Go to Bottom

Securing Credit Card Information

Setting Security and Payment-Related System Parameters


Default setting = False

Recommendation: Set to True

If True, the Order Manager will encrypt credit account numbers in 2 locations; order records and transaction records. Transaction records are created when a credit card is charged. Every credit card account number in the store data file will be encrypted, and once completed, the encryption cannot be reversed by the program. Changing the system parameter setting back to False will not decrypt the account numbers.

This parameter does not block the credit card number from being viewed in the user interface, however, as the program is able to decrypt the data for display at the Orders screen. This parameter does make it impossible for someone to get the credit card account number by looking directly in the database tables. If an unauthorized person gains access to the store data file, they will not be able to access the account information without having the Order Manager application as well.

To prevent full credit card numbers from being displayed in the program, refer to system parameter, HideAccountNumbers.


Default setting = False

Recommendation: Set to True

If True, the Order Manager deletes the text files that are created when orders are imported from a shopping cart system. Those text files may contain card account numbers, depending on the shopping cart in use.

If False, the program moves these text files to the Data Archives directory, and the account numbers in these files are not encrypted.

This measure is highly recommended if the merchant wishes to be Visa-certified. See CISP compliance validation on Visa's web site for more information.


Default setting = False

Recommendation: Set to True

If True, the program adds a selection on the Maintenance tab of the Maintenance Menu called Delete Old Credit Card Info. If clicked, the user is prompted to select a date (it cannot be less than 30 days from the current date). Credit card data is deleted in records where the order or transaction date is up to and including the date specified by the user.

Note: Once credit card data is deleted, the only way to restore it is with a backup copy of the data file.


Default setting = False; If set to TRUE, system parameter SecureAccountNumbers must be set to FALSE

Recommendation: Set to False unless you capture credit card payments at the web site and you do not need to process credits or other transactions in the Order Manager.

If True, the program only stores the first four digits and the last four digits of card numbers even if the program receives the entire credit card number. Additional transactions cannot be run, and therefore the vendor may not be able to issue credits to customers’ cards depending on the shopping cart. Also, the Order Manager may not be able to determine the card type if the entire card number is not present. To get around this, run the credit card capture at the web site and manually log the payment as received in the Order Manager.


Default setting = False

Recommendation: Set to True

If True, full credit card account numbers are blocked from view in the user interface; only the last 4 digits of the account number are visible. Should be used in conjunction with system parameter, SecureAccountNumbers.

Securing Credit Card Data before Sending Files to Stone Edge for Troubleshooting Purposes

The Store Data File

  1. Use the Order Manager’s zip utility to secure the MS Access data file. This process does not work for SQL databases.

  2. Have all users exit the Order Manager on all workstations.

  3. Close all other applications that might be using the store data file, such as UPS Worldship, etc.

  4. Go to the Main Menu and press [Ctrl+Shift+Z].

  5. The utility copies the data in the store file into a new MS Access database in which all credit card numbers are changed to all zeros ("0000000000000000"). The file is also zipped by the utility.

  6. Send the zipped file to Stone Edge Technologies via email, FTP, etc.

Order Import Text Files

If Stone Edge tech support requests a text file from the Data Archives folder:

  1. Open the file in Notepad or Wordpad.

  2. Manually remove all account numbers from the file.

  3. Transmit it to Stone Edge.

Order Import XML Files

If SETI tech support asks for a copy of an XML file to analyze an order import problem:

  1. Open the file in Notepad or Wordpad.

  2. Manually delete credit card numbers, denoted by the "<number>" tag, before transmitting to Stone Edge.




Go to Top