Credit Cards
Version: 15.3
Index 72
The credit card processing capabilities of EnterpriseIQ are completely internal. At no time is the
processed information accessible by external applications. And no other payment applications
are used either by the EnterpriseIQ Credit Card module or by WebDirect. Credit Cards can be
associated to customers which are then assigned to sales orders, AR Invoices, or CRM Support
Issues. Once a payment is required the credit card can be processed through the Credit Card
Processing module.
Implementation Steps
Create the Accepted Credit Card list.
IQMS customers must have their own merchant account. IQMS currently works with TSYS,
Authorize.Net, ESelect Plus (also known as Moneris Canada and Moneris USA),
MyVirtualMerchant (also known as Elavon), Merchant e-Solutions, and PayPal to process
credit card information. Users must enter their account information for their merchant account
on the configuration screen under EnterpriseIQ System Parameters. Multiple default
merchant accounts can be entered and associated to specific EPlants.
You may optionally create a list of credit cards for each customer. Each customer can have
a list of credit cards which may be selected from a pick list, or assigned by default to each
credit card transaction. This feature is optional because credit card information can be
entered manually at the time of authorization so that no sensitive data is stored in the
database.
You may link the credit card to be used for payment to a sales order, AR Invoice, CRM
Quote, or CRM Support Issue.
Charge the card against an Invoice or Sales Order.
If your account settings require “authorization only” payments, you may settle transactions
according to your internal business procedures from the Credit Card Settlements form.
In This Chapter
Accepted Credit Cards ............................................. 3
Credit Card Gateways .............................................. 4
Customer Credit Cards ............................................. 17
Click on the ADD (+) button and select the Credit Card type from the drop down list. IQMS is
certified to support Visa, MasterCard, American Express, Discover, and JCB. Of the supported
credit cards, only Visa, MasterCard, and American Express support Level 3 processing.
Note: If the user has not added to the list of "Accepted Credit Cards", and attempts to create a
charge, then an error will display from the charge screen. The charge screen will close after
showing the error.
When the Credit Card Charge screen is selected, the system will select the merchant account
based on:
EPlant
Currency
The 'Default' check box or the first record
If no merchant account exists for these criteria, then the default or first system merchant
account will be used (no EPlant filter)
Gateway Select the gateway that your company uses from the alphabetical drop down list.
(Note: A gateway of none can be selected where a third party service is not used).
Merchant Name This field will populate automatically with the Company name (IQSYS.COMPANY) but
it can be modified. When adding a new transaction, the “Merchant Name” field on the
transaction record is updated with the account merchant name.
Bank Account # Select the bank account from the drop down list.
Note: For the Moneris Canada and Moneris USA gateway account settings, the
Currency field is visible on this tab but is not applicable as it is defined at the
merchant account level with the gateway. It is the currency agreed upon with
Moneris.
Default Select this box to mark a merchant account as the default account to be used.
Archived If a merchant account becomes inactive this option can be selected to mark the
account as archived. Archived merchant account information can still be viewed by
selecting the 'Show Archived Accounts' toggle button. Archived accounts will display
in yellow.
Account Settings
Select the Account Settings button to add additional information about your merchant account
such as Bank Identification Number and Terminal Number. This information will be provided by
your gateway vendor.
The account setting screen will be different for each gateway. Below is an example of the
account settings for the Authorize.Net gateway.
Advanced
Time Out Threshold - On the General tab a Time Out Threshold can be entered. This must be a
positive number representing the number of seconds before EnterpriseIQ will retry an operation.
If a transaction cannot be processed immediately, EnterpriseIQ will not retry an operation until
the number of seconds has elapsed. The default value is 30 seconds.
Gateway URL tab- The Gateway's Production and Test URL and Port information. If the gateway
changes their URL for credit card transactions, the user may specify the correct URL here.
These will be the default values that are used in Charges and Settlements. If left null, then the
default values at the time of the software release will be used.
Firewall tab:
Use Firewall Settings - If checked, firewall settings will be used for authentication. If unchecked,
the firewall settings will not be used.
Type - The type of firewall. When the firewall type is selected from the list, the value for Port will
change to the default value for the selected firewall type. The available Firewall Types are:
None - No firewall.
Tunneling Proxy - Connect through a tunneling proxy. The default port value is set to 80.
SOCKS4 Proxy - Connect through a SOCKS4 Proxy. The default port value is set to 1080.
SOCKS5 Proxy - Connect through a SOCKS5 Proxy. The default port value is set to 1080.
Host - The DNS name or IP address of the firewall. This setting is optional, but if a host name is
provided, then all communications will be authenticated through the indicated firewall. If the host
is set to a DNS name, then a DNS request is issued to find a valid IP address for that name. If a
valid IP address is not found, then an error will be displayed.
Port - The TCP port for the firewall host. This is an numeric value.
User Name and Password - If a firewall host is specified, the user name and password will be
used for authentication when connecting through the firewall.
EPlant Settings
Each EPlant can have multiple merchants associated to them. This is set up on the Enterprise
tab in System Parameters. Highlight the EPlant and then go to the Credit Card tab.
To encrypt the data such as credit card number and zip code select the Encryption button to
access the Credit Card Data Encryption Wizard. Encryption keys are used to secure credit card data
against unauthorized access.
Note: This button is only enabled if the user is a DBA. Encryption applies to all accounts, and is
not set per account.
After you change the keys, EnterpriseIQ will update data to the new format; the process may
take a while, depending on the number of records.
Select the Next button. From the next screen enter the three passwords that will be used for
encryption. Passwords are case-sensitive, and are required to be strong passwords.
Select Next and the system will validate the passwords. If this is not the first time the
encryption process has been run the system will check to be sure the passwords have not
already been used. If they have a warning will appear:
Once the passwords have been validated select the Next button to proceed. From the next
screen enter the duration in days when the encryption keys will need to be changed in the
Reminder field. Per PCI-DSS requirements it should at least be annually. The Reminder Date
field will populate automatically based on the system date and reminder days value. (If the
reminder is set to zero days no reminder will display).
When Security Inspector displays the system will check for out of date keys and if they are the
user will be reminded to change them. This warning has the 'Do not show next time check box'.
When checked the warning will not display. (It can be marked to show again in the Dialog Check
Boxes in the System Parameters->Lists menu).
Once the reminder days have been entered, select the Next button and the next screen will
state you are done. Select the Finish button to begin the encryption process.
Remove Encryption
The encryption can be removed using the Encryption Wizard. To remove encryption select the
Encryption button and then select the Remove encryption option from the first screen of the
wizard.
The system will validate the passwords. Select the Finish button to start the un-encryption
process. A confirm box will appear stating: ‘Encrypted values will now be decrypted. This will
present a serious security hazard. Continue?’ Select Yes to continue. Once completed the
system will state the process completed successfully.
To encrypt the data again the user can go through the same process described in the Encryption
section above. New passwords will have to be used. Note: Passwords must be unique.
Passwords that have been used in the past are considered compromised and cannot be re-
used.
When inserting a new credit card account, if any gateway has been added which support
tokenization, the system will display a prompt screen. The prompt screen allows the user to add
either a standard credit card account, or a token. To add a token, the user must select a
merchant account, as it is set up in System Parameters. The pick list of merchant accounts is
filtered to exclude any account that does not support tokenization. If the user chooses to add a
token and clicks the OK button, the tokenization request will be submitted the to the gateway
and the record will be added. If errors occur, they will be displayed and the credit card account
will be created as a standard account. This allows the user to “convert” that account to a token,
after any problems are resolved.
Note: The token merely replaces the credit card number. It is unique per gateway account, and
can only be used to process a transaction with a specific gateway. The token is encrypted along
with any other credit card number, and only the last four digits display in pick lists.
Note: The full account number is displayed in Customer Credit Cards and on the Credit Card
Log. Security to Customer Credit cards should be assigned by the company administrators as
they see fit. EnterpriseIQ provides the ability to restrict access to the screen when accessed
from Customer Maintenance or Customer Central. It is recommended to keep access to such
information limited to personnel on a need-to-know basis. Currently both stock roles IQALL and
IQCUST_RW security is Enabled on the sbtnCustomerCreditCards. If company administrators
wish to restrict access to the Customer Maintenance Credit Card screen these roles should not
be assigned. On all other screens customarily used by financial and sales personnel, the stored,
Customer credit card number is masked so that only the last four digits display.
To add new credit card information for the customer select the ADD (+) button and enter the
information in the fields.
Credit Card Type Select the type of card from the list. This list is comprised of the credit card types
that were added to the Accepted Credit Cards list.
Note: Right click on this field to access the Accepted Credit Cards form to update
the types of cards accepted if necessary.
Name On Card The exact name on the credit card.
Account # The credit card account number.
Expiration Date The two digit month and two digit year of the expiration date for the credit card.
(MMYY)
Default Check this box to mark the default credit card for the customer. When attaching a
credit card to a Sales Order or AR Invoice the system will automatically pull in the
‘default’ credit card.
This information can be used in Sales Orders, AR Invoices, CRM Quotation, and CRM Support
Issues. This gives the user the ability to track what credit card was used for a purchase or repair.
From this form the user can also enter the credit cards accepted by clicking on the Accepted
Credit Cards button, and validate the credit card by selecting the validate card button. If the
expiration date or card number is invalid a pop up box will display indicating this.
Options Menu
There are two purge options available to help maintain current credit card information for
customers.
Purge Expired Cards - Purges expired credit cards for the current customer.
Purge Credit Card Data - Deletes all credit card data for the current customer including the list of
credit cards, and credit card transactions.
Credit cards that have been charged can be deleted without constraints by selecting the Delete
(-) button. This will enable users to remove credit card information for customers that request
that information is not retained.
Purge Log Data – You may purge the credit card transaction log for a specific customer at any
time in order to keep transaction information at a minimum. When the Purge Log Data form
appears, it will have the customer’s company name in the caption. The purge actions will apply
to the current customer only. Note: This only applies to records added under 2012SP1 because
the ARCUSTO_ID field is recent addition to the log table). This feature is also available from the
Options menu in the Settlements screen but will purge all log data, not just for a specific
customer. It is provided from the Settlements screen for ease of access.
Tokenize Current Credit Card - Select this option from the Options menu or use the speed button to
tokenize the current credit card.
Select - This option brings up a list of cards already associated to the customer. If there are
several the user can enter the last four digits of the card and select the Search button to find that
card. Once the desired card is highlighted, select the OK button to associate it to the record.
New - This allows the user to enter a new card for the customer. This is not limited to DBAs as
the user will not be able to see any of the other credit card information only what is being
entered.
Clear - This clears the card from being attached to the record.
In addition to the transaction information on the right (amount, tax, and freight). The bottom
status bar will display the merchant name, credit card merchant description being used, the type
such as Authorization, and the currency code.
Credit Card
Customer Record - If the credit card information was associated to the sales order, or invoice it will
appear in this form automatically. The card information can be changed by selecting the ellipsis
button in the Card Number field. On the charge screen, the expiration date may be updated for a
card selected from the customer’s list. If the expiration date is changed, a check box with the
caption “Update” will appear. The check box is checked by default. When the card is charged
successfully, if the “Update” check box is checked, the expiration date on the customer credit
card record will be updated. Note: If tokenization is used the expiration date cannot be edited and
the update box cannot be checked.
Manual Entry - The user can select the Manual option to enter the information in manually.
Note: The CVV2 information is not recorded in the database. It is used in memory for the current
authorization charge only. This can be entered for a standard credit card account or a token.
This field is no longer available in WebDirect. If you wish to enter a card verification value (CVV)
to authenticate a credit card charge, you must contact the cardholder in person to obtain the
value.
Address Verification
Select the address to be used for verification by selecting the ellipsis button to bring up the Bill
To address pick list. Note: This option will only be available for gateways that support AVS
testing. (Of the gateways that IQMS currently supports, only TSYS and PayPal support AVS.
Only TSYS can test for AVS before authorization. PayPal checks the address only during
authorization, and the result is returned as an “AVS Response”).
The Address Verification System, or AVS, is a fraud deterrent tool that provides greater security
to merchants and cardholders. AVS compares the billing address provided by the customer to
the address on file with the card issuer (the address where the cardholder's statements are
mailed). Select the Address verification Test button to verify the address. A message will appear
stating the results.
Note: If the AVS code is not provided, the system will not submit an empty value as the AVS
code, it will use the cardholder address information.
Special Fields
The invoice # and Order # will automatically fill in when charging from the AR Invoice screen, or
if the invoice for the sales order is created form the Quick Invoice Option from the Packing Slip.
The sales order PO # will only automatically populate if the charge is done from the sales order
module. Also, if charging from the sales order, the system will not populate the invoice #. All four
fields can be edited by selecting the ellipsis button and selecting the appropriate record from the
pick list. The pick lists are filtered based on the customer.
On Account
Check this box to automatically post cash immediately upon settlement instead of waiting for the
actual sales invoice to be generated. When checking the 'On Account' box on the Charge Card
form, upon settling that charge, a Cash Receipt for that charge will be created in the prepost
table. When the Invoice is finally created and posted, a Cash Receipt will be created for that
invoice with the corresponding posted on account cash receipt.
Notes:
System Parameters->GL Setup tab->'Customer Pre-Payments' must be populated for this to
work properly.
This option will be available when charging a credit card from a sales order (not from
invoices).
This applies only to pre-settlement authorizations. For example, Authorize.Net and
Merchant-Accounts.Ca support Authorize Only so this option will be available. TSys and
Elavon do not, so the 'On Account' box is not visible when using those gateways.
Foreign currency conversion for credit cards - the TSYS and Authorize.net gateways support multi-
currency. When the charge screen displays, if the original order or invoice is a foreign currency,
all amounts are automatically converted to native first. For example, the currency in the credit
card account settings is set to USD. When a 100.00 invoice in CAD is charged the system will
automatically convert the value to USD ($75.00 in the example below). The system uses the
exchange rates set up in System Parameters (Regional tab). The Original currency will display in
the charge screen for informational purposes.
From the Special Fields tab a Edit List speed button will appear to the right of either the "Order
#" field or the "Invoice #" field, based on where the credit card charge button was selected (from
the invoice or sales order). When the user clicks the button, a form displays which allows the
user to select multiple Sales Orders or Invoices. The form will show either a list of Sales Orders
or Invoices for the current customer only, as indicated on the Sales Order or Invoice. Only Sales
Orders and Invoices which have not yet been charged will display in the list, however records
paid through cash receipts will display. Partially charged Sales Orders or Invoices will be
included. The "selected" list will already contain the Sales Order or Invoice, which called the
Charge screen. It cannot be removed from the list because it is the default item. The user can
add more Sales Orders or Invoices to the list, if desired.
When viewing Invoices, posted invoices can be displayed by selecting the 'Include History' button.
They will appear at the top of the list and be highlighted in yellow. From both sales order and
invoice views the information can be filtered for a specific date range by selecting the 'Set Date
Range' button and entering a specific date range. This defaults to 'All Dates'.
Note: For TSYS Level 3 processing, each selected item will show a button, "Level 3 Addendum,"
which will allow the user to edit the Level 3 information. If this step has been skipped when the
user clicks OK to save changes, then the user will be prompted for Level 3 information for each
item before the screen closes. If a credit card is not selected a warning will appear stating,
'Please select a Visa, Master Card, or American Express credit card before attempting to edit
Level 3 options.'
After clicking OK to save changes to the list, then the "Transaction Information" group on the
charge screen will be disabled because only the amounts from the itemized Sales Orders or
Invoices will be used. The Transaction Information will show 'Multiple items selected.' The font on
the "Invoice #" or "Order #" field will be bold if multiple items have been selected. The Transaction
Description contains either the Invoice number, Sales Order number, or the Purchase Order
number, depending on availability at the time of authorization. The Response Information area will
also be hidden (grayed out); the results for each charge will be displayed on separate, "progress
summary" form. The "Order #" field on the charge screen will be cleared and disabled if there
are multiple Invoices selected.
Print Receipt
If a report is assigned to the 'Credit Card Receipt' Report option in System Parameters->Reports
and Forms tab, then the user will be prompted after a successful charge to print a receipt. If
multiple Sales Orders or Invoices were selected (multiple charge), the prompt displays before
authorizations occur. Note: the 'Print' dialog will display for each report. The standard report is
called CC_RECEIPT.RPT, Below is an example report:
The Credit Card Settlement module is a separate speed button on the AR tab of the launcher
bar. Select this button to open the settlement form. (The screen shot below is in form view):
Note: For the Merchant-Accounts.ca gateway there is a 'Transaction Description' column which
will populate in this order: Invoice #, Sales Order #, PO # based off of the charge screen when
first opened. The Sales Order # or Invoice # or PO # and Company Name will pass through with
each transaction.
Note: If a Credit Card Transaction in the settlement screen is associated to an invoice and that
invoice gets voided prior to the transaction being settled, the voided invoice number will be
removed from the settlement transaction.
Filter - What is displayed can be changed by clicking on the filter button and selecting the types
of transactions to be shown.
There is a column for Transaction Age and a section listing the number of transaction that fall in
the category in the summary pane. Categories and color indicators are: Aging Less Than 3 Days
(green circle), Aging Between 2 and 7 Days (blue circle), Aging Between 8 and 28 Days (yellow
circle), and Expired (Greater Than 28 Days) (red circle). Note: The summary pane can be
toggled to view or hide from the View menu.
On Hold - This allows the user to mark an authorized charge as 'on hold'. This is only available
for transactions that have not been settled. The box can only be checked/un-checked from the
form view. If this box is checked, then during settlement, the on hold records will be excluded.
This is useful in situations where the transactions have already been authorized, but you would
not like to settle them until the product has been shipped.
Once an authorized charge is settled the funds will be transferred. If an error occurs select the
View error message button to display the error. The Settlement Date field is updated when the
transaction is settled.
Note: When charging a credit card from an AR invoice, or a sales order with an invoice
associated to it (Special Fields tab on the Charge Credit card form), after settling the transaction
and then posting the invoice, a cash receipt is automatically created.
There is an additional Settlement option available from the Settle Batch drop down button ,
or from the File->Settle menu:
Mark Current transaction as Settled - A batch may also be marked settled manually. This
functionality allows users to mark a transaction as settled which has already been settled
manually with the gateway. Transactions that have already been settled, voided or charged
back cannot be settled manually this way. Transactions that encountered an error during a
normal settlement batch process can also be manually flagged as settled. If a transaction
encounters errors during the batch process, but is fixed and settled on line with the
assistance of the gateway, it will still need to be flagged as settled in the database. The user
will be prompted for a date. The default is the current date and time. If the user clicks
Cancel on this dialog, the process is aborted. If the user clicks OK, the selected date will be
used for the Settlement tab 'Status Date'. Note: On hold transactions will not be settled if this
option is used.
These options will be visible for these gateways: TSYS, Authorize.Net, and PayPal:
Adjust Settlement Amounts per Invoice – This option adjusts the settlement amounts based on
invoices.
Reset Settlement Amounts to Authorized Amounts – This option resets the settlement amounts
back to the original authorized amounts.
Some gateways allow the user to change the settlement amount (TSYS, Authorize.net, and
PayPal). For these gateways there is a check box setting in System Parameters called, “Allow
Manually Changing Settlement Amount.” (See Account Settings).
In Credit Card Settlements, users will be able to change the settlement amount only if the
System Parameters setting is checked. The range for the changed amount (whether the new
amount may be any value, or if it must be less than or equal to the original amount) is
determined by the gateway. Currently this is:
Authorize.net - a lesser or equal amount of the originally authorized transaction can be
settled. Must use auth_only/prior_auth_capture transaction type combination.
TSYS - a lesser or equal amount of the originally authorized transaction can be settled.
Void
Use the void button to void a transaction. Only a transaction that has not been settled can be
voided. Once voided it will appear in the settlement screen highlighted in gray with line through
it.
After selecting the Charge Back button a confirmation will appear stating: 'Charge back current
transaction? This will refund the customer credit card with this transaction amount.' Select Yes
to continue, or No to return to the Settlement screen. If Yes is selected a screen will appear
asking for the amount to charge back. This defaults to the amount charged:
When refunding, the current settlement amount less the previously refunded amount will be the
maximum amount available to be refunded: Settlement amount - Previously Refunded =
Available to Refund.
After refunding, the 'Refund Amount' field will be updated to include the new refund amount. If
there was a previous 'Refund Amount' then the amount will be incremented by the new amount.
When a transaction is fully refunded, it will be marked as completely refunded and will be
unavailable for further transactions. (It will display as 'Settled').
The Refund Date field is updated whenever a transaction is refunded. The field will reflect the
date and time when the transaction was last refunded.
Note: This feature is not available with all gateways (such as Moneris).
Screen 1 - Enter the customer, click on the ellipsis button and then select the customer from
the pick list. The default shipping destination and currency will populate the fields. Changes
to the Shipping Destination can be made by selecting the search button next to the field.
Use the drop down list to change the currency if required. Select Next to move to the next
screen.
Screen 3 - Enter information in the special fields if desired: Invoice #, Order #, PO#, and
Transaction Description. The Invoice, Order, and PO fields have an ellipsis button in order to
access the associated pick list. The Transaction Description field will populate with the
selected record by default. Users can select clear button to remove the automatic entry and
manually type information in the field if desired. The transaction description will be visible
from the credit card settlement screen.
Authorized Amount - Enter the amount of the transaction. (This can be negative). If a value
of zero is entered the transaction will automatically be voided. If a specific Order or Invoice
was selected in the prior screen, the amount values (Amount, Tax, and Freight) will be pre-
populated, but can be changed. If the user goes back and selects a different record, the
system will display a confirm box stating, 'Overwrite transaction amount values?'. If Yes is
selected the authorized amount will be updated with the information from the new record, if
No is selected it will not be updated. This prompt includes a 'Do not show next time' check
box.
Date Authorized - Select the date using the drop down calendar.
Authorized By - This field populates with the logged in User ID but can be changed by
selecting a different employee from the pick list accessed by clicking on the search button.
Approval Code - Enter the approval code for this transaction. (Note: For the TSYS gateway
the Approval Code cannot exceed 6 characters, for all other gateways this field can hold up
to 30 characters).
If the transaction has already been settled check the box to flag it as settled.
Screen 5 - Click the Next button then select the Finish button to complete the manual credit
card transaction. A pop up will display stating, 'Transaction #xx has been added'. Select Ok
to close the pop up.
The transaction will be added to the settlement screen so that it can be settled in the normal
manner if it was not already.
Settle - This opens the Settle options. See Settle a Batch for details.
Mark Batch as Settled - This will mark all of the records in the batch as settled. This functionality
allows users to mark transactions as settled which have already been settled manually with the
gateway. Transactions that have already been settled, voided or charged back cannot be settled
manually this way. Transactions that encountered an error during a normal settlement batch
process can also be manually flagged as settled. If a transaction encounters errors during the
batch process, but is fixed and settled on line with the assistance of the gateway, it will still need
to be flagged as settled in the database. A warning will appear stating, "Permanently mark this
batch as settled? This action is not recommended unless you are sure these transactions have
already been settled by the merchant. Continue?" If the user clicks No on this dialog, the
process is aborted. If the user clicks Yes, the selected date will be used for the Settlement tab
'Status Date'.
Change Settlement Amount - Select this option to change the settlement amount.
Refund Current Transaction - Select this option to do a refund. A confirm message will appear
stating, "Charge back current transaction? This will refund the customer credit card with this
transaction amount." See Settle a Batch for details.
Void Current Transaction - Select this option to void a transaction. Only a transaction that has not
been settled can be voided. Once voided it will appear in the settlement screen highlighted in
gray with line through it.
Add a Manual Transaction - This allows for the manual entry of a credit card transaction. See Add a
Manual Transaction for details.
Delete Declined Transactions - This option deletes all declined transactions. By default declined
transactions are saved to the CREDIT_CARD_TRANS table until they are deleted from the
Credit Card Settlement screen.
Edit Status Note - This brings up the Status Note window to add/edit the status note. Up to 250
characters can be entered. This option is also available from the right click menu.
Credit Card transaction Log - See Credit Card Transaction Log for information.
The bottom section is comprised of four tabs: Details, Request Data, Response, Data, and
Merchant Data. The user can choose the View menu to select which ones to display. The Details
tab will always display.
Filter
The log entries can be filtered by selecting the Filter button. The user can select specific
Sources, Classes and Users from the filter form.
Audit Log
This option is available in Data Dictionary. It provides a log of credit card type activities
performed in the database. To enable this feature ensure the latest grantIQMS.bat has been
run, select Enable Oracle Logging from the File menu in the Auditing Log form, then restart the
Oracle instance.
Email Request and Response - Select this from the Options menu to send a zip file attachment
containing the request and response log files. When selected the default email editor will open
with the file attached and the subject line will be populated as follows, "Transaction Log Files
[company name]". The Body text will be populated, "Please find attached the transaction request
and response files from the log.
Refresh - This option refreshes the data. Refreshing can also be done by using the F5 function
key.
Summary Pane - This will toggle the display of the lower summary pane which displays the aging.
Accepted Credit Card Types - This is the list of cards you accept.
Customer Credit Cards - This brings up the form to associate a credit card with a specific customer.
Select the customer form the pick list and enter in their specific credit card information.
Sequences - This will open a screen to view the sequences used in the requests. For example, it
will show the sequence number used for the TransactionID. This is to provide a simple way to
see the current value, and if necessary, change it. This will be used to troubleshoot issues
where the gateway sends back an error saying a sequence value is duplicated or incorrect.
Purge Credit Card Transactions - This screen allows you to purge transaction data. Settled credit
card transactions, voids, refunds, and declined transactions on or before the selected date will
be deleted permanently from the database. It is recommended that you keep at least two weeks
of transaction data for business usage. Authorizations which have not yet been settled will be
retained. To purge the transactions, select a date from the drop down calendar and select OK.
The date defaults to two weeks back from the system date.
Purge Expired Credit Cards - When credit cards expire, they become unusable for transactions.
You may delete expired credit cards from customer credit card lists. This ensures that customer
credit card data is not retained longer than is necessary. In addition, you will be prompted with a
message stating, "One or more customer credit cards have expired. Do you want to purge
expired customer credit cards now?", when the Settlement screen first appears to purge expired
cards. The dialog has a “Do not show again” check box, and the form has security. There is also
a Purge Expired Credit Cards option available in the Customer Credit Cards form accessed from
Customer Maintenance. An IQAlert may be set up to purge expired credit cards. The 'Purge
Expired Credit Cards' option located in the Credit Card Settlements screen must be run first
before executing the SQL from an IQAlert Action. After it has been run once within Credit Card
Settlements, thereafter it may be scheduled to run in IQAlert. The IQAlert SQL is:
BEGIN
iqms.cc.purge_expired_cards;
END;
Purge Log Data – You may purge the credit card transaction log at any time in order to keep
transaction information at a minimum. The menu, “Purge Log Data,” called from the Settlements
screen has the same function as the “Purge Log Data” menu on the “Credit Card Transaction
Log” screen. It is provided from the Settlements screen for ease of access. These menus allow
you to purge or archive credit card transaction log entries by date. To be PCI compliant, it is
recommended that you purge log data periodically, such as every 90 days, and at least annually.
Credit Card Charge - A credit card authorization can be done directly from this module. Select the
customer form the pick list and enter the credit card, amount, etc. into the Charge form.
Dialog Check Boxes - Dialog check boxes are used to specify if you want certain messages in the
software to show or not. To have the message show, click the show box. If you do not want to
see the message, un-check the box. This option is relevant for credit card messages such as the
one related to the 'Automatically Adjust Amounts During Settlement Based on Invoice' option.
Purging data can also be set up as in IQAlert based on a customer's 'Credit card retention period
(in days)' setting in Customer Maintenance->Miscellaneous tab. This is the number of days in
which credit card records will be retained after they are created. The data that will be purged
includes customer credit cards stored for reuse, credit card transactions, and credit card log
data. An IQAlert action "CREDIT CARD RETENTION PURGE" can be set up to purge the data
that is older than the retention period. (See the IQAlert documentation for details).
Cash Receipts
When charging a credit card from an un-posted AR invoice or sales order with an AR Invoice
associated to it (on the Special Fields tab), after settling the transaction and then posting the
invoice, a cash receipt is automatically created for the settlement amount. The EPlant on the
cash receipt is populated based on the EPlant from the bank account specified in System
Parameters > Company File Information > Credit Card Merchant > Bank ID. The check date will
populate with the date and time the transaction was settled, the Type will fill in with Credit Card,
and the Ref./Check # will display the transaction #.
When credit card cash receipts are created during AR Invoice posting, the cash receipt will be
grouped by the same credit card type for transactions on the same day.
When charging the credit card from a posted AR Invoice, if the charge is approved a pop up
prompt to ‘Create Cash Receipt for this Invoice?’ with ‘Yes’ or ‘No’ options will appear. If 'Yes’ is
selected a Cash Receipt for that invoice and invoice amount is created (in crprepost). If ‘No’ is
selected the system will not create Cash Receipt. This pop up includes a 'Do not show next time
check box'. The system will remember the last option selected and use that each time. If the
charge is denied (or error and charge did not go through), the prompt will not appear.
If not charging from an invoice the Cash Receipt will have to be manually created. To complete
the transaction in EnterpriseIQ enter the information in the Cash Receipts module as a credit card
transaction type.
Quotations in this document reference the PCI document, Payment Card Industry (PCI) Data
Security Standard, Navigating PCI DSS; Understanding the Intent of the Requirements (Version
1.1) (February 2008). The document may be accessed from the Internet at
https://www.pcisecuritystandards.org/pdfs/navigating_pci_dss_v1-1.pdf.
Note: The PCI Security Standards Council is a globally recognized organization founded by a
group of credit card companies. Its mission is to establish security standards to protect credit
card data. Part of the published standard involves software requirements.
EnterpriseIQ includes safeguards and tools which can help your company be “compliant” with
the PCI Credit Card Data Security Standard. This document identifies areas of our software's
compliance with the standard. Using this document, your company may successfully complete
the PCI Self Assessment Questionnaire or a PCI compliance audit, should your company decide
to undertake such steps.
Services Provided
The EnterpriseIQ Credit Card module is a Windows application, and may be used in conjunction
with WebDirect, which is a Web-based application. Multiple gateways are supported, although
only one may be in use at any given time. The Credit Card module provides a safe and secure
means to authorize credit cards, and to settle credit card transactions. IQMS is therefore by
definition a “service provider,” by contrast to a merchant or hosting provider, since EnterpriseIQ
provides services which directly affect the security of your company's credit card data.
WebDirect allows on-line customers to request a credit card authorization. Credit card data is
stored, and used later to charge the account. No credit card authorizations take place through
WebDirect.
The credit card processing capabilities of EnterpriseIQ are completely internal. At no time is the
processed information accessible by external applications. And no other payment applications
are used either by the EnterpriseIQ Credit Card module or by WebDirect.
IQMS does not store or process credit card data in-house. IQMS credit card gateway accounts
are test accounts only, and all credit card numbers used during development and testing are
bogus numbers. No sensitive credit card information is stored or retained on IQMS servers.
IQMS recommends strict security controls, but does not provide the following services:
“Requirement 1: Install and maintain a firewall configuration to protect cardholder data”
(PCI). IQMS does not govern the installation or maintenance of firewalls.
“Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters” (PCI). Once Oracle and EnterpriseIQ is installed, your company
administrators have control over passwords, including system default passwords.
“Requirement 5: Use and regularly update anti-virus software or programs” (PCI). IQMS
does not install or maintain anti-virus software on customer machines.
“Requirement 8: Assign a unique ID to each person with computer access” (PCI).
EnterpriseIQ requires a database password for each user (8.5.16), but IQMS has no control
over your company's enforcement of a unique-password-per-user security rule.
“Requirement 9: Restrict physical access to cardholder data” (PCI). IQMS does not control
physical access to customer data.
“Requirement 10: Track and monitor all access to network resources and cardholder data”
(PCI). Requirement 10 applies to network security, and is outside of the control of IQMS.
IQMS recommends, but cannot enforce tracking of network access. But EnterpriseIQ Credit
Cards does monitor access to cardholder data, as noted in detail that follows.
“Requirement 11: Regularly test security systems and processes” (PCI). Requirement 11
relates to network security, and does not apply to EnterpriseIQ software. However, IQMS
does regularly test for potential security breaches at a software and database level. Access
to sensitive credit card data is strictly controlled and access is monitored.
“Requirement 12: Maintain a policy that addresses information security for employees and
contractors” (PCI). IQMS does not dictate company security policies.
IQMS adheres to ISO standards for software manufacturing in fulfillment of Requirement 6. But
IQMS cannot be held responsible for the manner in which Requirement 6 relates to the security
of customer credit card data. Specifically, IQMS does not maintain software updates and
patches to your company's server or work station computers. It is the responsibility of your
technical staff to keep software up-to-date.
To obtain a copy of the standard you may download it from the PCI Web site at
https://www.pcisecuritystandards.org/.
To be specific, EnterpriseIQ Credit Card is compliant in the following areas, as noted with the
numbering system of the PCI standard:
3.1."Keep cardholder data storage to a minimum. Develop a data retention and disposal policy.
Limit storage amount and retention time to that which is required for business, legal, and/or
regulatory purposes, as documented in the data retention policy” (PCI, 10). The amount of
cardholder data that is recorded for historical purposes is kept to the minimum required for
business and troubleshooting purposes. The data is stored for settlements, transaction history,
and logging. However, you must develop your own business policies regarding retaining and
purging data. Historical, transaction and log data may be purged at any time from the
Settlements screen.
3.2.”Do not store sensitive authentication data subsequent to authorization (even if encrypted)”
(PCI, 10). Sensitive data is not stored, unless requested by you, the customer.
3.2.1.“Do not store the full contents of any track from the magnetic stripe” (PCI, 11).
EnterpriseIQ does not store magnetic stripe data, since it does not use POS devices.
3.2.2.“Do not store the card-validation code or value (three-digit or four-digit number printed on
the front or back of a payment card) used to verify card-not-present transactions” (PCI, 11). By
default, the card validation code (CVV2) is not stored. However, the CVV2 value may be stored
by WebDirect if your company administrators have set the System Parameter setting, “Prompt
for CVV2 from WebDirect” to “true.” In order to be compliant with the PCI standard, ensure that
the setting is unchecked (“false”).
3.2.3.“Do not store the personal identification number (PIN) or the encrypted PIN block” (PCI,
11). PIN numbers are never stored.
3.5.“Protect encryption keys used for encryption of cardholder data against both disclosure and
misuse” (PCI, 13). Encryption keys are set by qualified administrators to encrypt all sensitive
credit card data, and are never tied to user accounts. It the responsibility of your company to
restrict access to the encryption keys by limited, authorized personnel (3.5.1). Since encryption
keys are not accessible through EnterpriseIQ software, you will not be able to access the
encryption keys once encryption is set; therefore, it is essential that your company stores the
keys securely for future use (3.5.2).
3.6.“Fully document and implement all key management processes and procedures for keys
used for encryption of cardholder data, including the following...” (PCI, 13). It the responsibility of
your company to document procedures for key management. Your company's system
administrators have full control over whether or not encryption is used. Encryption is set through
the tools provided in System Parameters (the Encryption button on the Credit Card tab).
3.6.1.“Generation of strong keys” (PCI, 13). Strong keys (128-bit) are generated based on the
passwords provided. The keys are generated programmatically, and never surfaced.
3.6.2.“Secure key distribution” (PCI, 13). Encryption keys are never distributed through
EnterpriseIQ. They must be entered manually, and then securely stored for future use.
3.6.3.“Secure key storage” (PCI, 13). EnterpriseIQ encrypts and stores the keys for internal use.
Once the keys are stored, they are inaccessible.
3.6.4.“Periodic changing of keys” (PCI, 14). EnterpriseIQ allows your company administrators to
change keys periodically. The frequency and manner in which keys are changed depends on
your company procedures.
3.6.6.“Split knowledge and establishment of dual control of keys (so that it requires two or three
people, each knowing only their part of the key, to reconstruct the whole key)” (PCI, 14). The
Credit Card Data Encryption wizard requires three (3) keys to be entered. Each key may be
entered by a separate individual.
3.6.8.“Replacement of known or suspected compromised keys” (PCI, 14). If keys have been
compromised, encryption keys may be changed. Data will be encrypted using the new keys.
3.6.9.“Revocation of old or invalid keys” (PCI, 14). Passwords that have already been used for
encryption can never be used again. They are considered, by default, to be compromised keys.
EnterpriseIQ keeps a record of old passwords (in an encrypted format), and new passwords are
checked against the list.
4.“Encrypt transmission of cardholder data across open, public networks” (PCI, 15). Data
transmission is encrypted over public networks:
4.1.“Use strong cryptography and security protocols such as secure sockets layer (SSL) /
transport layer security (TLS) and Internet protocol security (IPSEC) to safeguard sensitive
cardholder data during transmission over open, public networks” (PCI, 15). All communications
between the EnterpriseIQ Credit Card module and the gateway are conducted over a Secure
Socket Layer (SSL). SSL is an encrypted communication protocol. Data transmitted over the
network through SSL cannot be intercepted, modified or diverted. SSL uses authentication,
where the client and server authenticate each other while transmitting, and all data is encrypted.
4.2.“Never send uninterrupted PANs by email” (PCI, 15). At no time is sensitive credit card data
sent directly to any server via plain text transmission, email or any other protocol.
6.“Develop and maintain secure systems and applications” (PCI, 17). IQMS develops and
distributes secure applications, and maintains secure systems internally.
6.1. “Ensure that all system components and software have the latest vendor-supplied security
patches installed. Install relevant security patches within one month of release.” (PCI, 17). IQMS
network administrators ensure all software security patches are up-to-date. This requirement
applies to IQMS, not to customers.
6.4.“Follow change control procedures for all system and software configuration changes.” (PCI,
18). In compliance with ISO best practices, IQMS documents and publishes all software
changes, including the effect of those changes as needed (6.4.1). No changes are released
which have not first been approved by management (6.4.2), and tested thoroughly by the
Testing department (6.4.3). Worst-case scenarios are considered, should a change fail;
procedure dictates that backups should be made before updating to a new version (6.4.4).
6.5.“Develop all web applications based on secure coding guidelines such as the Open Web
Application Security Project guidelines. Review custom application code to identify coding
vulnerabilities….” (PCI, 19). WebDirect is a Web application, and adheres to the Open Web
Application Security Project (OWASP) guidelines.
6.6.“Ensure that all web-facing applications are protected against known attacks by applying
either of the following methods:…” (PCI, 19). IQMS recommends customers install a farewell on
the server running WebDirect.
7.1.“Limit access to computing resources and cardholder information only to those individuals
whose job requires such access” (PCI, 21). Access to decrypted, sensitive Customer credit card
account information is available only to limited personnel on a “need-to-know” basis. Unless a
credit card number is entered manually (not selected from existing Customer cards), the full
credit card number is masked on the Credit Card Charge screen. Full, decrypted Customer
credit card information is accessible from only two screens: Customer Credit Cards, and the
Credit Card Transaction Log. Security to Customer Credit cards should be assigned by the
company administrators as they see fit. EnterpriseIQ provides the ability to restrict access to the
screen when accessed from Customer Maintenance or Customer Central. It is recommended to
keep access to such information limited to personnel on a need-to-know basis. Currently both
stock roles IQALL and IQCUST_RW security is Enabled on the sbtnCustomerCreditCards. If
company administrators wish to restrict access to the Customer Maintenance Credit Card screen
these roles should not be assigned. On all other screens customarily used by financial and sales
personnel, the stored, Customer credit card number is masked so that only the last four digits
display.
7.2.“Establish a mechanism for systems with multiple users that restricts access based on a
user's need to know and is set to 'deny all' unless specifically allowed” (PCI 21). EnterpriseIQ
security roles control access to credit card data. You can control access to individual screens
through EnterpriseIQ security. But only users with Oracle DBA access may view full, decrypted,
sensitive credit card data.
10.“Track and monitor access to cardholder data” (PCI, 28). IQMS does not provide network
tracking. Requirement 10 therefore does not apply to EnterpriseIQ. However, IQMS has sought
to apply the principles behind Requirement 10 to the Credit Card module.
10.1.“Establish a process for linking all access to system components (especially access done
with administrative privileges such as root) to each individual user” (PCI, 28). Not applicable; this
is related to network access.
10.2.“Implement automated audit trails for all system components to reconstruct the following
events” (PCI, 28). Not applicable; this requirement relates to network access. Still, IQMS has
applied the principle to EnterpriseIQ to log access to cardholder data:
10.2.1. “All individual user accesses to cardholder data” (PCI, 28). EnterpriseIQ logs all user
access to card holder data through the Credit Card module interface. Each user must log into
EnterpriseIQ; logging uses the login data to track access attempts on an individual basis.
10.2.2.“All actions taken by any individual with root or administrative privileges” (PCI, 28).
EnterpriseIQ tracks access by all users, including DBA users. Network access must be tracked
through your company's network resources.
10.2.3.“Access to all audit trails” (PCI, 28). The Credit Card Log displays an “audit trail” for each
user through the Credit Card Log. Audit trails related to network components must be tracked by
your company's network resources.
10.2.4.“Invalid logical access attempts” (PCI, 28). EnterpriseIQ logs invalid access attempts to
credit card screens. Invalid network access attempts must be tracked by your company's
network resources.
10.2.5.“Use of identification and authentication mechanisms” (PCI, 28). All users are identified
and authenticated through Oracle and EnterpriseIQ security. Network authentication policies
must be established by your company's network administrator.
10.2.6.“Initialization of the audit logs” (PCI, 28). The Credit Card Log is initiated automatically
once EnterpriseIQ is active. Logging cannot be turned off or paused. Audit trails are inevitable
for each user who accesses credit card data. Additional network audit trails must be established
by your company's network resources.
10.2.7.“Creation and deletion of system-level objects” (PCI, 28). Network system level objects
should be tracked by your company's network resources. As it relates to data, the Credit Card
Log tracks when records are created and purged.
10.3.“Record at least the following audit trail entries for all system components for each event...”
(PCI, 29). This requirement applies to networks. The Credit Card Log tracks actions by user,
event type, date and time, action taken, event source (origination), and other related information
about the affected data. As applicable, the data request to the gateway server is logged, along
with the response data from the server. Network event logs however must be maintained by
network administration.
10.5.“Secure audit trails so they cannot be altered” (PCI 29). The requirements of 10.5 relate
mainly to the Network. The principles of requirement 10.5 have been applied to the Credit Card
Log. But the requirements 10.5.3, 10.5.4 and 10.5.5 relate directly to networks and are not
applicable to EnterpriseIQ. Network logs are the responsibility of the company's network
administration. But where the requirements of 10.5 may be applied to EnterpriseIQ, the Credit
Card Log is secure against unauthorized alterations. Access to the log is strictly controlled by
security so that only those, whose job requires access, may view the log. Audit trails cannot be
altered, even by DBA users, unless it is by the “IQMS” DBA user through Data Dictionary.
10.6. “Review logs for all system components at least daily….” (PCI 30). The requirement of
10.6 is directed at network security and business practices. As the principle of the requirement
might relate to EnterpriseIQ, it is the responsibility of your company's data administration staff to
monitor the Credit Card Log for security breaches or unlawful practices.
10.7.“Retain audit trail history for at least one year, with a minimum of three months online
availability” (PCI 30). The requirement of 10.7 is primarily directed at network security and
business practices. As the principle of the requirement relates to EnterpriseIQ, it is the
responsibility of your company's data administration staff to maintain log records for at least one
year to be compliant with the PCI standard. The Credit Card Log does allow administrators to
purge data. But the Credit Card Log also allows administrators to “archive” records, which hides
them from active viewing, but allows them to be viewed if desired.
Customer Responsibilities
There are steps your company should take to ensure the safety of your credit card data. The PCI
Security Standards Council has recommended the following measures:
“Install a farewell. A firewall prevents unauthorized connections to your server. And you would
need to maintain and test it regularly.
"Install antivirus software, and keep it updated. Antivirus software will eliminate spyware and
destructive programs.
"Enforce a unique user name and password for users logging into EnterpriseIQ software. Do not
share user names and passwords. Take steps to ensure that no unauthorized users will have
access to the credit card screens or data.
"Limit access to the account settings in System Parameters. The screen is available to non-
DBA users. Security should be controlled by your company so that access is limited only to
those who need to modify the merchant account information.
If you have undertaken an audit, and in the process you find an area where EnterpriseIQ Credit
Cards is not compliant with the PCI Security Standard, please call IQMS Technical Support at
(805) 227-1122. Our staff is ready and willing to assist you in addressing all PCI compliance
concerns. Areas of potential non-compliance will be reviewed, and a software solution will be
provided, if deemed necessary.
TSYS
IQMS has become a certified software solution for the TSYS gateway. If you use this gateway,
the credit card account settings in System Parameters will need to be updated with your TSYS
Merchant ID, Device ID, User Name/Operator, and Password, which is provided when your
merchant account is created. The values listed on the confirmation email from TSYS must be
entered in those fields. Although more than one operator may be configured for the account,
enter just the primary operator. If you cannot find this information, contact TSYS Customer Care
Center at 800-552-8227.
Note: A Transaction Key can be obtained automatically, if there is no key a prompt will appear
before closing: "A transaction key has not been created. Do you want to obtain a transaction
key now?". If yes is selected, then a transaction key will be generated. Users can select the
'Transaction Key' button to manually entering the transaction key in case the key is generated on
another database and needs to be copied to the edit box.
If contracted with TSYS for Level 2 corporate processing, then additional information is obtained
either from the charge screen, the Invoice or Sales Order, and the company or E-plant record.
The extra detail will be obtained and populated on the back end with no additional prompts.
For Visa and MasterCard charge cards, the following data is sent to TSYS in addition to the
charge or settlement request:
Data Element Value
Tax Exempt If the purchasing card qualifies for tax exempt status, the “Tax
Exempt” check box, located just below the Tax field, on the charge
screen should be checked.
Local Sales Tax If sales tax is charged in addition to the authorized amount, it will be
obtained from the “Tax” field on the charge screen. If provided, the
value cannot be negative, and must be between 0.1% and 22% of the
total authorized amount.
Purchase Order Number A purchase order number is required. The purchase order number is
selected on the charge screen under the “Special Fields” tab. The
value may be pre-populated if a Purchase Order has been associated
with the Sales Order.
For American Express charge cards, the following data will be sent instead:
Data Element Value
Supplier Number The credit card “Transaction #,” which you see on the Credit Card
Settlements screen, is automatically provided as the supplier number,
and will appear on the card holder’s billing statement. American
Express requires an alpha-numeric “supplier number” to be provided
so that transactions may be found later in case an inquiry is raised
after settlement.
Cardholder Reference The reference number contains either the Invoice number, Sales
Order number, or the Purchase Order number, depending on
availability at the time of authorization.
Ship To Postal Code Contains the postal code of the shipping destination as indicated on
“Special Fields” tab of the Charge Screen.
Sales Tax If sales tax is charged in addition to the authorized amount, it will be
obtained from the “Tax” field on the charge screen. If provided, the
value cannot be negative, and must be between 0.1% and 22% of the
total authorized amount.
Note: When selecting the ‘Adjust amounts to match total charge amount’ button, the calculation
is based on the total for the Sales Order or Invoice. Amounts will be recalculated based on the
Sales Order or Invoice and manual adjustments may be required.
Most of the information is obtained from the Inventory item and the Invoice or Sales Order. You
will be prompted to provide a commodity code if charging a Visa card. But if you are charging
the full amount of the Invoice or Sales Order, you will not need to modify the itemization.
The following is a list of fields sent for all charge card types:
Product Code The inventory item number is provided from the master inventory
record. This value will not be sent for miscellaneous items. This value
is read-only.
Item Description The inventory item description. If this is a miscellaneous item, then
the miscellaneous description will be sent. This value is read-only.
Unit of Measure The item unit of measure (UOM) obtained from the master inventory
record. This value is read-only.
Discount Amount If a discount percentage has been applied, this is the amount of the
discount. This value is read-only, and is calculated from the details:
(Quantity * Unit Price) * (Discount / 100)
Quantity The item quantity. You may adjust the quantity so that the itemization
reflects what is being charged.
Tax Rate The tax rate used to calculate the Tax Amount.
Tax Amount The amount of the tax. You may change this value on the detail,
regardless of the tax code applied.
Line Item Total The total for the line item. This value is read-only, and is calculated
from the details:
((Quantity * Unit Price) + Tax Amount) – Discount Amount
Commodity Code Indicate the four-character, international code describing the type of
item.
Unit Cost The unit cost defaults to the value listed on the Invoice or Sales Order,
but may be changed to ensure the itemization total agrees with the
charge total.
Discount Rate Percentage of the item amount that has been discounted.
Due to the method EIQ uses to connect to the gateway, the Password-Required mode must be
enabled. Login to the Authorize.Net website to verify this setting.
Note: Requiring additional fields may result in unexpected errors. Therefore, it is recommended
that the default options be accepted, and that optional fields are not flagged as required.
Elavon
Elavon processes cards through My Virtual Merchant. (https://www.myvirtualmerchant.com) To
verify the PIN number that should be configured in EIQ credit card account settings, login to My
Virtual Merchant and choose Change PIN.
Elavon only processes in USD. To accommodate multi-currency, Elavon offers its customers an
extra service called DCC. But the DCC program is available only through a Web interface. EIQ
cannot support DCC.
PayPal
Users must have an approved PayPal seller account before processing credit cards with PayPal.
Their account must be a "Website Payments Pro" Business account. Personal and Premier
accounts will now allow the user to authorize credit cards through EnterpriseIQ. And the
"Website Payments Pro" feature must be enabled for EnterpriseIQ to communicate with the
PayPal gateway.
Once their PayPal account has been approved, enter the account settings in System
Parameters. Select PayPal as the gateway, and click the Account Settings button. Enter the
account information, as provided by PayPal. If incorrect account settings are entered, the user
may receive the following error when attempting to authorize a credit card:
The most common cause for this error is incorrect login information. Please verify that the
PayPal account information entered in System Parameters is correct. If the values in System
Parameters match your recorded account settings, it is possible that the account may not be a
Website Payments Pro account. Log onto to the PayPal Web site, and verify that you have
activated Website Payments Pro on your account. If your account has worked in the past, but
now is no longer working, then it is possible that your account has been deactivated. Contact
PayPal to determine the status of your account.
Note: The Merchant name, city and state need to be entered. If any one of these values are not
entered, the system will display the following warning: ‘Merchant name, city, and state must all
be entered in order to perform certain operations such as refunds. It is highly recommended that
all three fields be completed. Do you want to enter them now?’ Users can click past the
warning, however, you may run into errors during charging or required information may not go
through to the gateway.
If the Merchant Name is not entered, during credit card charge, the user will receive the following
error: ‘Your Credit Card Merchant account information has either not been completed, or a
Credit Card Account is unavailable for the current currency and E-Plant. Please setup Credit
Card Merchant information in System Parameters.’
If City is not entered, the system checks if all three required elements have been provided. If
one element is missing, then the system will assist the user by not passing any. This allows the
transaction to go through; however, it does mean required information may not be sent to the
gateway.
If State is not entered, during credit card charge, the user will receive the following error:
‘Authorization error. 593: Merchant Name, ServicePhone, and State must ALL be specified, or
ALL be empty.’
FirstData
When setting up this gateway, the Group ID is mandatory. This information comes from the
provider along with the Merchant ID and Terminal ID.
Notes:
When charging the SO number is required by FirstData.
Manual transactions must be flagged as settled for FirstData.
Users can enter a STAN number during manual transactions. This will be required in order to
refund the manual transaction.
Index
Mark Current transaction as Settled • 35
A Mulitple Invoices or Sales Orders, Charging • 22
Accepted Credit Cards • 3
Add a Manual Transaction • 37
O
Additional Options • 40 On Hold • 32
Address Verification • 22 Option Menu in Settlement form • 47
Appendix 1 - IQMS Compliance with the
Payment Card Industry (PCI) Credit Card Data
P
Security Standard • 49 PayPal • 58
Appendix 2 - Additional Gateway Information • Prompt for CVV2 from IQWebDirect • 4
58 Purge Credit Card Transactions • 41
Attached Credit Card • 20 Purge Log Data • 41
Authorize.Net • 58
S
C
Settle a Batch • 35
Cash Receipts • 48 Special Fields • 22
Charge back • 35
Charge Credit Card • 22 T
Charge Multiple Sales orders or Invoices • 22 Transaction Details • 46
Credit Card TSYS Corporate Level Processing • 58
Address Verification • 22
Credit Card Encryption • 10 V
Credit Card Gateway • 4 Validate • 22
Credit Card Gateways • 4 View Menu in Settlement Form • 46
Credit Card Settlement • 32 Void • 35
Credit Card Transaction Log • 41
Credit Cards in EnterpriseIQ • 2
Customer Credit Cards • 17
E
Elavon • 58
Encryption • 10
Encryption Removal • 10
F
Force Settle Current Transaction • 35
G
Gateway Options • 4
M
Manual credit Card Transaction • 37