Application Summary

Payment Application Name GK/Retail OmniPOS Payment Application Version 5.27.0
Application Description The GK/Retail Point-of-Sale solution comprises front-end applications for all manner of checkout systems – from classic touch, display or two-digit code systems through to mobile POS options for tablets, smartphones, and self-checkouts. All systems connect to third-party EFT systems exclusively for the transfer of the amounts of purchased items. The GK/Retail solution does not store any data of electronic funds by any means. The EFT systems connect directly to the POS via ports (COM, USB) or TCP/IP. Cardholder data is processed only in truncated format.
Typical Role of Application In general, the GK/Retail system is used in a retail environment such as in food retailing, apparel, perfumery, and DIY stores as well in the sporting goods industry. In addition, GK/Retail solutions are found in telecommunication and stadium shops. It is possible to run supervised POS stations, unattended self-service systems, self scanning applications, or flexible mobile POS solutions.
Stored Cardholder Data The following is a brief description of files and tables that store cardholder data:
File or Table Name Description of Stored Cardholder Data
Cardholder data is not stored on GK systems. Not applicable
Individual access to cardholder data is logged as follows:

Not applicable
Components of the Payment Application The following are the application-vendor-developed components which comprise the payment application:
  • POS by GK: Fat POS Client, OneX Stationary Client
Operating System(s) Supported The following are operating systems supported or required by the payment application:
Latest Supported Versions (see also Product Availability Matrix):
  • Windows 11
  • Linux 15.6

Systems must be able to run a Java Virtual Machine.
Application Authentication GK/Retail OmniPOS does not require sensitive authentication data. Such data are not saved or processed.

Authentication credentials used by the payment application are provided by the underlying operating system or other authentication software.
Application Encryption Encryption used by the payment application is provided by the underlying operating system or other authentication software. Standard encryption libraries (Bouncy Castle, BCRYPT) are embedded into the product.

BCRYPT 448 Bit Hash, SHA-256, SHA-384, SHA-512
Payment Processing Connections: Payment Processing
  • POS Business Functions – This layer provides various payment functions and handles all inputs from the cashier. It controls printing and logging and saves transactions to the database. This layer does not come into contact with cardholder data. If it prints EFT data, this data is truncated by a lower layer automatically.
  • Interface: EFT – This interface defines the set of functions that a potential EFT device may support.
  • EFT Bridge (= adapter): Behind the interface, the POS plugs in an adapter for a concrete EFT device that bridges the POS function calls (“authorizePayment”) to EFT specific commands. The bridge calls certified EFT drivers of different kinds via TCP/IP, DLL or COM/USB ports.
  • EFT - Certified EFT solution that will control all operations and customer interaction for the EFT function through the EFT device (swipe, tap, insert chip, manual key, PIN entry, authorization process to end payment processors)
Description of Listing Versioning Methodology GK/Retail OmniPOS versioning has three levels, Product Version, Major, Minor: <Product>.<Major>.<Minor>

GK/Retail OmniPOS versioning can have the following numbering scheme: <1-3 digits>.<1-3 digits>.<1-3 digits> e.g. 5.27.0

  • Product: Increasing a product number means significant changes to the application
  • Major: Increasing a major number means functional implementations such as feature enhancements and may include high or low impact changes.
  • Minor: Increasing a minor number means bug fixes and may include also high or low impact changes.

The impact on the SSS requirements (low impact change vs. high impact change) has to be analyzed per all versions in the "Critical Asset List".

Based on the above versioning methodology, the application version listed with the PCI PA-DSS was: 5.0.x (2015), 5.4.x (2016), 5.5.x (2017/04), 5.6.x (2017/09), 5.7.x (2018/04), 5.9.x (2018/10), 5.11.X (2019/08), 5.15.X (2020/04), 5.19.X (2021/02).

The application version 5.21.0 was validated with PCI SSS (2022/06) and conformity is attested yearly. Latest attestation of validation was done 2023/06.

Latest PCI SSS was done for application version 5.27.0 in 2025/06.