CC Masking

I can post the info when I get to work in a few hours..

First make sure you have Credit card masking turned ON (checked) at File | Configuration | Options | Gereral Options This will ensure the customers receipt will get masked. Then, you will need to edit the receipt.xml file using frontpage or notepad etc., to un-mask your copy as follows:

*Backup your receipt.xml file (in case of errors).

Locate the following line in the SUB: PrintCreditCard section (around line

288):

MaskCreditCard Tender.Descriptor.Description " " Tender.AccountNumberMasked Tender.Descriptor.Description " " Tender.AccountNumber

replace it with this: Tender.Descriptor.Description " " Tender.AccountNumber "Exp. Date: " Tender.Expiration

Save the file. Then go into the Manager application and re-set the receipt. Database| Registers | Receipt Formats etc... Re-start any running POS applications. Done.

root,

If you turn on masking in the Options | General section, it will mask the cc info in the database, so it will no longer be retrievable. Ever!

An easier way is to just mask the cc info on the receipt template. Mask Credit Card = True.

This is all going to become mute as 1.3 M$ is releasing next month, the credit card number is no longer stored in the db. After the card has been approved, it will be erased.

I did overlook/err the receipt masking setting location.... The principle remains.

Using this receipt technique there really is no reason to have the cc info stored in the database as it will be printed on the store owners copy of the receipt. Having the cc # stored unmasked in the database is a security risk.

This does bring up a question though. In RMS's current state. If cc#'s are stored masked. Is a void/return still be able to recall the masked cc# and void/return the sale? If so, RMS has the ability to un-encrypt the the #'s.

Deleting the cc #'s entirely may pose an even larger problem for retailers unless they use a receipt technique that prints the full information on the store owners copy (ideally inclulding swiped cardholder name!).

root,

But that's where security fixes the problem, you can setup security so that certain people cannot see the cc number.

No, RMS cannot retrieve the cc number if is encrypted in the db. That's why I suggested the other option,

Ya got that right! This is going to be a major issue. Stay turned!

You must also be careful of your state laws and credit card masking. Here in Alabama you must have the credit card number masked on all receipts otherwise you can be fined.

The number is masked on the receipt, but there is no law that says you can't store the credit card number if you're the merchant.

In fact, most credit card companies require the merchant to show proof that the credit card was present - usually in the form of a signed receipt which shows the credit card number. It's (usually) not illegal for the merchant to keep the number.

David

"Elizabeth" wrote:

David,

There is an argument within MS right now as to storage of cc numbers. Right now, starting with 1.3 that ships next month, all future cc numbers will no longer be stored in the database. They claim its Visa's new PCI regulations.

here is a link to the the PCI regulations as of 12 months ago

I did not read everything, but I saw nothing about NOT being able to store encrypted numbers with/without the ability to decrypt etc.

root,

Yep, that was my argument too!