisted of the April, 10 2001 (1.00B041001) release of the software, no future Merchant Master labeled software will be made available.

Current owners of the Domain Entertainment Merchant Master labeled software may upgrade directly to our functionally equivalent Domain Point of Sale product.  Owners of Merchant Master can purchase an upgrade to the current release of Domain Point of Sale by visiting the online store (a current valid serial number and merchant number is required for the purchase).

Note: Current owners of the Merchant Master software should purchase an upgrade to the Domain Point of Sale product in order to insure that they meet all current Visa, MasterCard, and other processing rules as well as to insure that they are capable of getting the best processing rates by being able to submit all necessary data for each transaction.

Back to Top


Home | What's New | Online Store | Product Information | Downloads | F.A.Q. | Technical Support

Contact us with any questions or problems regarding this web site.
Copyright © 2003-2005 Domain Entertainment
. All rights reserved.