Preparing Deacom for Credit Card Transactions

Credit card process flow PCI Standards and compliance Configuration Process Setting up credit card readers Completing the required accounting setup Preparing Deacomfor live transactions

Deacom provides the ability to process credit card transactions in order to handle various purchasing and sales payment scenarios including:

• Credit card pre-authorizations where shipment will occur at a later time or date.
• Prepayments and normal Cash Receipts using a credit card.
• Payment of standard Purchase Orders.

Credit card information is entered and processed in the system at different times, based on the scenarios listed above. These include:

• During order entry - For credit card pre-authorizations and normal prepayments and Cash Receipts.
• After order entry, prior to order shipment - For credit card pre-authorizations and normal prepayments and Cash Receipts.
• After order shipment and invoicing - For normal Cash Receipts.

Credit card Authorization and Capture setups allow companies to authorize the availability of funds for a transaction but delay the capture of funds until a later time. This is often useful for merchants who have a delayed order fulfillment process. Authorization and Capture also enables merchants to modify the original authorization amount due to order changes occurring after the initial order is placed, such as taxes, shipping, or gratuity. In addition, Authorizations and Captures are easier to modify or cancel. Once an authorization has been made, users can:

• Capture either a partial amount or the full amount of the authorization.
• Re-authorize for a different amount.
• Void the authorization, if the transaction needs to be canceled.

Credit card process flow

Deacom uses multiple payment gateways or platforms to transfer and process credit card information. We recommend the use of a test account to familiarize users with the different gateways available for use with Deacom. Information on the credit card process flow in Deacom, together with instructions on setting up test accounts and payment gateways is available in the "Process" section of this page. Information on using credit cards to pay for orders in Deacom is available via the Processing Sales Orders with Credit Cards and Processing Purchase Orders with Credit Cards pages.

The setup steps on this page should be performed by accounting team members once the appropriate test accounts and payment gateways have been created.

• Note: Users must remember to activate their account and configure the account for live transactions before accepting real orders. Additional information is available further down on this page.

The chart below illustrates the basic credit card process flow. Once credit card information has been entered and encrypted in Deacom, it is sent to the payment gateway, and then to the appropriate merchant bank(s), and finally to the cardholder's bank. Deacom uses five different payment gateways; NetEPay, PayFlow Pro, Payment WorkSuite, CardConnect, and Merchant Resource Center, while customers may choose whichever merchant and cardholder banks they wish.

PCI Standards and compliance

PCI Standards and Compliance refers to the Payment Card Industry Data Security Standard or PCI DSS. PCI DSS is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands.

Deacom meets all PCI compliance standards but to store credit card information in the system, each customer must be individually validated. Additional information may be obtained from the link provided above. In addition, Deacom stores credit card numbers in an encrypted format using the AES-256 standard. Customers who choose to use the credit card storage functionality in Deacom need to ensure that they have PCI compliant processes and hardware. The Deacom functionality (encryption, forms, transfer of data) that supports credit card processing meets PCI standards but ultimately it is the customer who is response for ensuring that their internal processes and procedures are PCI compliant.

Configuration

In order to use credit cards with Deacom applications, two sets of requirements must be met, both of which are covered on this page.

1. The first set involves the purchase and setup of credit card readers, the creation of test accounts, and finally, the setup of Credit Card Processors.
2. Once the first set of steps have been completed, the second set involves accounting setups to handle credit card transactions in the system. These steps are generally performed by members of the accounting team.

Credit Cards may also be added to Bill-to Company records. The Credit Cards tab on a Bill-to Company lists all of the credit cards that the customer has authorized the company to keep on file and charge per their agreed upon Terms.

• Note: When using a credit card for a one-time payment in Deacom, there is a "Remember Information" flag on the Enter Credit Card Information form. If this flag is checked, the credit card information will be written the Bill-to's Credit Cards tab once the order is saved for the selected customer. 

Process

Setting up credit card readers

Deacom supports the integration of credit card readers with the main application as well as the Point of Sale (POS) and eCommerce applications via an API. Customers should purchase PCI DSS compliant card readers. The Deacom recommended card reader hardware is MagTek Dynamag. Please consult Deacom before purchasing a different card reader to ensure compatibility.

In order to process credit cards in Deacom using card readers or pin pads, the following setup steps are required.

1. Install and run the Deacom Local service. Refer to Installing Deacom Local for process information.
2. Plug the pin pad or card reader into the PC.
3. Set up Credit Card Processors and pin pad(s) to support EMV and configure a DataCap processor as the default. Refer to the "Setting up Credit Card Processors" section of this page for process information.
4. Configure system fields (this step is optional), which may be required by customer's processes, including the "EMV Expression" and "EMV Timeout" fields in Sales Options.
5. Navigate to File > Settings and define the following fields: Pin Pad Com Port, Listener Port, Secure Device, and C.C. Processor. Once complete, click "EMV Parameter Download" and parameters should download correctly.

Completing the required accounting setup

Prior to processing credit cards transactions in Deacom, either in test or live mode, the information detailed below must be configured in the system.

• Sales Options - Fields and flags used in conjunction with processing credit cards.
  • On the Cash Register tab is the "Verbose EMV Logging" flag, the setting of which depends on company practices and requirements. When this flag is checked, Deacom will log all EMV requests and responses to a text file in (user profile)\AppData\Roaming\Deacom\.
  • Also on the Cash Register tab are the "EMV Expression" and "EMV Timeout" fields, which represent the expression used to specify the information that will be printed on sales documents when using DataCap Credit Card Processors, and the time in minutes that EMV transactions can be inactive before a user will be logged out of EMV transactions respectively.
• Accounting Options - On the Accounts Receivable tab are the "Pre-Payment Part" and the "Pre-Pay/Credit Term" fields. "Pre-Payment Part" represents the Part added to Sales Orders created by logging Payments on Account, while "Pre-Pay/Credit Term" represents the Terms set on a Sales Order when the "Pre-Payment" flag is checked on the Invoice/Pre-payment form.

• Credit Card Processors - Create the necessary Credit Card Processors, as detailed in the "Setting up Credit Card Processors" section.
• Terms - Define the Terms that will be used specifically for processing credit cards, paying close attention to the "Credit Card Process" and "CC Pre-Pay %" fields, which are used to indicate if the credit card will be pre-authorized. For process information on configuring Terms, refer to Managing Order Terms and Customer Credit. Note: Beginning in version 16.05.082, the Terms record contains a flag called "Re-Authorize Credit Cards on Back Orders". If this field is checked, the system will re- authorize the credit card used on the original order for any back orders, for the amount specified on the terms. If un checked, the system will create the back order, but will not perform any credit card authorizations against back orders. Additional information is available via the link in the preceding sentence.
• Payment Types - Create a Payment Type for each brand of credit card that the company is able to accept (Visa, MasterCard, American Express, etc.) via Accounting > Maintenance > Payment Types. The "Credit Card" flag must be checked to indicate that the Payment Type is a credit card, as only Payment Types identified as credit cards can be selected when adding credit cards to Bill-to Companies or when using a Terms code that requires a credit card payment at order entry or shipping. Additionally, a "Credit Card Mask", which is used to set the pattern of digits for the number of the credit card being used when adding stored card numbers to Customers or entering one-time card numbers against sales transactions, must be specified. For process information on configuring Payment Types, refer to Managing Order Terms and Customer Credit.
• Bill-to Companies - Add all credit cards that the customer has authorized the company to keep on file and charge per their agreed Terms to the Credit Cards tab on the appropriate Customer records. The "Number" data on this tab will appear as "Stored in card vault" and cannot be accessed through SQL Server Management Studio, per PCI standards. Once a credit card is entered and stored in the Card Vault, the number cannot be modified.

Once the above steps have been completed, credit cards may be processed in Deacom. It should be noted that a Sales Order inherits its Terms, including any automatic credit card processing requirements, from the Ship-to Company chosen at the time of order entry. Also, the "Sales orders -- change terms" security exists to prevent order entry clerks from changing the inherited Terms. More on security settings can be found at Managing Users and User Security.

Preparing Deacomfor live transactions

Once the integration between Deacomand the processor has been tested, users will need to contact the processor directly to obtain the appropriate non-test credentials prior to using that processor in a live environment.

For PayPal/PayFlow, Moneris/Merchant Resource Center

Once the integration between Deacomand PayPal/PayFlow/Moneris has been tested, users will need to ensure that the "Transact In Test Mode" flag, available on the Credit Card Processor form when selecting a "Processor" type of Payflow/Moneris, must be unchecked so that transactions flow through the live server at PayPal/Moneris and the credit cards used are charged.

Special Notes For PayPal/PayFlow

Prior to using that PayFlow in a live environment, the PayPal/PayFlow account must be activated. To activate the account:

1. Log in and on the "Home" page a "Your Account Status" box should be visible.
2. In that box an "Activate Your Account” button is available. Click this button and follow the steps to activate the account. 
   • The "Service Summary" box located underneath the "Your Account Status" box is a good reference check to ensure all the functionality/services are running in a live mode as opposed to test mode.