Transactional Security Overview
As
the recent high profile security breaches at several major retailers have
demonstrated, both retailers and consumers are demanding more secure payment
functionality. In response, Epicor now offers Eagle Transactional Security,
which provides a completely secure solution where credit card information
is encrypted on the PIN pad device itself, and then passes through the
Eagle system to the Payment Gateway. This process will insure that no
sensitive credit card account information can be obtained by accessing
the Eagle system. This new functionality also offers tokenization services
where a token is issued back to the Eagle system that represents the original
account information. The token can be used for returns, adjustments, or
recurring billing that need to be processed at a later time.
This
service works for all the major card brands including Visa, MasterCard,
AMEX and Discover. In addition, it will not interfere with any local Gift,
Private Label, or off-brand card programs you have already implemented.
- Point-to-point encryption
– At the point the credit card is swiped, inserted, or manually entered
on the PIN pad, the account information is immediately encrypted until
it arrives at the Epicor Payment Gateway, where it is decrypted and
sent through secure connection to the processor.
- Tokenization –The
authorization response from the Epicor Payment Gateway will return
back to Eagle a “token” that represents the original credit card number
from the request. This token can be used for subsequent transactions
like voids, returns, or adjustments so there is no need to retain
the original sensitive credit card account information. The token
issued is only valid when reused by your business communicating to
the Epicor Gateway. The token created also maintains the first six
and last four digits of the original credit card number so you can
still match account numbers to previously tendered transactions. Tokenization
will also be used to replace stored credit cards added on house charge
accounts that are used for recurring billing. In addition, a utility
has been added that converts all the existing stored credit card numbers
for house accounts into tokens. All other credit card functions and
procedures remain the same, except that instead of using the actual
credit card number, you are using the much more secure token number
to process follow-up transactions.
Eagle has a utility
that will allow you to convert all major stored credit card numbers for
house accounts into tokens. This change will allow you to process all
other credit card functions in the normal course of your business, but
instead of using an actual credit card number you will use a token.
Below
are some of the most common use cases for Transactional Security:
- A
customer is paying for their transaction with a credit card by swiping
the card on the PIN pad. The credit card information is immediately
encrypted by the PIN pad and passed to Eagle POS to be processed. The
Eagle makes a secure connection to the Epicor Payment Gateway and
passes the encrypted data. At the Gateway, the card information
is decrypted and passed along to the processor for approval. The processor
response is passed back to the Epicor Payment Gateway. The Gateway
removes the sensitive account information and replaces it with a token
before responding to the Eagle.
- A
customer wants to store their credit card number on their account
so they can contact you to authorize payment for their invoices, deliveries,
or services. The account number being added is automatically converted
into a token which can be reused over and over and will not expire.
- If
a customer's credit card is unable to be swiped, the cashier or customer
can manually enter the credit card number and expiration date on the
pin pad. The account number being entered is also encrypted before
being sent to the Epicor Payment Gateway for processing.
- The
store manager needs to make an adjustment to a previous transaction
processed using Eagle Transactional Security. The manager can simply
look up the token and expiration date in QuickRecall, enter the token
in POS in the credit card field, and Eagle will process the transaction
as if the original credit card number was entered.
As
of release 25, EBT and FSA cards can be used with Transactional Security
Epicor Payment Exchange:
- For EPX, any additional charges or credit must
be done through Eagle and not through the
virtual terminal. This is due the fact that the token created by the
Transactional Security cannot be used in the virtual terminal which
requires the full bankcard number, so this is a different process
for some customers using virtual terminals.
Offline
Point of Sale:
In offline mode, if you swipe,
insert, or manually key in the bankcard number on the pin pad, the
pin pad will encrypt the bankcard. This encrypted bankcard will be
sent to the Gateway when Eagle and the Gateway are online again. One
caveat in offline is that the bankcard encrypted in offline will not
show the token in Quick Recall, it will only show the encrypted number,
which has details of the original bankcard (first 6 numbers and last
4 numbers) but they cannot use the encrypted bankcard number in QR
for returns or further charges.
In
Store Gift Cards:
Because In Store Gift Cards
are processed by Eagle and not by the Gateway, they will not be encrypted
or tokenized. If any ISGCs are encrypted or tokenized, they
will not process in Eagle. We recommend all customers start
any ISGC numbers at “7777”.
Current limitations:
- Not
currently available for Canada or any other countries or territories
not processing through the Epicor Gateway
- These
Bin Ranges for In Store Gift Card cannot be used:
- 34XX
- 37XX
- 4XXX
- 51XX – 55XX
- 6011
- 622126 – 622925
- 644X – 649X
- 65XX
- X = Any number
Card brands :
This service will work for the major card brand:, Visa, MC, AMEX and
Discover. It will not work for ISGC, PLC and other off brands.
