SSTs are public access devices that provide goods and services to customers in an unattended environment and/or in an unassisted manner. One common type of SST is an Automated Teller Machine (ATM). To ensure that ATMs remain operational, ATM vendors typically provide management software for performing settlement, diagnostic and maintenance tasks on the ATM. This software is typically referred to as a supervisor application. To access the supervisor application, a servicing person (not an ATM customer) typically presses a switch that changes the ATM from transaction mode (where a customer can enter a transaction) to supervisor mode (where settlement, diagnostic and maintenance tasks can be performed).
The Payment Card Industry (PCI) has implemented a Payment Application Data Security Standard (PA-DSS) that requires ATMs (i) to restrict access to certain supervisor functions to authorized personnel, and (ii) to maintain an audit of any servicing personnel who access those restricted functions available in supervisor mode. Details of this standard are available at https://www.pcisecuritystandards.org. However, not all ATM owners need to, or desire to, comply with the PA-DSS guidelines.
It would be desirable to be able to use the same supervisor software on ATMs that comply with PA-DSS and on ATMs that do not need to comply with PA-DSS.
This could be achieved using a runtime registry setting in the operating system of the ATM, but this would not be compliant with PCI-DSS guidelines.