When processing credit and bank card securely, several measures must be taken into account:
With Release 27.1 the manual entry of credit card numbers is more secure for Point to Point Encryption, aka Transactional Security (Option 1345=Y). POS stations now have the ability to launch a secure card entry dialog that communicates directly to the Epicor Gateway in order to retrieve a token for use in card processing functions. This applies to bankcard entry on the POS Totals screen, stored credit card entry in Customer Maintenance (MCR’s Go To Menu A), and when adding a payment transaction in Credit Authorization Detail Viewer (CARD).
Navigate to Device Configuration.
Enable the Secure Card Entry Device.
Press Change.
Exit and re-enter POS.
Once enabled, when a clerk attempts to manually enter a credit card a secure connection is made to the Epicor Gateway’s Hosted Token Page website and the website’s Secure Card Entry dialog displays for the clerk to enter the card’s information. This information is securely passed to the Epicor Hosted Token website and a token is generated and pasted back into the POS credit card field. This eliminates the accidental entry or saving of an unencrypted card number in Eagle.
Important: If your network employs content filtering (CFS) for your computers, you must have the https://sce.toogo.io URL open for Secure Card Entry.
The first time this dialog launches, the system takes a few seconds to load because it has to pull your customer specific Token ID. Subsequent transactions will load more quickly.
Secure Card Entry validates the card numbers to verify the card data. If it returns a “bad acct number” response, check that the card number was entered properly.
In Release 29.1, the system also automatically provides notifications based on specific triggers to adhere to new mandates for keeping customer credit card information on file. Issuers now have more specific requirements for storage and use of credit card data for future purchases and billing. Merchants must identify when a card is initially stored and subsequent authorization requests. The following triggers are applied:
Stored Credit Card Data - When a major credit card brand is stored in the customer credit card file, the system sends a zero dollar ($0.00) authorization request to alert the processor that the card information is being stored.
Data Conversion - When a major credit card is converted from another system to Eagle for Windows, the system sends a zero dollar ($0.00) authorization request to alert the processor that the card information is being stored on the Eagle system.
Consumer Initiated Transactions - When the system uses a stored credit card in the POS Totals dialog box as the payment method on a transaction, the authorization request includes data to indicate the consumer initiated the transaction.
Additionally, when clerks selects a stored credit card from the Misc. Menu > Credit Card option in the POS Totals dialog box, then they must use the Initiated By drop down to select if the transaction is merchant initiated or customer initiated. The system can then send the appropriate card-on-file indicators with the authorization request. The default is Customer Initiated.
Merchants who store cardholder information on their system are now required to maintain written authorization and consent from the cardholder. This agreement must be retained for the duration that the card is stored and be provided to the Card Issuer upon request.
This signed consent must include the following:
A truncated version of the Stored Card (last 4 digits), as it may be updated from time to time.
How the Cardholder will be notified of any changes to the agreement.
How the Stored Card will be used (future purchases/payment on account, etc.).
The expiration date of this agreement, if applicable.
The fixed dates or intervals when Recurring Transactions will be processed.
The following represents a traditional disclosure consent form used in these situations:
I/(we) hereby Authorize (Merchant) to store my (our) credit/debit card ending in (insert last 4 digits of the card number). I further authorize (Merchant Name) to make repeated and/or unscheduled charges to my(our) credit/debit card for future purchases that I verbally or otherwise authorize from time to time and, if necessary, initiate adjustments for any transaction errors. This authorization will remain in effect until (inset Merchants name) is notified by me to cancel this authorization.
I further understand and agree to abide by (insert merchant name) refund policy related to this or any other purchases made with my credit/debit card on file. Any future changes made to this agreement will be sent via email at the address listed below.
Cardholder Signature: Date Signed:
Cardholder Name:
Cardholder email address: