Payment Processing Software Security Guide

911 Software is committed to the security of your company and and your customers.
Security Through Credit Card Software

IMPORTANT SECURITY GUIDELINES

All credit card processing software versions starting with 3.01.09 are certified by VISA to be fully compliant with the latest CISP Payment Application Best Practices security requirements and are designed in accordance with PCI Data Security Standard guidelines.

Warning: Processing payments through CreditLine versions older than 3.01.09 is an industry standards violation and may result in heavy penalties.

For the latest and best in security technology we strongly recommend upgrading to a version 3.03.12 or newer.

We are currently working on the next generation of payment application security, PA-DSS. PA-DSS will become an industry requirement in June 2010 at which point it will replace the current PABP CISP standard. Expected PA-DSS version release date: Q4 of 2008.

Pre 3.0 Versions End Of Life Announcement

PA-DSS Definition
PA-DSS: Next Generation Security Standard for Payment Processing Software

PA-DSS is the next generation PCI Security Guidelines that replaces the older PABP standard. The PABP program was created and overseen by Visa. Now, through PCI SSC, the five majorglobal payment brands (American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.) will support the PA-DSS, allowing even greater opportunity to standardize security requirements, Qualified Security Assessor testing and lab methodologies, and approval processes for payment applications.

Important Dealines
Deadlines

* Jul 1, 08 – VNPs and agents must only certify new payment applications to their platforms that are PABP-compliant
* Aug 1, 08 – New payment application assessments will be assessed under the PA-DSS
* Oct 1, 08 – Newly boarded Level 3 and 4 merchants must be PCI DSS compliant or use PABP-compliant applications
* Jul 1, 10 – Acquirers must ensure their merchants, VNPs and agents use only PA-DSS-compliant applications

911 Software will certify PA-DSS compliant version of CreditLine payment processing software by the end of 2008

Documentation

* PA-DSS Dealer and End-User Guide
* PCI Security Standards Web Site

PABP Documents

* CISP Payment Application Best Practices (PABP) for POS Credit Card Software
* PCI Data Security Standard
* List of CISP PABP certified Payment Applications

Please see Credit Card Software Security Setup Guide for review of CreditLine credit card processing software security features.


Security Through Hardware

For internet security and Dial-Up backup we recommend a hardware firewall router with Dial Back-Up such as Netgear FR328S (8-port Cable/DSL ProSafe Firewall with Dial Back-up)




Cardholder Information Security Program - CISP

911 Software has followed CISP guidelines to ensure cardholder account security in credit card software

The following steps have been taken:

1) Truncation of credit card account numbers in CreditLine credit card software

2) Encryption of credit card cardholder data in CreditLine credit card software

3) Password protection of credit card data in CreditLine credit card software


For the purposes of CISP security certification:

1) 911 Software does not store, handle, and/or process cardholder data

2) 911 Software does not have access to any of the cardholder data that the merchants process

Givex Loyalty Payment Processsing Released

Gives Royalty is released in the version 3.03.18 Beta of 911 CreditLine Payment Processing Software.

For more info on CreditLine Credit Card Processing Software, please see http://www.911software.com.

Moneris Canada Credit Card and Debit Card Processing is Released

Moneris Canada Credit Card Processing and Debit Card Processing is Released.
For more info on CreditLine Credit Card Processing Software, please see http://www.911software.com.

Paymentech Debit Card Support Released

Paymentech Debit Card Support is Released!
Please see http://www.911software.com downloads section for more info.

MIGS, ValueLink Datawire CreditLine Credit Card Processing Software Released!

MIGS, ValueLink Datawire CreditLine Credit Card Processing Software Released!

See version 3.03.14 and http://docs.911software.com for details.

New Version 3.03.14 Released!

http://www.911software.com/downloads.htm

2007-11-30 3.03.14

o Now Business Name 2 is a required field. Please fill it with store#, outlet, revenue center name, or street, city name.

o Removed the tip entry field for non-hospitality industries.

o Added email and phone number fields to the setup sheets.

o Added button to fill in the default dialup phone numbers.

o Changed the invoice number to folio number for hotels.

o List all the merchant indexes even if the user does not have the access to them. But give warning if they select the one they can not access.

o Only the supported connections show up in the processor setup to avoid mistakes.

o Added links to the web site for help documents.

o Mask account numbers in historical journals.
[911_CCV]
MaskAccountNumberInBackupJournal=YES
;Default is NO

o Added functions in CLCAPI to retrieve available merchants.

o Added functions in CLCAPI to do real auth in a rush approval situation.

o Reprint multiple slips in View / Modify.

o Changed 'Add Tip' to 'Finalize' for non-restaurant industries.

o Fixed the issue where importing gift card transactions truncates account numbers.

o Expanded the error details for Paymentech 412 Errors.

o Show Dialup Backup mode, Rush-Approval mode, etc in the status window.

o Increased the number of users to 20 per merchant.


o Support for MasterCard International Gateway Service (MIGS). Available worldwide.

o Support for 5/3 gift cards.

o Support for Chase Paymentech (Restaurant, Retail, Mail Order, Lodging)

o Support for ValueLink gift card via DataWire.

o Failover support (Dialup Backup)
[911_CCV]
UseDialupBackupMode=YES
;Default is NO

o Easier connection setup where connection types and parameters are linked.

o Added upper limit to prevent wrong amounts.

o Automatically retry batch if the host returns duplicate batch ID errors.
[911_CCV]
AutoRerunDupBatch=YES
;Default is NO

o Duplicate transaction detection. Transactions with the same account number and amount within a specified time window will be returned as duplicates.
[911_CCV]
CheckDuplicateTrans=YES
;Default is NO

o CLCAPI.INI now can be shared. Each client can have its own section in the file.

o Error statistics. Errors are written in a csv file: CCV_ERROR.CSV for error analysis.

o Increased the zip code to 6 chars for Canadian installations.

o Added functions in CLCAPI to retrieve settle-able card types.

o Better support for ICVerify. If a force transaction is sent and a matching transaction is found in the journal, then it is changed to a 'add tip' transaction.
[911_CCV]
TryForceAsFinalize=YES
;Default is NO

o Fixed an issue where printing batch reports from the batch archive dialog box gives the wrong dates.

o Support for FDC-North (eCommerce, Lodging).

o Improved the 'Apply To Auths' button in settlement setup to populate the parameters.

o Disabled selective batch for host-capture processors.

New 911 Software CreditLine Credit Card Software Version 3.03.10

New 911 Software CreditLine Version 3.03.10 released today has a number of important upgrades. It is HIGHLY RECOMMENDED that you review the highlights below to make sure that your customers are receiving the best service. The version is available at http://911software.com/downloads.htm

FDC New DLL Slow Down Fixed. This version uses the older DLL provided by Datawire for FDC, since we have discovered that the newer DLL is significantly slower. We are actively working with Datawire to help them resolve the issue. Note: the slowdown may also be affecting Global IP customers. Average periodic delay is 2-6 seconds on some transactions and batches. The new DLL was introduced in version 3.03.x to enable Datawire ID Registration. Functionality is not affected outside of registration feature and speed.

Debit Card Support (Nova). See http://911software.com/credit_card_processing_software/index.php?title=Using_Debit_Card_Cards for more info

Pin Pad Support (Verifone 1000se). See http://911software.com/credit_card_processing_software/index.php?title=Pin_Pad for more info.

Hotel/Lodging Industry Support (Nova)

Automatic Batch Count Management (Limit Reduced). This is an improvement on the feature introduced in 3.03.09 (upgrade to 3.03.10 is necessary). Due to limitations of Windows Network Libraries, network slowdowns and the limit to the number of transactions allowed by some processors, very large batches may experience problems. See http://911software.com/credit_card_processing_software/index.php?title=CreditLine_Automatic_Batch_Count_Management for more information.

Corrupted Journal Recovery. Corrupted journals (e.g. due to hard drive failure or unexpected server shutdown) can be recovered by using the Archive utility. See http://911software.com/credit_card_processing_software/index.php?title=Corrupted_Journal_Restoration for more information.

See Release Notes below for other great new features and fixes.

COMING IN NEXT RELEASE: Full MOTO Certification!

Version 3.03.10 Release Notes from http://www.911software.com/ReleaseNotes.htm

2007-04-02 3.03.10

o Nova Hotel / Lodging Support

o Nova Debit Support

o VeriFone 1000se Pin Pad Support

o Added Summaries for Gift Card Transactions in View / Modify

o Card range lookup should skip unaccepted card types

o Automatically reload the configuration whenever it is changed
[Config]
AutoReload=YES
Default is YES

o Gives warning if the connection setting is wrong

o Limit the Operator Number to 4 digits

o clcBatch in the API should batch credit cards and gift cards

o Added clcLoadTransactionByTransId in the API to load a transaction in the current journal or previous journals

o Added credit, gift, debit types in front of processor names in the selection list

o Gives warnings on bad logins and if the password has been changed within the past 7 days

o Timeout Reversal should not be sent if the transaction fails at the connnection step

o Added client name and transaction ID on each line in the log

o Wrong dates were printed in the Previous Batch Summary Report

o Added the account type column in the card detail report

o Prevented View / Modify from crashing when the journal has corrupted records

o Added filter in the journal re-sequence procedure to skip the corrupted records

o Made DataWire TCP DLL and VXN DLL co-exist
To use the TCP DLL, choose DLL in the connection parameters dropdown list.
To use the VXN DLL, choose VXN in the connection parameters dropdown list.



Kind Regards,

Zorrik Voldman

===========================================

RSS News Feed: http://www.911software.com/credit_card_software.xml
Documentation Web Site: http://docs.911sofware.com
Dealer Web Site http://dealer.911software.com


911 Software, INC - Credit Card Point Of Sale Processing Software
http://www.911software.com

New Version 3.03.09 Released!

2007-01-29 3.03.09

o Added DeleteCard in card store functionality

o Nova Hotel / Lodging Support (Alpha)

o Removed excessive warnings in the log

o Fixed the user name, password starting with the same character sequence error

o Removed the Not All Auths Match warning for gift cards

o Added code during settlement to divide the batch into blocks if there are too many transactions
[911_CCV]
BatchMaxTransactionCount=400
Default is 400

o Added warning messages when the DataWire has not been obtained through processor registration

o Fixed the settlement error when there are unsupported card types in the batch

o Added code to not allow VISA to be disabled since it is the default card type

o Added warning messages when the test config file is being used

o Added warning messages when the server is in demo mode

o Expanded the card type selection dialog box in authorization and settlement setup to include processor type and connection info

FDC Nashvile Envoy Dial-Up Patch Released

See Patches on http://911software.com/downloads.htm

This patch is necessary for every client using FDC Nashvile (Envoy) Dial-Up all versions below 3.02.09

Fixes:

Some cards may fail to batch even though successfully authorized

Files:

BIN.zip - right click and select Save Target As

Contains:

\911\bin\ccv_manager.exe

\911\bin\ccv_server.exe

Instructions:

1) Upgrade to 3.03.08, if running older version

2) Unzip BIN.zip into \911\bin directory overwriting 911\bin\ccv_manager.exe & 911\bin\ccv_server.exe

New Credit Card Processing Software Version Released 3.03.08

Version 3.03.08 has been released.

2006-12-21 3.03.08

o Added card store functionality through client API

o Added checkbox in View / Modify to list duplicate transactions

o Added AMEX split settlement setup warnings

o Filtered out the unused card types in card number lookup

o Changed Apply-To-All-Auths to only apply to same card classes, e.g. Apply [Default] to credit cards only, not gift cards

o Fixed View / Modify not showing gift card activation totals

http://www.911software.com

http://us.lrd.yahoo.com/_ylt=Ai7_n8D6ph4tpR6GbJ8yki8E1vAI/SIG=110kbfrnc/**http%3A//www.911software.com/