Go to Bottom

Securing Credit Card Information

Setting Security and Payment-Related System Parameters

SecureAccountNumbers

Default setting = False

Recommendation: Set to True

If True, the Order Manager will encrypt credit account numbers in 2 locations; order records and transaction records. Transaction records are created when a credit card is charged. Every credit card account number in the store data file will be encrypted, and once completed, the encryption cannot be reversed by the program. Changing the system parameter setting back to False will not decrypt the account numbers.

This parameter does not block the credit card number from being viewed in the user interface, however, as the program is able to decrypt the data for display at the Orders screen synonymous with the Microsoft Access Form Object or user interface.. This parameter does make it impossible for someone to get the credit card account number by looking directly in the database tables. If an unauthorized person gains access to the store data file, they will not be able to access the account information without having the Order Manager application as well.

To prevent full credit card numbers from being displayed in the program, refer to system parameter, HideAccountNumbers.

DeleteDownloadTextFiles

Default setting = False

Recommendation: Set to True

If True, the Order Manager deletes the text files that are created when orders are imported from a shopping cart an e-commerce software system that allows a merchant to sell products on the Web. In the context of the Order Manager, it refers to the settings that describe a merchants web store to the program, allowing it communicate with the online shopping cart and import orders, and other information etc. system. Those text files may contain card account numbers, depending on the shopping cart in use.

If False, the program moves these text files to the Data Archives directory, and the account numbers in these files are not encrypted.

This measure is highly recommended if the merchant wishes to be Visa-certified. See CISP compliance validation on Visa's web site for more information.

AllowDeleteCreditCardInfo

Default setting = False

Recommendation: Set to True

If True, the program adds a selection on the Maintenance tab of the Maintenance Menu called Delete Old Credit Card Info. If clicked, the user is prompted to select to mouse "left-click" on an object, usually a row in a table, in the context of Order Manager documentation a date (it cannot be less than 30 days from the current date). Credit card data is deleted in records where the order or transaction date is up to and including the date specified by the user.

Note: Once credit card data is deleted, the only way to restore it is with a backup copy of the data file.

CCLoadPartial

Default setting = False; If set to TRUE, system parameter SecureAccountNumbers must be set to FALSE

Recommendation: Set to False unless you capture credit card payments at the web site and you do not need to process credits or other transactions in the Order Manager.

If True, the program only stores the first four digits and the last four digits of card numbers even if the program receives the entire credit card number. Additional transactions cannot be run, and therefore the vendor may not be able to issue credits to customers’ cards depending on the shopping cart. Also, the Order Manager may not be able to determine the card type if the entire card number is not present. To get around this, run the credit card capture at the web site and manually log the payment as received in the Order Manager.

HideAccountNumbers

Default setting = False

Recommendation: Set to True

If True, full credit card account numbers are blocked from view in the user interface; only the last 4 digits of the account number are visible. Should be used in conjunction with system parameter, SecureAccountNumbers.

Securing Credit Card Data before Sending Files to Stone Edge for Troubleshooting Purposes

The Store Data File

1. Use the Order Manager’s zip utility to secure the MS Access data file. This process does not work for SQL databases.

2. Have all users exit the Order Manager on all workstations.

3. Close all other applications that might be using the store data file, such as UPS Worldship, etc.

4. Go to the Main Menu and press [Ctrl+Shift+Z].

5. The utility copies the data in the store file the database used by the Order Manager that contains all order, customer, inventory and supplier records related to a given "store". into a new MS Access database in which all credit card numbers are changed to all zeros ("0000000000000000"). The file is also zipped by the utility.

6. Send the zipped file to Stone Edge Technologies via email, FTP, etc.

Order Import Text Files

If Stone Edge tech support requests a text file from the Data Archives folder:

1. Open the file in Notepad or Wordpad.

2. Manually remove all account numbers from the file.

3. Transmit it to Stone Edge.

Order Import XML Files

If SETI tech support asks for a copy of an XML a mark-up language similar to HTML, except that it is used to structure data, not display it. XML is used to order data in such a way that it can be passed between applications with relative ease. file to analyze an order import problem:

1. Open the file in Notepad or Wordpad.

2. Manually delete credit card numbers, denoted by the "<number>" tag, before transmitting to Stone Edge.

Created:

Go to Top