Verifone Ocius Sentinel

Verifone Ocius Sentinel requires a user login ID and PIN to be stored on the POS system.

These are transmitted by EFTLink to the Ocius Sentinel application as part of a login process which is required before Ocius Sentinel can accept EFT requests.

When it is running, the Ocius Sentinel application also has a GUI (Graphical User Interface) which can be accessed by an operator from the Windows System Tray. This GUI has a login screen. The login screen accepts the same ID and PIN as stored in the EFTLink core configuration file. Having manually logged into Ocius Sentinel, several functions are available to the user, including processing payments and refunds which bypasses the POS software.

In order to prevent unauthorized use of the Ocius Sentinel application, the user login ID and PIN should be stored encrypted in the EFTLink core configuration file. An encryption tool is provided to implementers for this purpose and details on its use can be found in the Oracle Retail EFTLink Core Configuration Guide. It is recommended that batch encryption of user login ID and PIN data be carried out at a central location and the encrypted data then be distributed to stores as required. Once encryption has taken place, the clear text copy of the data can be deleted.

Note:

EFTLink is configured to expect encrypted ID and PIN data by default.