Q: After installing Transactional Security service, will all my stored credit card numbers be tokenized?
A: No, to do this, call the Eagle Advice Line for assistance in running a utility to convert all credit card numbers stored in Customer Maintenance to be tokens. In addition, all QuickRecall stored credit card numbers must be deleted, or set deletion to a certain number of days so after that time, the real credit card numbers are masked. If you have any credit card numbers in Eagle notes, those must be manually deleted.
Q: Does Transactional Security service make me exempt from PCI certification?
A: No, but it will reduce the certification process.
Q: What happens if Transactional Security is activated on my Eagle system, but only half of my pin pads are upgraded to iSC250s?
A: You can only run Transactional Security on the isc250 pin pads, and will be charged only for pin pads that have Transactional Security turned on.
Q: How do I void, return, or provide credit when all my credit card numbers are tokenized?
A: The process is the same, but instead of using the actual credit card number, you can now use the token numbers. For example, using Streamlined Returns where you swipe the bank card used on the original purchase, or Directed Refunds where the refund goes back to the original purchases bankcard, both process the same.
Q: What happens to hand keyed credit cards?
A: Any hand keyed credit card numbers on the pin pad will be encrypted and tokenized. Hand keyed credit card number in Eagle POS screen will not be encrypted or tokenized, so we recommend you hand key all credit cards on the pin pad. Your rates will still be hand keyed rates even though the cards are encrypted and tokenized.
Q: What about Seasonal Use Pin Pads?
A: If you have POS lanes or pin pads you only use for certain months of the year, Epicor will only bill you if you use the pin pads with Transactional Security that month. If you use the pinpad with TS only 1 day that month, then you will be billed for the entire month.
Q: Will Transactional Security work in Offline mode? (i.e. Eagle is offline or the Gateway is offline)
A: Yes, in offline mode, if you swipe, insert, or manually key in the bankcard number on the pin pad, the pin pad will encrypt the bankcard. This encrypted bankcard will be sent to the Gateway when Eagle and the Gateway are online again. One caveat in offline is that the bankcard encrypted in offline will not show the token in Quick Recall, it will only show the encrypted number, which has details of the original bankcard (first 6 numbers and last 4 numbers) but they cannot use the encrypted bankcard number in QR for returns or further charges. In offline mode, Epicor will have the encrypted card number but no key that allow our servers to reuse that encrypted card number again.
Q: If I sign up for the per pin pad option and if I add more pin pad or stores in the future, can I still buy per pin pad option for those stores?
A: Yes. After the promotion if you have the per pin pad option, you will be grandfathered into purchasing additional TS pin pads.
Q: Does Transactional Security work in Canada?
A: No, Transactional Security requires the transaction to go through the Epicor Gateway for decryption and tokenization. Canada currently is processed through Tender Retail
Q: Will Transactional Security convert my Quick Recall bankcard numbers?
A: No. These bankcard numbers (non-encrypted, encrypted, or truncated) will remain in QR until your QR storage is flushed of these bankcard numbers and everything in there has a token. For example, if you store 6 months of QR data, then you will not flush all these bankcards out of your QR data until 6 months later. The recommendation is that you encrypt or truncate this data and follow the PCI guidelines or manually remove the bankcard numbers.
Q: How do I remove the credit card numbers in Protobase?
A: You will need to contact the Eagle Advice Line to have them help you remove these old credit card numbers.
Q: If I turn off Transactional Security, will the tokens still work for refunds or returns?
A: No. The tokens cannot be untranslated to actual card number to be processed by your bankcard processor if TS is turned off.
Q: Why is Transactional Security not PCI certified?
A: As for PCI certification, HP/Voltage is the P2PE and Tokenization technology we use and they have chosen not to be certified because they believe the new PCI guidelines coming out in the next revision will not have certified P2PE/E2EE providers but have specific guidelines that P2PE providers must meet for PCI. The P2PE and Tokenization technology is similar for PCI certified and no PCI certified solutions. We do know that the P2PE and tokenization technology we use is the best we found and was the technology chosen by Home Depot.
Q: Why can't you do End to End Encryption instead of Point to Point Encryption?
A: We have chosen the HP/Voltage encryption and tokenization technology which is the one chosen by Home Depot. Because Epicor processes with various processors, who have all chosen different E2EE technology; i.e. Transarmor for FDMS, it would have been unmanageable and costly to code to every processor’s E2EE provider. The only option for true E2EE is for a POS provider to only work with one processor and force all of their customers to that processor or a retailer to use standalone terminals. Target can do E2EE because they are one giant company that has direct processing with one processor. Epicor decided to provide a choice of processors so retailers can shop for the best processing rates.