Credit Cards

EnterpriseIQ
Credit Cards
Version: 15.3
Copyright © 1989-2017, IQMS. All rights reserved.

Contents
Credit Cards in EnterpriseIQ 2

Accepted Credit Cards .................................................................................................................................. 3
Credit Card Gateways ................................................................................................................................... 4
Encryption ....................................................................................................................................... 10
Customer Credit Cards................................................................................................................................ 17
Attached Credit Card .................................................................................................................................. 20
Charge Credit Card ..................................................................................................................................... 22
Credit Card Settlement................................................................................................................................ 32
Settle a Batch ................................................................................................................................... 35
Add a Manual Transaction .............................................................................................................. 37
Additional Options ...................................................................................................................................... 40
Credit Card Transaction Log ........................................................................................................... 41
Transaction Details .......................................................................................................................... 46
View Menu in Settlement Form ...................................................................................................... 46
Option Menu in Settlement form ..................................................................................................... 47
Cash Receipts.............................................................................................................................................. 48
Appendix 1 - IQMS Compliance with the Payment Card Industry (PCI) Credit Card Data Security Standard
.................................................................................................................................................................... 49
Appendix 2 - Additional Gateway Information .......................................................................................... 58
Index 72
Credit Cards in EnterpriseIQ Page i

CHAPTER 1
Credit Cards in EnterpriseIQ

The EnterpriseIQ Credit Card module is a Windows application, and may be used in conjunction
with WebDirect, which is a Web-based application. Multiple gateways are supported, although
only one may be in use at any given time. The Credit Card module provides a safe and secure
means to authorize credit cards, and to settle credit card transactions. IQMS is therefore by
definition a "service provider," by contrast to a merchant or hosting provider, since EnterpriseIQ
provides services which directly affect the security of your company's credit card data.
The credit card processing capabilities of EnterpriseIQ are completely internal. At no time is the
processed information accessible by external applications. And no other payment applications
are used either by the EnterpriseIQ Credit Card module or by WebDirect. Credit Cards can be
associated to customers which are then assigned to sales orders, AR Invoices, or CRM Support
Issues. Once a payment is required the credit card can be processed through the Credit Card
Processing module.
Implementation Steps
 Create the Accepted Credit Card list.
 IQMS customers must have their own merchant account. IQMS currently works with TSYS,
Authorize.Net, ESelect Plus (also known as Moneris Canada and Moneris USA),
MyVirtualMerchant (also known as Elavon), Merchant e-Solutions, and PayPal to process
credit card information. Users must enter their account information for their merchant account
on the configuration screen under EnterpriseIQ System Parameters. Multiple default
merchant accounts can be entered and associated to specific EPlants.
 You may optionally create a list of credit cards for each customer. Each customer can have
a list of credit cards which may be selected from a pick list, or assigned by default to each
credit card transaction. This feature is optional because credit card information can be
entered manually at the time of authorization so that no sensitive data is stored in the
database.
 You may link the credit card to be used for payment to a sales order, AR Invoice, CRM
Quote, or CRM Support Issue.
 Charge the card against an Invoice or Sales Order.
 If your account settings require “authorization only” payments, you may settle transactions
according to your internal business procedures from the Credit Card Settlements form.
In This Chapter
Accepted Credit Cards ............................................. 3
Credit Card Gateways .............................................. 4
Customer Credit Cards ............................................. 17
Credit Cards in EnterpriseIQ Page 2 of 74

Attached Credit Card ................................................ 20
Charge Credit Card .................................................. 22
Credit Card Settlement ............................................. 32
Additional Options .................................................... 40
Cash Receipts .......................................................... 48
Appendix 1 - IQMS Compliance with the Payment Card Industry
(PCI) Credit Card Data Security Standard ................ 49
Appendix 2 - Additional Gateway Information ........... 58
Accepted Credit Cards

From System Setup->System Parameters->Lists select the Accepted Credit Cards list to enter
the cards accepted by your company.
Click on the ADD (+) button and select the Credit Card type from the drop down list. IQMS is
certified to support Visa, MasterCard, American Express, Discover, and JCB. Of the supported
credit cards, only Visa, MasterCard, and American Express support Level 3 processing.
Note: If the user has not added to the list of "Accepted Credit Cards", and attempts to create a
charge, then an error will display from the charge screen. The charge screen will close after
showing the error.

Credit Card Gateways
A gateway is the service that automates the payment transaction between the buyer and seller.
It is a third-party service that processes, verifies, and either accepts or declines credit card
transactions on behalf of the seller. Communications between EnterpriseIQ and the gateway are
handled through secure Internet connections.
The current gateway options in EIQ are:

From the Company File Information tab in System Parameters select the Credit Card Merchant
tab to enter your specific default merchant information. These accounts are considered the
‘default’ system merchant accounts without an association to an EPlant. These accounts can be
setup when logged in as 'View All' or a specific EPlant and by default will be created as a null
EPlant account. Specific EPlant accounts are set up on the Enterprise tab in System Parameters
(see below).
When the Credit Card Charge screen is selected, the system will select the merchant account
based on:
 EPlant
 Currency
 The 'Default' check box or the first record
 If no merchant account exists for these criteria, then the default or first system merchant
account will be used (no EPlant filter)
Description Enter a description of the merchant account.
Gateway Select the gateway that your company uses from the alphabetical drop down list.
(Note: A gateway of none can be selected where a third party service is not used).
Merchant Name This field will populate automatically with the Company name (IQSYS.COMPANY) but
it can be modified. When adding a new transaction, the “Merchant Name” field on the
transaction record is updated with the account merchant name.
Bank Account # Select the bank account from the drop down list.

Currency If using multi-currency users can associate a specific currency to a merchant account
by selecting it from the drop down list. This will be used in the hierarchy to determine
which merchant account should be used when charging a credit card.
Note: For the Moneris Canada and Moneris USA gateway account settings, the
Currency field is visible on this tab but is not applicable as it is defined at the
merchant account level with the gateway. It is the currency agreed upon with
Moneris.
Default Select this box to mark a merchant account as the default account to be used.
Archived If a merchant account becomes inactive this option can be selected to mark the
account as archived. Archived merchant account information can still be viewed by
selecting the 'Show Archived Accounts' toggle button. Archived accounts will display
in yellow.
Account Settings
Select the Account Settings button to add additional information about your merchant account
such as Bank Identification Number and Terminal Number. This information will be provided by
your gateway vendor.
The account setting screen will be different for each gateway. Below is an example of the
account settings for the Authorize.Net gateway.

There are two additional Account Settings for the gateways: TSYS, Authorize.Net, and PayPal.
Only one of these options can be selected:
 Allow Manually Changing Settlement Amount – When this is enabled, the user has the ability to
change the settlement amount of a credit card transaction prior to settling the transaction. In
the form view of the Credit Card Settlement screen, an ellipsis in the Settlement Amount field
will be available. Enter the new settlement amount and click OK. For TSYS and
Authorize.Net, the new settlement amount must be less than or equal to the originally
authorized amount. For PayPal, the new settlement amount can be less than, greater than,
or equal to the originally authorized amount.
 Automatically Adjust Amounts During Settlement Based on Invoice – When this is enabled, during
the settlement process, the settlement amounts will be adjusted to the invoice amount. The
user is informed with a dialog box that states: “As part of the settlement process, settlement
amounts may be adjusted based on current, pre-posted, Accounts Receivable Invoice
amounts. This optional functionality has been selected in System Parameters. Please note
that if there are multiple charges for an invoice, some transaction amounts may be adjusted
to zero (0); if so, they will be voided automatically after the settlement process completes".
This dialog box has a 'Do not show again' option. If selected the warning will no longer
appear. To turn the warning back on select 'Dialog Check Boxes' from the Options menu in
the Credit Card Settlement screen, and check the Show box.
For additional information on specific gateways please reference Appendix 2 - Additional
Gateway Information at the end of this document.
Advanced

Select the Advanced button to enter additional information:
Time Out Threshold - On the General tab a Time Out Threshold can be entered. This must be a
positive number representing the number of seconds before EnterpriseIQ will retry an operation.
If a transaction cannot be processed immediately, EnterpriseIQ will not retry an operation until
the number of seconds has elapsed. The default value is 30 seconds.
Gateway URL tab- The Gateway's Production and Test URL and Port information. If the gateway
changes their URL for credit card transactions, the user may specify the correct URL here.
These will be the default values that are used in Charges and Settlements. If left null, then the
default values at the time of the software release will be used.
Firewall tab:
Use Firewall Settings - If checked, firewall settings will be used for authentication. If unchecked,
the firewall settings will not be used.
Type - The type of firewall. When the firewall type is selected from the list, the value for Port will
change to the default value for the selected firewall type. The available Firewall Types are:
 None - No firewall.
 Tunneling Proxy - Connect through a tunneling proxy. The default port value is set to 80.
 SOCKS4 Proxy - Connect through a SOCKS4 Proxy. The default port value is set to 1080.
 SOCKS5 Proxy - Connect through a SOCKS5 Proxy. The default port value is set to 1080.
Host - The DNS name or IP address of the firewall. This setting is optional, but if a host name is
provided, then all communications will be authenticated through the indicated firewall. If the host
is set to a DNS name, then a DNS request is issued to find a valid IP address for that name. If a
valid IP address is not found, then an error will be displayed.
Port - The TCP port for the firewall host. This is an numeric value.
User Name and Password - If a firewall host is specified, the user name and password will be
used for authentication when connecting through the firewall.
EPlant Settings
Each EPlant can have multiple merchants associated to them. This is set up on the Enterprise
tab in System Parameters. Highlight the EPlant and then go to the Credit Card tab.

Enter the information as described in the table above. The system will first look at a merchant
account associated to an EPlant when determining the gateway to be used. In Credit Card
Settlement, when settling a transaction, transactions will be grouped by merchant account and
settled in turn. The settlement processes may occur in multiple sweeps if transactions use
different merchant accounts.

Encryption
EnterpriseIQ includes safeguards and tools which can help your company be “compliant” with
the PCI Credit Card Data Security Standard. Encrypting the data is a required part of this
security standard. EnterpriseIQ uses the latest AES 256 encryption standard. Failing to encrypt
data will render your company non-compliant. For detailed information on this standard please
see Appendix 1 at the end of this document.
To encrypt the data such as credit card number and zip code select the Encryption button to
access the Credit Card Data Encryption Wizard. Encryption keys are used to secure credit card data
against unauthorized access.
Note: This button is only enabled if the user is a DBA. Encryption applies to all accounts, and is
not set per account.
Note: The card holder name or expiration date is never encrypted.
After you change the keys, EnterpriseIQ will update data to the new format; the process may
take a while, depending on the number of records.
It is recommended you do the following before updating to the new keys:

 Run your regularly scheduled data purge to remove old data, and limit the amount of records
that must be changed.
 Users should exit out of areas where credit card data might be modified, such as Accounts
Receivable, Sales Orders, Credit Card Charges, Customer Credit Cards and Credit Card
Settlements.
 To begin the encryption process select the Add or change encryption keys option on the wizard
screen.

Note: The encryption version information is visible from this screen. This is useful for
troubleshooting encryption issues.
 Select the Next button. From the next screen enter the three passwords that will be used for
encryption. Passwords are case-sensitive, and are required to be strong passwords.
 The PCI requirements for strong passwords include the following:

 Passwords must be from 7 to 30 characters long.
 Passwords must contain both characters and numbers.
 New passwords cannot be the same as previously used passwords.
 If the password you entered does not qualify as a “strong password,” the wizard will not
allow you to proceed. This is in keeping with the PA-DSS requirement that such passwords
be enforced by EnterpriseIQ where credit card data is concerned.
 Select Next and the system will validate the passwords. If this is not the first time the
encryption process has been run the system will check to be sure the passwords have not
already been used. If they have a warning will appear:

The user must enter new passwords to continue with the encryption process.
 Once the passwords have been validated select the Next button to proceed. From the next
screen enter the duration in days when the encryption keys will need to be changed in the
Reminder field. Per PCI-DSS requirements it should at least be annually. The Reminder Date
field will populate automatically based on the system date and reminder days value. (If the
reminder is set to zero days no reminder will display).
When Security Inspector displays the system will check for out of date keys and if they are the
user will be reminded to change them. This warning has the 'Do not show next time check box'.
When checked the warning will not display. (It can be marked to show again in the Dialog Check
Boxes in the System Parameters->Lists menu).

Users can also set up an IQAlert to send an email to the person in charge when it is time to
change the keys.
 Once the reminder days have been entered, select the Next button and the next screen will
state you are done. Select the Finish button to begin the encryption process.

Several confirm boxes will appear stating the information listed below. Select the Yes button on
each box to continue with the encryption:
 Have you stored your passwords in a secure location? You will not be able to access them
from this screen.
 Begin encryption process now?
 The encryption process will now begin. The process will take approximately x minute(s) with
x records modified. It is recommended that users stay out of areas where credit card data
might be modified, such as Accounts Receivable, Sales Orders, Credit Card Charges,
Customer Credit Cards and Credit Card Settlements. Continue? (This note will display the
estimated number of minutes it will take to modify the number of records found).
Once the process is complete confirmation stating the ‘Process completed successfully’.
Remove Encryption
The encryption can be removed using the Encryption Wizard. To remove encryption select the
Encryption button and then select the Remove encryption option from the first screen of the
wizard.

Enter the three passwords on the next screen:
The system will validate the passwords. Select the Finish button to start the un-encryption
process. A confirm box will appear stating: ‘Encrypted values will now be decrypted. This will
present a serious security hazard. Continue?’ Select Yes to continue. Once completed the
system will state the process completed successfully.
To encrypt the data again the user can go through the same process described in the Encryption
section above. New passwords will have to be used. Note: Passwords must be unique.
Passwords that have been used in the past are considered compromised and cannot be re-
used.

Customer Credit Cards
This option is used to establish the customer’s credit card information. This option can be found
in Customer Maintenance or accessed from the Settlement form under the Options menu. Use
this form to enter the customer’s credit card type(s) and number(s).
When inserting a new credit card account, if any gateway has been added which support
tokenization, the system will display a prompt screen. The prompt screen allows the user to add
either a standard credit card account, or a token. To add a token, the user must select a
merchant account, as it is set up in System Parameters. The pick list of merchant accounts is
filtered to exclude any account that does not support tokenization. If the user chooses to add a
token and clicks the OK button, the tokenization request will be submitted the to the gateway
and the record will be added. If errors occur, they will be displayed and the credit card account
will be created as a standard account. This allows the user to “convert” that account to a token,
after any problems are resolved.
Note: The token merely replaces the credit card number. It is unique per gateway account, and
can only be used to process a transaction with a specific gateway. The token is encrypted along
with any other credit card number, and only the last four digits display in pick lists.
Note: The full account number is displayed in Customer Credit Cards and on the Credit Card
Log. Security to Customer Credit cards should be assigned by the company administrators as
they see fit. EnterpriseIQ provides the ability to restrict access to the screen when accessed
from Customer Maintenance or Customer Central. It is recommended to keep access to such
information limited to personnel on a need-to-know basis. Currently both stock roles IQALL and
IQCUST_RW security is Enabled on the sbtnCustomerCreditCards. If company administrators
wish to restrict access to the Customer Maintenance Credit Card screen these roles should not
be assigned. On all other screens customarily used by financial and sales personnel, the stored,
Customer credit card number is masked so that only the last four digits display.

If there are no gateways that support tokenization, then the user will see the standard credit card
screen.
To add new credit card information for the customer select the ADD (+) button and enter the
information in the fields.
Credit Card Type Select the type of card from the list. This list is comprised of the credit card types
that were added to the Accepted Credit Cards list.
Note: Right click on this field to access the Accepted Credit Cards form to update
the types of cards accepted if necessary.
Name On Card The exact name on the credit card.
Account # The credit card account number.
Expiration Date The two digit month and two digit year of the expiration date for the credit card.
(MMYY)
Default Check this box to mark the default credit card for the customer. When attaching a
credit card to a Sales Order or AR Invoice the system will automatically pull in the
‘default’ credit card.

Note: When scrolling through the list of customer credit cards, if a credit card account is a token,
the fields will be disabled to prevent edits. Since the information is stored on the gateway server,
the record should reflect what is on the server.
This information can be used in Sales Orders, AR Invoices, CRM Quotation, and CRM Support
Issues. This gives the user the ability to track what credit card was used for a purchase or repair.
From this form the user can also enter the credit cards accepted by clicking on the Accepted
Credit Cards button, and validate the credit card by selecting the validate card button. If the
expiration date or card number is invalid a pop up box will display indicating this.
Options Menu
There are two purge options available to help maintain current credit card information for
customers.
Purge Expired Cards - Purges expired credit cards for the current customer.
Purge Credit Card Data - Deletes all credit card data for the current customer including the list of
credit cards, and credit card transactions.
Credit cards that have been charged can be deleted without constraints by selecting the Delete
(-) button. This will enable users to remove credit card information for customers that request
that information is not retained.
Purge Log Data – You may purge the credit card transaction log for a specific customer at any
time in order to keep transaction information at a minimum. When the Purge Log Data form
appears, it will have the customer’s company name in the caption. The purge actions will apply
to the current customer only. Note: This only applies to records added under 2012SP1 because
the ARCUSTO_ID field is recent addition to the log table). This feature is also available from the
Options menu in the Settlements screen but will purge all log data, not just for a specific
customer. It is provided from the Settlements screen for ease of access.
Tokenize Current Credit Card - Select this option from the Options menu or use the speed button to
tokenize the current credit card.

Attached Credit Card
Select this button from Sales Orders, AR Invoicing, a CRM Quotation, or a CRM Support Issue
to associate a credit card that will be used to pay for items or services. The Attached Credit Card
form will appear from which the user can select a card already associated to the customer,
create a new card or clear the current attached card. If this information was entered on a CRM
Quotation it will carry over to the sales order when converted and then from the sales order it will
carry over to the AR Invoice automatically.
Select - This option brings up a list of cards already associated to the customer. If there are
several the user can enter the last four digits of the card and select the Search button to find that
card. Once the desired card is highlighted, select the OK button to associate it to the record.

If there is an issue with the selected credit card, such as expired, a warning stating the issue will
appear in the Attached Credit Card form.
New - This allows the user to enter a new card for the customer. This is not limited to DBAs as
the user will not be able to see any of the other credit card information only what is being
entered.
Clear - This clears the card from being attached to the record.
Close - This will close the Attached Credit Card form.

Charge Credit Card
From Sales Orders or AR Invoicing (unposted or posted) the user can select the Charge Credit
Card button. This option will bring up the Charge form to process the credit card transaction for
the specific invoice. If the record was already charged a warning will display stating: “The
Customer has already been charged for the full amount of this invoice. Continue?” A Yes or No
button is available.

The user will receive a warning if the country code associated to the customer does not adhere
to the same naming conventions that are available in the drop down list for Country in Customer
Maintenance. For example, US is not a valid country code, it must be USA. Note: If there is no
billing address the warning will not appear.
In addition to the transaction information on the right (amount, tax, and freight). The bottom
status bar will display the merchant name, credit card merchant description being used, the type
such as Authorization, and the currency code.
This form has three tabs with the following information:
Credit Card
Customer Record - If the credit card information was associated to the sales order, or invoice it will
appear in this form automatically. The card information can be changed by selecting the ellipsis
button in the Card Number field. On the charge screen, the expiration date may be updated for a
card selected from the customer’s list. If the expiration date is changed, a check box with the
caption “Update” will appear. The check box is checked by default. When the card is charged
successfully, if the “Update” check box is checked, the expiration date on the customer credit
card record will be updated. Note: If tokenization is used the expiration date cannot be edited and
the update box cannot be checked.
Manual Entry - The user can select the Manual option to enter the information in manually.
Note: The CVV2 information is not recorded in the database. It is used in memory for the current
authorization charge only. This can be entered for a standard credit card account or a token.
This field is no longer available in WebDirect. If you wish to enter a card verification value (CVV)
to authenticate a credit card charge, you must contact the cardholder in person to obtain the
value.
Address Verification
Select the address to be used for verification by selecting the ellipsis button to bring up the Bill
To address pick list. Note: This option will only be available for gateways that support AVS
testing. (Of the gateways that IQMS currently supports, only TSYS and PayPal support AVS.
Only TSYS can test for AVS before authorization. PayPal checks the address only during
authorization, and the result is returned as an “AVS Response”).
The Address Verification System, or AVS, is a fraud deterrent tool that provides greater security
to merchants and cardholders. AVS compares the billing address provided by the customer to
the address on file with the card issuer (the address where the cardholder's statements are
mailed). Select the Address verification Test button to verify the address. A message will appear
stating the results.
Note: If the AVS code is not provided, the system will not submit an empty value as the AVS
code, it will use the cardholder address information.
Special Fields

The Ship To location can be selected from one of the pick lists: Customer Shipping Locations,
On Invoice, or On Sales Order. Select the list from the drop down next to the search button. The
On Invoice and On Sales Order will only be available when charging from an invoice with a sales
order. The ship to locations will come from the shipment history. The On Invoice option is not
available when charging from a sales order.
The invoice # and Order # will automatically fill in when charging from the AR Invoice screen, or
if the invoice for the sales order is created form the Quick Invoice Option from the Packing Slip.
The sales order PO # will only automatically populate if the charge is done from the sales order
module. Also, if charging from the sales order, the system will not populate the invoice #. All four
fields can be edited by selecting the ellipsis button and selecting the appropriate record from the
pick list. The pick lists are filtered based on the customer.
On Account
Check this box to automatically post cash immediately upon settlement instead of waiting for the
actual sales invoice to be generated. When checking the 'On Account' box on the Charge Card
form, upon settling that charge, a Cash Receipt for that charge will be created in the prepost
table. When the Invoice is finally created and posted, a Cash Receipt will be created for that
invoice with the corresponding posted on account cash receipt.
Notes:
 System Parameters->GL Setup tab->'Customer Pre-Payments' must be populated for this to
work properly.
 This option will be available when charging a credit card from a sales order (not from
invoices).
 This applies only to pre-settlement authorizations. For example, Authorize.Net and
Merchant-Accounts.Ca support Authorize Only so this option will be available. TSys and
Elavon do not, so the 'On Account' box is not visible when using those gateways.

When the transaction is settled a prepost Cash Receipt will be made On Account for that charge.
The GL Account assigned on the 'Customer Pre-Payments' category in System Parameters->GL
Setup will be used. Upon Posting AR Invoices the system will match the 'On Account' AR invoice
to the just posted invoice and create an automatic entry in cash receipts to apply them to each
other. Note: Only the first invoice will automatically be applied to the on account amount. For
example, if the user charges $50 and the invoice is for $25 upon invoicing the second $25 the
system will not automatically apply the balance of the on account.
Foreign currency conversion for credit cards - the TSYS and Authorize.net gateways support multi-
currency. When the charge screen displays, if the original order or invoice is a foreign currency,
all amounts are automatically converted to native first. For example, the currency in the credit
card account settings is set to USD. When a 100.00 invoice in CAD is charged the system will
automatically convert the value to USD ($75.00 in the example below). The system uses the
exchange rates set up in System Parameters (Regional tab). The Original currency will display in
the charge screen for informational purposes.

The user can select the foreign currency speed button to access the conversion screen.
Lower Button Options:

 Validate - This will verify the card is valid.
 Charge - Select this button to charge the credit card for the amount. This process will connect
to the gateway set up in system parameters. The response from the gateway will appear in
the response section. Depending on the gateway setting the card will just be authorized or
will also be settled. When a credit card is ‘authorized’ the gateway is notified to reserve a
specified amount on the credit card account. Funds are merely “held” for the transaction, but
they are not transferred from one account to another. This is done through the settlement
function described below. If the gateway has the option ‘Settle immediately’ selected (this
applies to the Authorize Net gateway) the transaction will be charged and settled. It will
appear in the Settlement screen as already settled (the line will be blue).
 Void - This button will void a charge. This action is irreversible. It will display in the Settlement
screen as a voided transaction.
 Close - Select this to close the Charge form.
Options Menu
The Options Menu provides access to the Credit Cards for Customer and Accepted Credit Card Types
lists. The Test Mode option allow users to use active cards but in test mode.
Charging Multiple Invoices or Sales Orders

A group of sales orders or invoices may be charged at one time. Users can itemize either Sales
Orders or Invoices, but not both for a given charge. If the Sales Orders screen called the Credit
Card Charge screen, then the user will be able to select multiple Sales Orders. If the Invoice
screen called it, then the user can select multiple Invoices.
From the Special Fields tab a Edit List speed button will appear to the right of either the "Order
#" field or the "Invoice #" field, based on where the credit card charge button was selected (from
the invoice or sales order). When the user clicks the button, a form displays which allows the
user to select multiple Sales Orders or Invoices. The form will show either a list of Sales Orders
or Invoices for the current customer only, as indicated on the Sales Order or Invoice. Only Sales
Orders and Invoices which have not yet been charged will display in the list, however records
paid through cash receipts will display. Partially charged Sales Orders or Invoices will be
included. The "selected" list will already contain the Sales Order or Invoice, which called the
Charge screen. It cannot be removed from the list because it is the default item. The user can
add more Sales Orders or Invoices to the list, if desired.
When viewing Invoices, posted invoices can be displayed by selecting the 'Include History' button.
They will appear at the top of the list and be highlighted in yellow. From both sales order and
invoice views the information can be filtered for a specific date range by selecting the 'Set Date
Range' button and entering a specific date range. This defaults to 'All Dates'.

Highlight the sales orders or invoices using the toggle buttons and arrow them to the right
'Selected Items' pane using the arrow button. The arrow buttons can be used to move a single
record (single arrow button) or multiple records (double arrow button) in both directions.

Each selected item will show the total amount, tax amount, freight, previous amount and tax,
and suggested charge amount. The user can change the authorization amounts for each
selected item.
Note: For TSYS Level 3 processing, each selected item will show a button, "Level 3 Addendum,"
which will allow the user to edit the Level 3 information. If this step has been skipped when the
user clicks OK to save changes, then the user will be prompted for Level 3 information for each
item before the screen closes. If a credit card is not selected a warning will appear stating,
'Please select a Visa, Master Card, or American Express credit card before attempting to edit
Level 3 options.'
After clicking OK to save changes to the list, then the "Transaction Information" group on the
charge screen will be disabled because only the amounts from the itemized Sales Orders or
Invoices will be used. The Transaction Information will show 'Multiple items selected.' The font on
the "Invoice #" or "Order #" field will be bold if multiple items have been selected. The Transaction
Description contains either the Invoice number, Sales Order number, or the Purchase Order
number, depending on availability at the time of authorization. The Response Information area will
also be hidden (grayed out); the results for each charge will be displayed on separate, "progress
summary" form. The "Order #" field on the charge screen will be cleared and disabled if there
are multiple Invoices selected.

When the Charge button is clicked, the list of Sales Orders or Invoices is cycled, and multiple
charges are made - one for each item. A separate screen will display, showing a progress
summary. It will list the response information from the gateway for each item as it is processed.
It will be all of the same information that is normally displayed on the "Transaction Information"
group; there is no loss of information given to the user. When the process is finished, the last
line added to the progress summary will indicate either success or failure; if failure, then it will
note the number of errors.
Print Receipt
If a report is assigned to the 'Credit Card Receipt' Report option in System Parameters->Reports
and Forms tab, then the user will be prompted after a successful charge to print a receipt. If
multiple Sales Orders or Invoices were selected (multiple charge), the prompt displays before
authorizations occur. Note: the 'Print' dialog will display for each report. The standard report is
called CC_RECEIPT.RPT, Below is an example report:

Additional Notes:
 Refunds (charge backs) and voids are handled on the Settlements screen as usual. There is
no change to any functionality on the Settlements screen.
 When the SO or Invoice is not in native currency: When selecting multiple orders or invoices
to charge, the amounts displayed in the grid will already be converted from the source (order
or invoice) currency to the gateway currency.
 The credit card gateways do not accept transactions with a cost = $0. So if the user wants to
charge an amount that is not part of the cost (ex: freight only), they should add the amount
as a miscellaneous item.
 The total amount to be charged must include tax and freight.

Credit Card Settlement
The Credit Card Settlement screen is used to settle credit card transactions and view all
transactions. When a credit card payment is “settled,” the funds are transferred from the
customer account to the vendor account.
The Credit Card Settlement module is a separate speed button on the AR tab of the launcher
bar. Select this button to open the settlement form. (The screen shot below is in form view):

All of the details of the transaction is included in this view. Such as: Transaction details such as
Invoice, Order and PO #'s, Customer and Credit Card information, and Settlement status details
such as Settled, Voided, and Charge back.
Note: For the Merchant-Accounts.ca gateway there is a 'Transaction Description' column which
will populate in this order: Invoice #, Sales Order #, PO # based off of the charge screen when
first opened. The Sales Order # or Invoice # or PO # and Company Name will pass through with
each transaction.
Note: If a Credit Card Transaction in the settlement screen is associated to an invoice and that
invoice gets voided prior to the transaction being settled, the voided invoice number will be
removed from the settlement transaction.
The Batch # field under the Settlement Amount

(CREDIT_CARD_TRANS.RESPONSE_BATCH_NUMBER) is a value that is returned from the
gateway during a batch settlement. Currently, this field will only be populated if a manual
settlement is made, and always with the value “MANUAL”, as all available gateways require
each transaction to be processed individually and not in a batch.
Filter - What is displayed can be changed by clicking on the filter button and selecting the types
of transactions to be shown.

From the table view the transactions will be color coded based on the status.
 Red is an item that encountered problems during settlement.
 Blue is a transaction that has been settled.
 Yellow is a transaction on hold.
 Gray is a charge back or voided transaction.
 Orange is a declined authorization or error.
There is a column for Transaction Age and a section listing the number of transaction that fall in
the category in the summary pane. Categories and color indicators are: Aging Less Than 3 Days
(green circle), Aging Between 2 and 7 Days (blue circle), Aging Between 8 and 28 Days (yellow
circle), and Expired (Greater Than 28 Days) (red circle). Note: The summary pane can be
toggled to view or hide from the View menu.
On Hold - This allows the user to mark an authorized charge as 'on hold'. This is only available
for transactions that have not been settled. The box can only be checked/un-checked from the
form view. If this box is checked, then during settlement, the on hold records will be excluded.
This is useful in situations where the transactions have already been authorized, but you would
not like to settle them until the product has been shipped.

Settle a Batch
Select the Settle Batch button. The non settled transactions will be processed through the
gateway. When settling a transaction, transactions will be grouped by merchant account and
settled in turn. The settlement processes may occur in multiple sweeps if transactions use
different merchant accounts.
Once an authorized charge is settled the funds will be transferred. If an error occurs select the
View error message button to display the error. The Settlement Date field is updated when the
transaction is settled.
Note: When charging a credit card from an AR invoice, or a sales order with an invoice
associated to it (Special Fields tab on the Charge Credit card form), after settling the transaction
and then posting the invoice, a cash receipt is automatically created.
There is an additional Settlement option available from the Settle Batch drop down button ,
or from the File->Settle menu:
 Mark Current transaction as Settled - A batch may also be marked settled manually. This
functionality allows users to mark a transaction as settled which has already been settled
manually with the gateway. Transactions that have already been settled, voided or charged
back cannot be settled manually this way. Transactions that encountered an error during a
normal settlement batch process can also be manually flagged as settled. If a transaction
encounters errors during the batch process, but is fixed and settled on line with the
assistance of the gateway, it will still need to be flagged as settled in the database. The user
will be prompted for a date. The default is the current date and time. If the user clicks
Cancel on this dialog, the process is aborted. If the user clicks OK, the selected date will be
used for the Settlement tab 'Status Date'. Note: On hold transactions will not be settled if this
option is used.
These options will be visible for these gateways: TSYS, Authorize.Net, and PayPal:
 Adjust Settlement Amounts per Invoice – This option adjusts the settlement amounts based on
invoices.
 Reset Settlement Amounts to Authorized Amounts – This option resets the settlement amounts
back to the original authorized amounts.
Some gateways allow the user to change the settlement amount (TSYS, Authorize.net, and
PayPal). For these gateways there is a check box setting in System Parameters called, “Allow
Manually Changing Settlement Amount.” (See Account Settings).
In Credit Card Settlements, users will be able to change the settlement amount only if the
System Parameters setting is checked. The range for the changed amount (whether the new
amount may be any value, or if it must be less than or equal to the original amount) is
determined by the gateway. Currently this is:
 Authorize.net - a lesser or equal amount of the originally authorized transaction can be
settled. Must use auth_only/prior_auth_capture transaction type combination.
 TSYS - a lesser or equal amount of the originally authorized transaction can be settled.

 PayPal - a lesser, equal, or greater amount of the originally authorized transaction can be
settled. Users can capture 100% of the amount that was authorized. However, users can
reauthorize up to 115% of the originally authorized amount (not to exceed an increase of
$75.00 USD).
Note: During settlement, if a transaction’s “settlement amount” is less than or equal to zero, then
the transaction record will be voided automatically
Void
Use the void button to void a transaction. Only a transaction that has not been settled can be
voided. Once voided it will appear in the settlement screen highlighted in gray with line through
it.
Charge Back (Refund)

Use the Charge Back button to credit the current transaction. The user can charge back a partial
amount. This is an alternative to voiding. Charge back is available if the transaction has been
settled. If the transaction has not been settled, the user is prompted to void as an alternative, but
the user can still do a charge back.
After selecting the Charge Back button a confirmation will appear stating: 'Charge back current
transaction? This will refund the customer credit card with this transaction amount.' Select Yes
to continue, or No to return to the Settlement screen. If Yes is selected a screen will appear
asking for the amount to charge back. This defaults to the amount charged:
When refunding, the current settlement amount less the previously refunded amount will be the
maximum amount available to be refunded: Settlement amount - Previously Refunded =
Available to Refund.
After refunding, the 'Refund Amount' field will be updated to include the new refund amount. If
there was a previous 'Refund Amount' then the amount will be incremented by the new amount.
When a transaction is fully refunded, it will be marked as completely refunded and will be
unavailable for further transactions. (It will display as 'Settled').
The Refund Date field is updated whenever a transaction is refunded. The field will reflect the
date and time when the transaction was last refunded.
Note: This feature is not available with all gateways (such as Moneris).

Add a Manual Transaction
This option is available from the File menu. This allows for the manual entry of a credit card
transaction. A series of screens will appear asking the user for the required information.
 Screen 1 - Enter the customer, click on the ellipsis button and then select the customer from
the pick list. The default shipping destination and currency will populate the fields. Changes
to the Shipping Destination can be made by selecting the search button next to the field.
Use the drop down list to change the currency if required. Select Next to move to the next
screen.

 Screen 2 - Select the 'Customer Record' button to select the credit card information from the
pick list accessed by clicking on the ellipsis button or select the 'Manual' option to enter the
credit card information manually. Select Next to move to the next screen.
 Screen 3 - Enter information in the special fields if desired: Invoice #, Order #, PO#, and
Transaction Description. The Invoice, Order, and PO fields have an ellipsis button in order to
access the associated pick list. The Transaction Description field will populate with the
selected record by default. Users can select clear button to remove the automatic entry and
manually type information in the field if desired. The transaction description will be visible
from the credit card settlement screen.

 Screen 4 - Transaction information. The transaction # will populate with the next sequential
number automatically, the user will need to fill in the following fields:
 Authorized Amount - Enter the amount of the transaction. (This can be negative). If a value
of zero is entered the transaction will automatically be voided. If a specific Order or Invoice
was selected in the prior screen, the amount values (Amount, Tax, and Freight) will be pre-
populated, but can be changed. If the user goes back and selects a different record, the
system will display a confirm box stating, 'Overwrite transaction amount values?'. If Yes is
selected the authorized amount will be updated with the information from the new record, if
No is selected it will not be updated. This prompt includes a 'Do not show next time' check
box.
 Date Authorized - Select the date using the drop down calendar.
 Authorized By - This field populates with the logged in User ID but can be changed by
selecting a different employee from the pick list accessed by clicking on the search button.
 Approval Code - Enter the approval code for this transaction. (Note: For the TSYS gateway
the Approval Code cannot exceed 6 characters, for all other gateways this field can hold up
to 30 characters).
 If the transaction has already been settled check the box to flag it as settled.
 Screen 5 - Click the Next button then select the Finish button to complete the manual credit
card transaction. A pop up will display stating, 'Transaction #xx has been added'. Select Ok
to close the pop up.
The transaction will be added to the settlement screen so that it can be settled in the normal
manner if it was not already.

Additional Options
File Menu:
Search - This will bring up a pick list of transactions.
Settle - This opens the Settle options. See Settle a Batch for details.
Mark Batch as Settled - This will mark all of the records in the batch as settled. This functionality
allows users to mark transactions as settled which have already been settled manually with the
gateway. Transactions that have already been settled, voided or charged back cannot be settled
manually this way. Transactions that encountered an error during a normal settlement batch
process can also be manually flagged as settled. If a transaction encounters errors during the
batch process, but is fixed and settled on line with the assistance of the gateway, it will still need
to be flagged as settled in the database. A warning will appear stating, "Permanently mark this
batch as settled? This action is not recommended unless you are sure these transactions have
already been settled by the merchant. Continue?" If the user clicks No on this dialog, the
process is aborted. If the user clicks Yes, the selected date will be used for the Settlement tab
'Status Date'.
Change Settlement Amount - Select this option to change the settlement amount.
Refund Current Transaction - Select this option to do a refund. A confirm message will appear
stating, "Charge back current transaction? This will refund the customer credit card with this
transaction amount." See Settle a Batch for details.
Void Current Transaction - Select this option to void a transaction. Only a transaction that has not
been settled can be voided. Once voided it will appear in the settlement screen highlighted in
gray with line through it.
Add a Manual Transaction - This allows for the manual entry of a credit card transaction. See Add a
Manual Transaction for details.
Delete Declined Transactions - This option deletes all declined transactions. By default declined
transactions are saved to the CREDIT_CARD_TRANS table until they are deleted from the
Credit Card Settlement screen.
Edit Status Note - This brings up the Status Note window to add/edit the status note. Up to 250
characters can be entered. This option is also available from the right click menu.
Credit Card transaction Log - See Credit Card Transaction Log for information.
Transaction Details - See Transaction Details for information.
Close - This will close the Settlement module.

Credit Card Transaction Log
A log is created for credit card transactions (charges and settlements). The log file records the
communications with the gateway server. The credit card transaction log is accessed from the
Credit Card Settlements screen under the File menu. Since the log is used for troubleshooting,
full gateway login information is included per entry. Sensitive credit card information –
specifically, the card number (PAN) and any CVV2 data – is masked. Log records are created by
date. It is recommended that administrators routinely purge log entries older than 30 days.

The top section of the log displays the details of the log entries, such as: the Entry #, Source,
Class, Date, and User ID. Each entry has a symbol to help identify the type of log entry. For
example; a red circle with an x indicates an error, a red shield with an x indicates access to a
credit card screen was denied, and two blue arrows is a transaction.
The bottom section is comprised of four tabs: Details, Request Data, Response, Data, and
Merchant Data. The user can choose the View menu to select which ones to display. The Details
tab will always display.
Filter
The log entries can be filtered by selecting the Filter button. The user can select specific
Sources, Classes and Users from the filter form.

By default all sources, classes and users are selected and the Show Archived option is not. To
select specific options un-check the all options and then select the desired options.
Purge Log Data

The log data can be purged by selecting Purge Log Data from the Options menu in the log form.
From this screen the user can archive and/or purge the log data. By default the system will
archive log entries older than 2 months and 29 days and purge log entries older than 1 year.
Both entry dates can be changed by selecting a date from the drop down calendar.

Note: If a chargeback needs to be created for a transaction that is archived, you must do a
refund at your gateway, enter a manual transaction in EIQ for a negative amount, and mark the
transaction as settled.
Audit Log
This option is available in Data Dictionary. It provides a log of credit card type activities
performed in the database. To enable this feature ensure the latest grantIQMS.bat has been
run, select Enable Oracle Logging from the File menu in the Auditing Log form, then restart the
Oracle instance.
Email Request and Response - Select this from the Options menu to send a zip file attachment
containing the request and response log files. When selected the default email editor will open
with the file attached and the subject line will be populated as follows, "Transaction Log Files
[company name]". The Body text will be populated, "Please find attached the transaction request
and response files from the log.

Email Transaction Data to IQMS Technical Support
Select this option from the Help menu in the Credit Card Transaction Log to email the files
required for troubleshooting and solving credit card issues to IQMS Technical Support. The
Merchant Data is not entirely sent to avoid sensitive data. The Sender Email comes from the
Contact tab from within System Parameters -> Enterprise. The Zip file naming convention is:
MM_DD_YY_GENERATED SEQ.

Transaction Details
The Transaction Details can be accessed from the File menu or by clicking on the Details button
while in Form view.
There are two tabs on this form.

 Transaction Response - This will display the Parameter and Value related to the transaction.
 Aggregate - This will display the XML data sent to the gateway as part of the transaction.
Note: This tab will only display for a DBA user. This data is extremely sensitive, but it is
required for troubleshooting difficult cases.
View Menu in Settlement Form

View - From the View menu users can filter which type of transactions to view by selecting: View
All, View Active, or View Inactive. Transactions can be archived by selecting the Delete record (-
) button and choosing Archive.
Refresh - This option refreshes the data. Refreshing can also be done by using the F5 function
key.
Summary Pane - This will toggle the display of the lower summary pane which displays the aging.

Option Menu in Settlement form
Access to the credit card lists and the ability to authorize a charge are available from the options
menu on this form.
Accepted Credit Card Types - This is the list of cards you accept.
Customer Credit Cards - This brings up the form to associate a credit card with a specific customer.
Select the customer form the pick list and enter in their specific credit card information.
Sequences - This will open a screen to view the sequences used in the requests. For example, it
will show the sequence number used for the TransactionID. This is to provide a simple way to
see the current value, and if necessary, change it. This will be used to troubleshoot issues
where the gateway sends back an error saying a sequence value is duplicated or incorrect.
Purge Credit Card Transactions - This screen allows you to purge transaction data. Settled credit
card transactions, voids, refunds, and declined transactions on or before the selected date will
be deleted permanently from the database. It is recommended that you keep at least two weeks
of transaction data for business usage. Authorizations which have not yet been settled will be
retained. To purge the transactions, select a date from the drop down calendar and select OK.
The date defaults to two weeks back from the system date.
Purge Expired Credit Cards - When credit cards expire, they become unusable for transactions.
You may delete expired credit cards from customer credit card lists. This ensures that customer
credit card data is not retained longer than is necessary. In addition, you will be prompted with a
message stating, "One or more customer credit cards have expired. Do you want to purge
expired customer credit cards now?", when the Settlement screen first appears to purge expired
cards. The dialog has a “Do not show again” check box, and the form has security. There is also
a Purge Expired Credit Cards option available in the Customer Credit Cards form accessed from
Customer Maintenance. An IQAlert may be set up to purge expired credit cards. The 'Purge
Expired Credit Cards' option located in the Credit Card Settlements screen must be run first
before executing the SQL from an IQAlert Action. After it has been run once within Credit Card
Settlements, thereafter it may be scheduled to run in IQAlert. The IQAlert SQL is:
BEGIN
iqms.cc.purge_expired_cards;
END;
Purge Log Data – You may purge the credit card transaction log at any time in order to keep
transaction information at a minimum. The menu, “Purge Log Data,” called from the Settlements
screen has the same function as the “Purge Log Data” menu on the “Credit Card Transaction
Log” screen. It is provided from the Settlements screen for ease of access. These menus allow
you to purge or archive credit card transaction log entries by date. To be PCI compliant, it is
recommended that you purge log data periodically, such as every 90 days, and at least annually.

This feature is also available from the Options menu in the Customer Credit Card form (AR tab-
>Customer Maintenance->Customer Credit Cards toolbar button->Customer Credit Cards).
When the Purge Log Data form appears, it will have the customer’s company name in the
caption. The purge actions will apply to the current customer only. Note: This only applies to
records added under 2012SP1 because the ARCUSTO_ID field is recent addition to the log
table).
Credit Card Charge - A credit card authorization can be done directly from this module. Select the
customer form the pick list and enter the credit card, amount, etc. into the Charge form.
Dialog Check Boxes - Dialog check boxes are used to specify if you want certain messages in the
software to show or not. To have the message show, click the show box. If you do not want to
see the message, un-check the box. This option is relevant for credit card messages such as the
one related to the 'Automatically Adjust Amounts During Settlement Based on Invoice' option.
Purging Data with IQAlert
Purging data can also be set up as in IQAlert based on a customer's 'Credit card retention period
(in days)' setting in Customer Maintenance->Miscellaneous tab. This is the number of days in
which credit card records will be retained after they are created. The data that will be purged
includes customer credit cards stored for reuse, credit card transactions, and credit card log
data. An IQAlert action "CREDIT CARD RETENTION PURGE" can be set up to purge the data
that is older than the retention period. (See the IQAlert documentation for details).
Cash Receipts
When charging a credit card from an un-posted AR invoice or sales order with an AR Invoice
associated to it (on the Special Fields tab), after settling the transaction and then posting the
invoice, a cash receipt is automatically created for the settlement amount. The EPlant on the
cash receipt is populated based on the EPlant from the bank account specified in System
Parameters > Company File Information > Credit Card Merchant > Bank ID. The check date will
populate with the date and time the transaction was settled, the Type will fill in with Credit Card,
and the Ref./Check # will display the transaction #.
When credit card cash receipts are created during AR Invoice posting, the cash receipt will be
grouped by the same credit card type for transactions on the same day.
When charging the credit card from a posted AR Invoice, if the charge is approved a pop up
prompt to ‘Create Cash Receipt for this Invoice?’ with ‘Yes’ or ‘No’ options will appear. If 'Yes’ is
selected a Cash Receipt for that invoice and invoice amount is created (in crprepost). If ‘No’ is
selected the system will not create Cash Receipt. This pop up includes a 'Do not show next time
check box'. The system will remember the last option selected and use that each time. If the
charge is denied (or error and charge did not go through), the prompt will not appear.
If not charging from an invoice the Cash Receipt will have to be manually created. To complete
the transaction in EnterpriseIQ enter the information in the Cash Receipts module as a credit card
transaction type.

Appendix 1 - IQMS Compliance with the Payment Card
Industry (PCI) Credit Card Data Security Standard
The safety of your credit card data is important. IQMS has taken steps to ensure that the
EnterpriseIQ Credit Card module is “compliant” with the safety standards established by the PCI
Security Standards Council. While much of the standard covers areas outside the purview of
EnterpriseIQ, several requirements have direct application to data security. IQMS seeks to be
compliant where possible.
Quotations in this document reference the PCI document, Payment Card Industry (PCI) Data
Security Standard, Navigating PCI DSS; Understanding the Intent of the Requirements (Version
1.1) (February 2008). The document may be accessed from the Internet at
https://www.pcisecuritystandards.org/pdfs/navigating_pci_dss_v1-1.pdf.
Note: The PCI Security Standards Council is a globally recognized organization founded by a
group of credit card companies. Its mission is to establish security standards to protect credit
card data. Part of the published standard involves software requirements.
EnterpriseIQ includes safeguards and tools which can help your company be “compliant” with
the PCI Credit Card Data Security Standard. This document identifies areas of our software's
compliance with the standard. Using this document, your company may successfully complete
the PCI Self Assessment Questionnaire or a PCI compliance audit, should your company decide
to undertake such steps.
Services Provided
The EnterpriseIQ Credit Card module is a Windows application, and may be used in conjunction
with WebDirect, which is a Web-based application. Multiple gateways are supported, although
only one may be in use at any given time. The Credit Card module provides a safe and secure
means to authorize credit cards, and to settle credit card transactions. IQMS is therefore by
definition a “service provider,” by contrast to a merchant or hosting provider, since EnterpriseIQ
provides services which directly affect the security of your company's credit card data.
WebDirect allows on-line customers to request a credit card authorization. Credit card data is
stored, and used later to charge the account. No credit card authorizations take place through
WebDirect.
The credit card processing capabilities of EnterpriseIQ are completely internal. At no time is the
processed information accessible by external applications. And no other payment applications
are used either by the EnterpriseIQ Credit Card module or by WebDirect.
IQMS does not store or process credit card data in-house. IQMS credit card gateway accounts
are test accounts only, and all credit card numbers used during development and testing are
bogus numbers. No sensitive credit card information is stored or retained on IQMS servers.
Services Not Provided

Much of the PCI standard covers your business practices, computer and network security. IQMS
has no control over some aspects expected by the standard. IQMS does not provide services
related work station, server or network maintenance or security. Nor does IQMS establish
internal business policies governing network access, tracking or monitoring. IQMS does not itself
store, process or transmit credit card data for credit card purchases. IQMS, as a software
provider, is compliant with the Payment Application Data Security Standard (PA-DSS). By using
EnterpriseIQ Credit Cards, as recommended by IQMS, your company will be compliant with the
PCI Data Security Standard.
IQMS recommends strict security controls, but does not provide the following services:
 “Requirement 1: Install and maintain a firewall configuration to protect cardholder data”
(PCI). IQMS does not govern the installation or maintenance of firewalls.
 “Requirement 2: Do not use vendor-supplied defaults for system passwords and other
security parameters” (PCI). Once Oracle and EnterpriseIQ is installed, your company
administrators have control over passwords, including system default passwords.
 “Requirement 5: Use and regularly update anti-virus software or programs” (PCI). IQMS
does not install or maintain anti-virus software on customer machines.
 “Requirement 8: Assign a unique ID to each person with computer access” (PCI).
EnterpriseIQ requires a database password for each user (8.5.16), but IQMS has no control
over your company's enforcement of a unique-password-per-user security rule.
 “Requirement 9: Restrict physical access to cardholder data” (PCI). IQMS does not control
physical access to customer data.
 “Requirement 10: Track and monitor all access to network resources and cardholder data”
(PCI). Requirement 10 applies to network security, and is outside of the control of IQMS.
IQMS recommends, but cannot enforce tracking of network access. But EnterpriseIQ Credit
Cards does monitor access to cardholder data, as noted in detail that follows.
 “Requirement 11: Regularly test security systems and processes” (PCI). Requirement 11
relates to network security, and does not apply to EnterpriseIQ software. However, IQMS
does regularly test for potential security breaches at a software and database level. Access
to sensitive credit card data is strictly controlled and access is monitored.
 “Requirement 12: Maintain a policy that addresses information security for employees and
contractors” (PCI). IQMS does not dictate company security policies.
IQMS adheres to ISO standards for software manufacturing in fulfillment of Requirement 6. But
IQMS cannot be held responsible for the manner in which Requirement 6 relates to the security
of customer credit card data. Specifically, IQMS does not maintain software updates and
patches to your company's server or work station computers. It is the responsibility of your
technical staff to keep software up-to-date.
To obtain a copy of the standard you may download it from the PCI Web site at
https://www.pcisecuritystandards.org/.
EnterpriseIQ Compliance with the PCI Standard

IQMS EnterpriseIQ Credit Card software is compliant with the standard as it applies to our
software. IQMS has taken steps toward compliance with the following PCI requirements:
 “Requirement 3: Protect stored cardholder data” (PCI).

 “Requirement 4: Encrypt transmission of cardholder data across open, public networks”
(PCI).
 “Requirement 6: Develop and maintain secure systems and applications” (PCI).
 “Requirement 7: Restrict access to cardholder data by business need-to-know” (PCI).
Briefly put, EnterpriseIQ employs the following measures: cardholder data is protected using
encryption and strict security measures; data transmission is encrypted using SSL; and
transaction and error logging is employed for tracking and troubleshooting. IQMS software is
developed and regularly tested for security vulnerabilities according to industry best practices.
To be specific, EnterpriseIQ Credit Card is compliant in the following areas, as noted with the
numbering system of the PCI standard:
Requirements 1 and 2 are inapplicable to EnterpriseIQ.
3. “Protect stored cardholder data” (PCI, 10).
3.1."Keep cardholder data storage to a minimum. Develop a data retention and disposal policy.
Limit storage amount and retention time to that which is required for business, legal, and/or
regulatory purposes, as documented in the data retention policy” (PCI, 10). The amount of
cardholder data that is recorded for historical purposes is kept to the minimum required for
business and troubleshooting purposes. The data is stored for settlements, transaction history,
and logging. However, you must develop your own business policies regarding retaining and
purging data. Historical, transaction and log data may be purged at any time from the
Settlements screen.
3.2.”Do not store sensitive authentication data subsequent to authorization (even if encrypted)”
(PCI, 10). Sensitive data is not stored, unless requested by you, the customer.
3.2.1.“Do not store the full contents of any track from the magnetic stripe” (PCI, 11).
EnterpriseIQ does not store magnetic stripe data, since it does not use POS devices.
3.2.2.“Do not store the card-validation code or value (three-digit or four-digit number printed on
the front or back of a payment card) used to verify card-not-present transactions” (PCI, 11). By
default, the card validation code (CVV2) is not stored. However, the CVV2 value may be stored
by WebDirect if your company administrators have set the System Parameter setting, “Prompt
for CVV2 from WebDirect” to “true.” In order to be compliant with the PCI standard, ensure that
the setting is unchecked (“false”).
3.2.3.“Do not store the personal identification number (PIN) or the encrypted PIN block” (PCI,
11). PIN numbers are never stored.

3.3.“Mask PAN when displayed (the first six and last four digits are the maximum number of
digits to be displayed)” (PCI, 12). The Personal Account Number (PAN) or credit card number is
masked when displayed on standard credit card screens; only the last 4 digits of the credit card
number will be shown. The full account number is displayed in Customer Credit Cards and on
the Credit Card Log. Security to Customer Credit cards should be assigned by the company
administrators as they see fit. EnterpriseIQ provides the ability to restrict access to the screen
when accessed from Customer Maintenance or Customer Central. It is recommended to keep
access to such information limited to personnel on a need-to-know basis. Currently both stock
roles IQALL and IQCUST_RW security is Enabled on the sbtnCustomerCreditCards. If
company administrators wish to restrict access to the Customer Maintenance Credit Card screen
these roles should not be assigned. On all other screens customarily used by financial and sales
personnel, the stored, Customer credit card number is masked so that only the last four digits
display.
3.4.“Render PAN, at minimum, unreadable anywhere it is stored (including data on portable

digital media, backup media, in logs, and data received from or stored by wireless networks) by
using any of the following approaches....” (PCI, 12). EnterpriseIQ uses the Advanced Encryption
Standard (AES), also known as Rijndael encryption. AES employs strong cryptography, using a
128-bit key. AES is one of the best encryption standards available; it is currently used by the
U.S. government to encrypt top-secret data. Disk encryption is never used (3.4.1). As a rule, all
sensitive data is encrypted, which means that full credit card data and merchant account
information in System Parameters are encrypted.
3.5.“Protect encryption keys used for encryption of cardholder data against both disclosure and
misuse” (PCI, 13). Encryption keys are set by qualified administrators to encrypt all sensitive
credit card data, and are never tied to user accounts. It the responsibility of your company to
restrict access to the encryption keys by limited, authorized personnel (3.5.1). Since encryption
keys are not accessible through EnterpriseIQ software, you will not be able to access the
encryption keys once encryption is set; therefore, it is essential that your company stores the
keys securely for future use (3.5.2).
3.6.“Fully document and implement all key management processes and procedures for keys
used for encryption of cardholder data, including the following...” (PCI, 13). It the responsibility of
your company to document procedures for key management. Your company's system
administrators have full control over whether or not encryption is used. Encryption is set through
the tools provided in System Parameters (the Encryption button on the Credit Card tab).
3.6.1.“Generation of strong keys” (PCI, 13). Strong keys (128-bit) are generated based on the
passwords provided. The keys are generated programmatically, and never surfaced.
3.6.2.“Secure key distribution” (PCI, 13). Encryption keys are never distributed through
EnterpriseIQ. They must be entered manually, and then securely stored for future use.
3.6.3.“Secure key storage” (PCI, 13). EnterpriseIQ encrypts and stores the keys for internal use.
Once the keys are stored, they are inaccessible.
3.6.4.“Periodic changing of keys” (PCI, 14). EnterpriseIQ allows your company administrators to
change keys periodically. The frequency and manner in which keys are changed depends on
your company procedures.

3.6.5.“Destruction of old keys” (PCI, 14). EnterpriseIQ discards old keys; keys are not stored for
archived data, nor are keys stored for each encrypted record. Old keys are permanently
discarded, and never used again.
3.6.6.“Split knowledge and establishment of dual control of keys (so that it requires two or three
people, each knowing only their part of the key, to reconstruct the whole key)” (PCI, 14). The
Credit Card Data Encryption wizard requires three (3) keys to be entered. Each key may be
entered by a separate individual.
3.6.7.“Prevention of unauthorized substitution of keys” (PCI, 14). Keys cannot be changed

without authorized access. The Credit Card Data Encryption wizard requires that the logged-in
user has DBA access. And for keys to be changed, the old key must be entered first.
3.6.8.“Replacement of known or suspected compromised keys” (PCI, 14). If keys have been
compromised, encryption keys may be changed. Data will be encrypted using the new keys.
3.6.9.“Revocation of old or invalid keys” (PCI, 14). Passwords that have already been used for
encryption can never be used again. They are considered, by default, to be compromised keys.
EnterpriseIQ keeps a record of old passwords (in an encrypted format), and new passwords are
checked against the list.
4.“Encrypt transmission of cardholder data across open, public networks” (PCI, 15). Data
transmission is encrypted over public networks:
4.1.“Use strong cryptography and security protocols such as secure sockets layer (SSL) /
transport layer security (TLS) and Internet protocol security (IPSEC) to safeguard sensitive
cardholder data during transmission over open, public networks” (PCI, 15). All communications
between the EnterpriseIQ Credit Card module and the gateway are conducted over a Secure
Socket Layer (SSL). SSL is an encrypted communication protocol. Data transmitted over the
network through SSL cannot be intercepted, modified or diverted. SSL uses authentication,
where the client and server authenticate each other while transmitting, and all data is encrypted.
4.2.“Never send uninterrupted PANs by email” (PCI, 15). At no time is sensitive credit card data
sent directly to any server via plain text transmission, email or any other protocol.
Requirement 5 is inapplicable to EnterpriseIQ.
6.“Develop and maintain secure systems and applications” (PCI, 17). IQMS develops and
distributes secure applications, and maintains secure systems internally.
6.1. “Ensure that all system components and software have the latest vendor-supplied security
patches installed. Install relevant security patches within one month of release.” (PCI, 17). IQMS
network administrators ensure all software security patches are up-to-date. This requirement
applies to IQMS, not to customers.
6.2.“Establish a process to identify newly discovered security vulnerabilities (for example,

subscribe to alert services freely available on the Internet). Update standards to address new
vulnerability issues.” (PCI, 17). Internal, network administrative staff review security issues,
subscribe to security alert services through email, and regularly monitor Web resources. This
requirement applies to IQMS, not to customers.

6.3.“Develop software applications based on industry best practices and incorporate information
security throughout the software development life cycle.” (PCI, 17). IQMS adheres to the ISO
standard for software best practices. Software and security patches are tested thoroughly before
release (6.3.1). In adherence the ISO standard, IQMS personnel are divided by department with
a separation of duties: development, testing, production and deployment, help desk, and
administration (6.3.2 and 6.3.3). IQMS does not store or process sensitive credit card data in-
house, so live, “production” credit card data is never used for testing or development (6.3.4).
Since the Credit Card module relies on an Oracle “back-end” to store data, no testing data is
release to customers (6.3.5. and 6.3.6). IQMS software is always tested thoroughly by the
Testing department before a release is published (6.3.7).
6.4.“Follow change control procedures for all system and software configuration changes.” (PCI,
18). In compliance with ISO best practices, IQMS documents and publishes all software
changes, including the effect of those changes as needed (6.4.1). No changes are released
which have not first been approved by management (6.4.2), and tested thoroughly by the
Testing department (6.4.3). Worst-case scenarios are considered, should a change fail;
procedure dictates that backups should be made before updating to a new version (6.4.4).
6.5.“Develop all web applications based on secure coding guidelines such as the Open Web
Application Security Project guidelines. Review custom application code to identify coding
vulnerabilities….” (PCI, 19). WebDirect is a Web application, and adheres to the Open Web
Application Security Project (OWASP) guidelines.
6.6.“Ensure that all web-facing applications are protected against known attacks by applying
either of the following methods:…” (PCI, 19). IQMS recommends customers install a farewell on
the server running WebDirect.
7.“Restrict access to cardholder data by business need-to-know” (PCI, 21).
7.1.“Limit access to computing resources and cardholder information only to those individuals
whose job requires such access” (PCI, 21). Access to decrypted, sensitive Customer credit card
account information is available only to limited personnel on a “need-to-know” basis. Unless a
credit card number is entered manually (not selected from existing Customer cards), the full
credit card number is masked on the Credit Card Charge screen. Full, decrypted Customer
credit card information is accessible from only two screens: Customer Credit Cards, and the
Credit Card Transaction Log. Security to Customer Credit cards should be assigned by the
company administrators as they see fit. EnterpriseIQ provides the ability to restrict access to the
screen when accessed from Customer Maintenance or Customer Central. It is recommended to
keep access to such information limited to personnel on a need-to-know basis. Currently both
stock roles IQALL and IQCUST_RW security is Enabled on the sbtnCustomerCreditCards. If
company administrators wish to restrict access to the Customer Maintenance Credit Card screen
these roles should not be assigned. On all other screens customarily used by financial and sales
personnel, the stored, Customer credit card number is masked so that only the last four digits
display.
7.2.“Establish a mechanism for systems with multiple users that restricts access based on a
user's need to know and is set to 'deny all' unless specifically allowed” (PCI 21). EnterpriseIQ
security roles control access to credit card data. You can control access to individual screens
through EnterpriseIQ security. But only users with Oracle DBA access may view full, decrypted,
sensitive credit card data.

10.“Track and monitor access to cardholder data” (PCI, 28). IQMS does not provide network
tracking. Requirement 10 therefore does not apply to EnterpriseIQ. However, IQMS has sought
to apply the principles behind Requirement 10 to the Credit Card module.
10.1.“Establish a process for linking all access to system components (especially access done
with administrative privileges such as root) to each individual user” (PCI, 28). Not applicable; this
is related to network access.
10.2.“Implement automated audit trails for all system components to reconstruct the following
events” (PCI, 28). Not applicable; this requirement relates to network access. Still, IQMS has
applied the principle to EnterpriseIQ to log access to cardholder data:
10.2.1. “All individual user accesses to cardholder data” (PCI, 28). EnterpriseIQ logs all user
access to card holder data through the Credit Card module interface. Each user must log into
EnterpriseIQ; logging uses the login data to track access attempts on an individual basis.
10.2.2.“All actions taken by any individual with root or administrative privileges” (PCI, 28).
EnterpriseIQ tracks access by all users, including DBA users. Network access must be tracked
through your company's network resources.
10.2.3.“Access to all audit trails” (PCI, 28). The Credit Card Log displays an “audit trail” for each
user through the Credit Card Log. Audit trails related to network components must be tracked by
your company's network resources.
10.2.4.“Invalid logical access attempts” (PCI, 28). EnterpriseIQ logs invalid access attempts to
credit card screens. Invalid network access attempts must be tracked by your company's
network resources.
10.2.5.“Use of identification and authentication mechanisms” (PCI, 28). All users are identified
and authenticated through Oracle and EnterpriseIQ security. Network authentication policies
must be established by your company's network administrator.
10.2.6.“Initialization of the audit logs” (PCI, 28). The Credit Card Log is initiated automatically
once EnterpriseIQ is active. Logging cannot be turned off or paused. Audit trails are inevitable
for each user who accesses credit card data. Additional network audit trails must be established
by your company's network resources.
10.2.7.“Creation and deletion of system-level objects” (PCI, 28). Network system level objects
should be tracked by your company's network resources. As it relates to data, the Credit Card
Log tracks when records are created and purged.
10.3.“Record at least the following audit trail entries for all system components for each event...”
(PCI, 29). This requirement applies to networks. The Credit Card Log tracks actions by user,
event type, date and time, action taken, event source (origination), and other related information
about the affected data. As applicable, the data request to the gateway server is logged, along
with the response data from the server. Network event logs however must be maintained by
network administration.

10.4. “Synchronize all critical system clocks and times” (PCI 29). In the Credit Card Log, the date
and time of data access is synchronized with the server date and time so that the sequence of
events is tracked by a consistent chronological standard. In addition, the local machine date and
time are also noted for each log entry. Date and time values in the logs cannot be changed
except by the “IQMS” DBA user through Data Dictionary.
10.5.“Secure audit trails so they cannot be altered” (PCI 29). The requirements of 10.5 relate
mainly to the Network. The principles of requirement 10.5 have been applied to the Credit Card
Log. But the requirements 10.5.3, 10.5.4 and 10.5.5 relate directly to networks and are not
applicable to EnterpriseIQ. Network logs are the responsibility of the company's network
administration. But where the requirements of 10.5 may be applied to EnterpriseIQ, the Credit
Card Log is secure against unauthorized alterations. Access to the log is strictly controlled by
security so that only those, whose job requires access, may view the log. Audit trails cannot be
altered, even by DBA users, unless it is by the “IQMS” DBA user through Data Dictionary.
10.6. “Review logs for all system components at least daily….” (PCI 30). The requirement of
10.6 is directed at network security and business practices. As the principle of the requirement
might relate to EnterpriseIQ, it is the responsibility of your company's data administration staff to
monitor the Credit Card Log for security breaches or unlawful practices.
10.7.“Retain audit trail history for at least one year, with a minimum of three months online
availability” (PCI 30). The requirement of 10.7 is primarily directed at network security and
business practices. As the principle of the requirement relates to EnterpriseIQ, it is the
responsibility of your company's data administration staff to maintain log records for at least one
year to be compliant with the PCI standard. The Credit Card Log does allow administrators to
purge data. But the Credit Card Log also allows administrators to “archive” records, which hides
them from active viewing, but allows them to be viewed if desired.
Customer Responsibilities
There are steps your company should take to ensure the safety of your credit card data. The PCI
Security Standards Council has recommended the following measures:
“Install a farewell. A firewall prevents unauthorized connections to your server. And you would
need to maintain and test it regularly.
"Install antivirus software, and keep it updated. Antivirus software will eliminate spyware and
destructive programs.
"Change the default Oracle and user, IQMS, passwords.
"Enforce a unique user name and password for users logging into EnterpriseIQ software. Do not
share user names and passwords. Take steps to ensure that no unauthorized users will have
access to the credit card screens or data.
"Limit access to the account settings in System Parameters. The screen is available to non-
DBA users. Security should be controlled by your company so that access is limited only to
those who need to modify the merchant account information.

"Routinely purge historical data. Historical data can be purged by transaction date from the
Settlements screen. The PCI Security Standards Council recommends that only enough
historical data is kept for business purposes (PCI 3.1).
If you have undertaken an audit, and in the process you find an area where EnterpriseIQ Credit
Cards is not compliant with the PCI Security Standard, please call IQMS Technical Support at
(805) 227-1122. Our staff is ready and willing to assist you in addressing all PCI compliance
concerns. Areas of potential non-compliance will be reviewed, and a software solution will be
provided, if deemed necessary.

Appendix 2 - Additional Gateway Information
Following is some useful information on the various available gateways.
TSYS
IQMS has become a certified software solution for the TSYS gateway. If you use this gateway,
the credit card account settings in System Parameters will need to be updated with your TSYS
Merchant ID, Device ID, User Name/Operator, and Password, which is provided when your
merchant account is created. The values listed on the confirmation email from TSYS must be
entered in those fields. Although more than one operator may be configured for the account,
enter just the primary operator. If you cannot find this information, contact TSYS Customer Care
Center at 800-552-8227.
TSYS requires 4 pieces of identifying information:

 Merchant ID = Provided by merchant bank to merchant
 Device ID = Provided in initial automated welcome email from TSYS
 Username/Operator = Provided in initial automated welcome email from TSYS
 Password = Defined by the user as part of the welcome email instructions from TSYS
If any one of these fields has not been provided, then a generic error message will display
informing you that there is a problem with your merchant account: ‘Your Credit Card Merchant
account information has either not been completed, or a Credit Card Account is unavailable for
the current currency and EPlant. Please setup Credit Card Merchant information in System
Parameters.’
Note: A Transaction Key can be obtained automatically, if there is no key a prompt will appear
before closing: "A transaction key has not been created. Do you want to obtain a transaction
key now?". If yes is selected, then a transaction key will be generated. Users can select the
'Transaction Key' button to manually entering the transaction key in case the key is generated on
another database and needs to be copied to the edit box.
TSYS Corporate Level Processing

The credit card module in EnterpriseIQ supports Level 2 and Level 3 processing for TSYS. At
the time of authorization in the charge screen, additional information is included as part of the
charge. The processing class is set in System Parameters, on the TSYS Account Settings
screen.
If contracted with TSYS for Level 2 corporate processing, then additional information is obtained
either from the charge screen, the Invoice or Sales Order, and the company or E-plant record.
The extra detail will be obtained and populated on the back end with no additional prompts.

If contracted with TSYS for Level 3 corporate processing, when the “Charge” button is pressed,
the user will be prompted for additional information. The TSYS Authorization form that appears
will be pre-populated with information obtained either from the charge screen, the Invoice or
Sales Order, and the company or E-plant record. If the full amount of an Invoice or Sales Order
is being charged, the user will only need to review the data cursorily before clicking the OK
button; he/she will not need to provide anything additional. Otherwise if a partial amount is
being charged, the user will need to alter quantities and tax amounts so that the itemized
amount is equal to the charge amount.
Level 2 Data
Level 2 processing is available only for Visa, MasterCard and American Express charge cards.
Additional data is sent along with the settlement request.
For Visa and MasterCard charge cards, the following data is sent to TSYS in addition to the
charge or settlement request:
Data Element Value
Tax Exempt If the purchasing card qualifies for tax exempt status, the “Tax
Exempt” check box, located just below the Tax field, on the charge
screen should be checked.
Local Sales Tax If sales tax is charged in addition to the authorized amount, it will be
obtained from the “Tax” field on the charge screen. If provided, the
value cannot be negative, and must be between 0.1% and 22% of the
total authorized amount.
Purchase Order Number A purchase order number is required. The purchase order number is
selected on the charge screen under the “Special Fields” tab. The
value may be pre-populated if a Purchase Order has been associated
with the Sales Order.
For American Express charge cards, the following data will be sent instead:
Data Element Value
Supplier Number The credit card “Transaction #,” which you see on the Credit Card
Settlements screen, is automatically provided as the supplier number,
and will appear on the card holder’s billing statement. American
Express requires an alpha-numeric “supplier number” to be provided
so that transactions may be found later in case an inquiry is raised
after settlement.
Cardholder Reference The reference number contains either the Invoice number, Sales
Order number, or the Purchase Order number, depending on
availability at the time of authorization.
Ship To Postal Code Contains the postal code of the shipping destination as indicated on
“Special Fields” tab of the Charge Screen.
Sales Tax If sales tax is charged in addition to the authorized amount, it will be
obtained from the “Tax” field on the charge screen. If provided, the
value cannot be negative, and must be between 0.1% and 22% of the
total authorized amount.

Data Element Value
Charge Descriptor The transaction description contains either the Invoice number, Sales
Order number, or the Purchase Order number, depending on
availability at the time of authorization. For example, “Invoice # 123”.
Level 3 Data
Level 3 processing is available only for Visa, MasterCard and American Express charge cards.
Much of the data is obtained from the Invoice or Sales Order, and the charge screen. But you
will also be prompted at the time of the authorization for detailed information about the charge.
The following is a complete list of the information used for Level 3 processing:
Data Provided for All Card Types

Data Element Value
Purchase Identifier The credit card “Transaction #,” which you see on the Credit Card
Settlements screen, is automatically provided as the purchase
identifier. You may use this number to track or locate transactions on
the gateway Web site.
Local Tax Specify the local tax on the Level 3 screen. By default, the local tax is
calculated from the itemization. Any item whose tax code is not “VAT
Paid” is considered “local tax.”
National Tax Specify the national tax on the Level 3 screen. By default, the local
tax is calculated from the itemization. Any item whose tax code is
“VAT Paid” is considered “national tax.”
Purchase Order The Purchase Order number is required and is obtained from the
“Special Fields” tab on the charge screen. The maximum length is 17
characters.
Freight Amount The freight is the portion of the charge amount which constitutes
freight or shipping cost. It is indicated on the charge screen.
Duty Amount Note any duty fees in this field.
Destination Postal Code This field will contain the postal code of your customer’s shipping
address, as noted on the “Special Fields” tab of the charge screen.
Destination Country This field will contain the country code of your customer’s shipping
address, as noted on the “Special Fields” tab of the charge screen.
For Visa, this value will contain the three-digit, ISO country code. For
MasterCard, this value will contain the three-character, ISO country
code.
Sender Postal Code This field contains the postal code of the sender address – the location
from where goods will be shipped. You will not be prompted for this
value. By default, the postal code will come from the company file
information in System Parameters, unless you are logged into an E-
Plant. If you are logged into an E-Plant, the postal code will be
obtained from the E-Plant location.
Data Provided for Visa Charge Cards

Data Element Value

Data Element Value
Merchant Tax Identification The Merchant Tax Identification number is obtained from the company
Number (TIN or EIN) file information in System Parameters, unless you are logged into an
E-Plant. If you are logged into an E-Plant, the EIN will be obtained
from the E-Plant location. You will not be prompted for this value.
Customer Tax Identification The Level 3 prompt screen pre-populates the Customer Tax
Number (TIN) Identification obtained from the customer record (in Customer
Maintenance). You may overwrite the value on the Level 3 prompt
screen, if you wish. A check box is provided so that you may update
the customer record if you wish.
Commodity Code Indicate the four-character, international code describing the overall
type of goods or services being sold. This property should contain an
international description code of the overall goods or services being
supplied. The acquirer bank or processor should provide the merchant
an updated listing of currently defined codes. The maximum length of
this property is four characters. This property is only used for Visa
Corporate Purchasing Cards.
Order Date The date when the Sales Order was taken will be provided. You will
not be prompted for this value.

Itemization
Level 3 corporate processing requires significantly greater detail about goods and services being
sold. The items that are being charged must be listed. The list of items is pre-populated from
the Invoice, or Sales Order. If the charge is against an Invoice, then the Invoice will be used;
otherwise, the Sales Order items will be used. You may adjust quantity and unit cost amounts
on the Level 3 prompt screen, if you wish. The total cost of the itemization must equal the total
charge amount. You will not be able to proceed with the authorization until the amounts are
equal. TSYS will only accept an integer for Quantity and 2 decimals for Amount. If the quantity
and/or price on the sales order has a different decimal precision, in the Level 3 Addendum
Itemization tab, the charge amount may not equal the itemized amount. The quantity or price on
the sales order will need to be modified in order to make the amounts balance.

Note: In order to proceed with the charge the user must change the sales order to make
transaction balance.
Note: When selecting the ‘Adjust amounts to match total charge amount’ button, the calculation
is based on the total for the Sales Order or Invoice. Amounts will be recalculated based on the
Sales Order or Invoice and manual adjustments may be required.
Most of the information is obtained from the Inventory item and the Invoice or Sales Order. You
will be prompted to provide a commodity code if charging a Visa card. But if you are charging
the full amount of the Invoice or Sales Order, you will not need to modify the itemization.
The following is a list of fields sent for all charge card types:
Data Element Value
Product Code The inventory item number is provided from the master inventory
record. This value will not be sent for miscellaneous items. This value
is read-only.
Item Description The inventory item description. If this is a miscellaneous item, then
the miscellaneous description will be sent. This value is read-only.
Unit of Measure The item unit of measure (UOM) obtained from the master inventory
record. This value is read-only.
Discount Amount If a discount percentage has been applied, this is the amount of the
discount. This value is read-only, and is calculated from the details:
(Quantity * Unit Price) * (Discount / 100)
Quantity The item quantity. You may adjust the quantity so that the itemization
reflects what is being charged.
Tax Rate The tax rate used to calculate the Tax Amount.
Tax Amount The amount of the tax. You may change this value on the detail,
regardless of the tax code applied.
Line Item Total The total for the line item. This value is read-only, and is calculated
from the details:
((Quantity * Unit Price) + Tax Amount) – Discount Amount
The following is required only when charging a Visa charge card:
Data Element Value
Commodity Code Indicate the four-character, international code describing the type of
item.
Unit Cost The unit cost defaults to the value listed on the Invoice or Sales Order,
but may be changed to ensure the itemization total agrees with the
charge total.

The following is required only when charging a MasterCard charge card:
Data Element Value
Discount Rate Percentage of the item amount that has been discounted.

Authorize.Net
The Hash Value setting in System Parameters is currently unused. IQMS recommends that our
customers do not enter a hash value.
Due to the method EIQ uses to connect to the gateway, the Password-Required mode must be
enabled. Login to the Authorize.Net website to verify this setting.

A Login Name and Transaction Key must be configured in the credit card account settings in
EIQ in order to settle transactions. The Login Name is the API Login ID. Users may obtain a
new transaction key as often as they wish. When a new transaction key is created, ensure this
key is configured in EIQ.

Authorize.Net allows you to flag certain fields as required. However, EnterpriseIQ Credit Cards
only uses the “address” and “zip” fields for address verification. If Email Address is flagged as
required in the Authorize.Net settings, EnterpriseIQ obtains the email address the Prime Contact
Email in Customer Maintenance.
Note: Requiring additional fields may result in unexpected errors. Therefore, it is recommended
that the default options be accepted, and that optional fields are not flagged as required.
Elavon
Elavon processes cards through My Virtual Merchant. (https://www.myvirtualmerchant.com) To
verify the PIN number that should be configured in EIQ credit card account settings, login to My
Virtual Merchant and choose Change PIN.

Elavon needs to settle immediately. The Charge Method will be grayed out in EIQ Credit Card
Account Settings as a reminder that is the only option available.
Elavon only processes in USD. To accommodate multi-currency, Elavon offers its customers an
extra service called DCC. But the DCC program is available only through a Web interface. EIQ
cannot support DCC.
PayPal
Users must have an approved PayPal seller account before processing credit cards with PayPal.
Their account must be a "Website Payments Pro" Business account. Personal and Premier
accounts will now allow the user to authorize credit cards through EnterpriseIQ. And the
"Website Payments Pro" feature must be enabled for EnterpriseIQ to communicate with the
PayPal gateway.
Once their PayPal account has been approved, enter the account settings in System
Parameters. Select PayPal as the gateway, and click the Account Settings button. Enter the
account information, as provided by PayPal. If incorrect account settings are entered, the user
may receive the following error when attempting to authorize a credit card:
527: [10002] Security error. Security header is not valid.
The most common cause for this error is incorrect login information. Please verify that the
PayPal account information entered in System Parameters is correct. If the values in System
Parameters match your recorded account settings, it is possible that the account may not be a
Website Payments Pro account. Log onto to the PayPal Web site, and verify that you have
activated Website Payments Pro on your account. If your account has worked in the past, but
now is no longer working, then it is possible that your account has been deactivated. Contact
PayPal to determine the status of your account.
(Screen shot from DEMO account settings)

The Account Type will be grayed out in EIQ Credit Card Account Settings to inform the user that
a business account is the only account type that will work.

Merchant e-Solutions
IQMS has become a certified software solution for the Merchant e-Solutions gateway. If you use
this gateway, the credit card account settings in System Parameters will need to be updated with
your Merchant e-Solutions Profile ID and Key, which is provided when your merchant account is
created. The values listed on the confirmation email from Merchant e-Solutions must be entered
in those fields. If you cannot find your Profile ID and Key, a new one can be obtained by
contacting Merchant e-Solutions' Help Desk at 888-288-2692.
Note: The Merchant name, city and state need to be entered. If any one of these values are not
entered, the system will display the following warning: ‘Merchant name, city, and state must all
be entered in order to perform certain operations such as refunds. It is highly recommended that
all three fields be completed. Do you want to enter them now?’ Users can click past the
warning, however, you may run into errors during charging or required information may not go
through to the gateway.
If the Merchant Name is not entered, during credit card charge, the user will receive the following
error: ‘Your Credit Card Merchant account information has either not been completed, or a
Credit Card Account is unavailable for the current currency and E-Plant. Please setup Credit
Card Merchant information in System Parameters.’
If City is not entered, the system checks if all three required elements have been provided. If
one element is missing, then the system will assist the user by not passing any. This allows the
transaction to go through; however, it does mean required information may not be sent to the
gateway.
If State is not entered, during credit card charge, the user will receive the following error:
‘Authorization error. 593: Merchant Name, ServicePhone, and State must ALL be specified, or
ALL be empty.’
FirstData
When setting up this gateway, the Group ID is mandatory. This information comes from the
provider along with the Merchant ID and Terminal ID.
Notes:
 When charging the SO number is required by FirstData.
 Manual transactions must be flagged as settled for FirstData.
 Users can enter a STAN number during manual transactions. This will be required in order to
refund the manual transaction.

72
Index
Mark Current transaction as Settled • 35
A Mulitple Invoices or Sales Orders, Charging • 22
Accepted Credit Cards • 3
Add a Manual Transaction • 37
O
Additional Options • 40 On Hold • 32
Address Verification • 22 Option Menu in Settlement form • 47
Appendix 1 - IQMS Compliance with the
Payment Card Industry (PCI) Credit Card Data
P
Security Standard • 49 PayPal • 58
Appendix 2 - Additional Gateway Information • Prompt for CVV2 from IQWebDirect • 4
58 Purge Credit Card Transactions • 41
Attached Credit Card • 20 Purge Log Data • 41
Authorize.Net • 58
S
C
Settle a Batch • 35
Cash Receipts • 48 Special Fields • 22
Charge back • 35
Charge Credit Card • 22 T
Charge Multiple Sales orders or Invoices • 22 Transaction Details • 46
Credit Card TSYS Corporate Level Processing • 58
Address Verification • 22
Credit Card Encryption • 10 V
Credit Card Gateway • 4 Validate • 22
Credit Card Gateways • 4 View Menu in Settlement Form • 46
Credit Card Settlement • 32 Void • 35
Credit Card Transaction Log • 41
Credit Cards in EnterpriseIQ • 2
Customer Credit Cards • 17
E
Elavon • 58
Encryption • 10
Encryption Removal • 10
F
Force Settle Current Transaction • 35
G
Gateway Options • 4
M
Manual credit Card Transaction • 37

Credit Cards

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Credit Cards

Diunggah oleh

Hak Cipta:

Format Tersedia

EnterpriseIQ

Copyright © 1989-2017, IQMS. All rights reserved.

Credit Cards in EnterpriseIQ 2

Credit Cards in EnterpriseIQ Page i

Credit Cards in EnterpriseIQ

Credit Cards in EnterpriseIQ Page 2 of 74

Accepted Credit Cards

Credit Cards in EnterpriseIQ Page 3 of 74

The current gateway options in EIQ are:

Credit Cards in EnterpriseIQ Page 4 of 74

Description Enter a description of the merchant account.

Credit Cards in EnterpriseIQ Page 5 of 74

Credit Cards in EnterpriseIQ Page 6 of 74

Credit Cards in EnterpriseIQ Page 7 of 74

Credit Cards in EnterpriseIQ Page 8 of 74

Credit Cards in EnterpriseIQ Page 9 of 74

Note: The card holder name or expiration date is never encrypted.

It is recommended you do the following before updating to the new keys:

Credit Cards in EnterpriseIQ Page 10 of 74

 The PCI requirements for strong passwords include the following:

Credit Cards in EnterpriseIQ Page 12 of 74

Credit Cards in EnterpriseIQ Page 13 of 74

Credit Cards in EnterpriseIQ Page 14 of 74

Credit Cards in EnterpriseIQ Page 15 of 74

Credit Cards in EnterpriseIQ Page 16 of 74

Credit Cards in EnterpriseIQ Page 17 of 74

Credit Cards in EnterpriseIQ Page 18 of 74

Credit Cards in EnterpriseIQ Page 19 of 74

Credit Cards in EnterpriseIQ Page 20 of 74

Close - This will close the Attached Credit Card form.

Credit Cards in EnterpriseIQ Page 21 of 74

Credit Cards in EnterpriseIQ Page 22 of 74

This form has three tabs with the following information:

Credit Cards in EnterpriseIQ Page 23 of 74

Credit Cards in EnterpriseIQ Page 25 of 74

Credit Cards in EnterpriseIQ Page 26 of 74

Lower Button Options:

Charging Multiple Invoices or Sales Orders

Credit Cards in EnterpriseIQ Page 27 of 74

Credit Cards in EnterpriseIQ Page 28 of 74

Credit Cards in EnterpriseIQ Page 29 of 74

Credit Cards in EnterpriseIQ Page 30 of 74

Credit Cards in EnterpriseIQ Page 31 of 74

Credit Cards in EnterpriseIQ Page 32 of 74

The Batch # field under the Settlement Amount

Credit Cards in EnterpriseIQ Page 33 of 74

Credit Cards in EnterpriseIQ Page 34 of 74

Credit Cards in EnterpriseIQ Page 35 of 74

Charge Back (Refund)

Credit Cards in EnterpriseIQ Page 36 of 74

Credit Cards in EnterpriseIQ Page 37 of 74

Credit Cards in EnterpriseIQ Page 38 of 74

Credit Cards in EnterpriseIQ Page 39 of 74

Search - This will bring up a pick list of transactions.

Transaction Details - See Transaction Details for information.

Close - This will close the Settlement module.

Credit Cards in EnterpriseIQ Page 40 of 74

Credit Cards in EnterpriseIQ Page 41 of 74

Credit Cards in EnterpriseIQ Page 42 of 74

Purge Log Data

Credit Cards in EnterpriseIQ Page 43 of 74

Credit Cards in EnterpriseIQ Page 44 of 74

Credit Cards in EnterpriseIQ Page 45 of 74

There are two tabs on this form.