Securing Credit Card Information

Contents of this Topic: ShowHide

Setting Security and Payment-Related System Parameters

SecureAccountNumbers

Default setting = FALSE

Recommendation: Set to TRUE

• If TRUE, SEOM will encrypt credit account numbers in 2 locations; order records and transaction records. Transaction records are created when a credit card is charged. Every credit card account number in the store data file the MS Access or SQL database that contains the users order information and program preferences. It does not contain Reports, which are housed in the Monsoon OMS program file (MS Access database). will be encrypted, and once completed, the encryption cannot be reversed by the program. Changing the system parameter setting back to False will not decrypt the account numbers.

• This parameter does not block the credit card number from being viewed in the user interface, however, as the program is able to decrypt the data for display at the Process Orders screen synonymous with the Microsoft Access Form object or graphical user interface (GUI). This parameter does make it impossible for someone to get the credit card account number by looking directly in the database tables. If an unauthorized person gains access to the store data file, they will not be able to access the account information without having the SEOM application as well.

• To prevent full credit card numbers from being displayed in the program, refer to system parameter, HideAccountNumbers.

DeleteDownloadTextFiles

Default setting = FALSE

Recommendation: Set to TRUE

If TRUE, SEOMdeletes the text files that are created when orders are imported from a shopping cart an e-commerce software system that allows a retailer to sell products on the Web. In the context of Monsoon OMS, it refers to the settings that describe a merchant's web store to the program, allowing it communicate with the online shopping cart and import orders and other information system. Those text files may contain card account numbers, depending on the shopping cart in use.

If FALSE, the program moves these text files to the Data Archives directory, and the account numbers in these files are not encrypted.

This measure is highly recommended if the merchant wishes to be Visa-certified. See CISP compliance validation on Visa's web site for more information.

AllowDeleteCreditCardInfo

Default setting = FALSE

Recommendation: Set to TRUE

If TRUE, the program adds a selection on the Data Functions tab of the Settings menu called Delete Old Credit Card Info. If clicked, the user is prompted to select to "left-click" the mouse on an object, usually a row in a table, in the context of Monsoon OMS documentation a date (it cannot be less than 30 days from the current date). Credit card data is deleted in records where the order or transaction date is up to and including the date specified by the user.

Note: Once credit card data is deleted, the only way to restore it is with a backup copy of the data file.

CCLoadPartial

Default setting = FALSE; If set to TRUE, system parameter SecureAccountNumbers must be set to FALSE

Recommendation: Set to FALSE unless you capture credit card payments at the web site and you do not need to process credits or other transactions in SEOM

If TRUE, the program only stores the first four digits and the last four digits of card numbers even if the program receives the entire credit card number. Additional transactions cannot be run, and therefore the vendor may not be able to issue credits to customers’ cards depending on the shopping cart. Also, SEOM may not be able to determine the card type if the entire card number is not present. To get around this, run the credit card capture at the web site and manually log the payment as received in SEOM.

HideAccountNumbers

Default setting = FALSE

Recommendation: Set to TRUE

If TRUE, full credit card account numbers are blocked from view in the user interface; only the last 4 digits of the account number are visible. Should be used in conjunction with system parameter, SecureAccountNumbers.

Securing Credit Card Data before Sending Files to SEOM for Troubleshooting Purposes

The Store Data File

1. Use SEOM’s zip utility to secure the MS Access data file. This process does not work for SQL databases.

2. Have all users exit SEOM on all workstations.

3. Close all other applications that might be using the store data file, such as UPS Worldship, etc.

4. Go to the Main Menu and press [Ctrl+Shift+Z].

5. The utility copies the data in the store file the database used by Monsoon OMS that contains all order, customer, inventory and supplier records related to a given "store". into a new MS Access database in which all credit card numbers are changed to all zeros ("0000000000000000"). The file is also zipped by the utility.

6. Send the zipped file to SEOM via email, FTP, etc.

Order Import Text Files

If Stone Edge tech support requests a text file from the Data Archives folder:

1. Open the file in Notepad or Wordpad.

2. Manually remove all account numbers from the file.

3. Transmit it to SEOM.

Order Import XML Files

If SETI tech support asks for a copy of an XML a mark-up language similar to HTML, except that it is used to structure data, not display it. XML is used to order data in such a way that it can be passed between applications with relative ease. file to analyze an order import problem:

1. Open the file in Notepad or Wordpad.

2. Manually delete credit card numbers, denoted by the "<number>" tag, before transmitting to SEOM.

Created:

Revised: 8/6/12

Published: 04/13/16