The Payment Card Industry Data Security Standard, usually shortened to PCI, is a body of rules applied to payments that involve the processing of credit card transactions. The standard is supported by all major credit card organizations. It is the responsibility of the PCI Security Standards Council to increase security for payment and account information by providing information, training and educational advertising about the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc.
All commercial enterprises and service providers who store, submit or process credit card transactions must meet the requirements of this standard.
Please note that this standard is NO legal regulation. However, your point of acceptance
may require you to obtain PCI DSS certification as soon as you start accepting credit cards as a method of payment at your terminals. If you fail to obtain this certification, acceptance of credit card payments may ultimately be denied. Compliance with the rules is usually validated based on the company's volume of sales (e.g. annual credit card transactions of 1 M or more).
Having your terminals certified according to the PCI DSS will ensure that you are in compliance with the standard. It is, unfortunately, not possible to obtain PCI DSS certification for individual software applications such as SiteKiosk as the certification always applies only to package solutions consisting of hardware and software (your kiosk terminal). Certification can only be obtained from an approved scanning vendor (ASV). For a list of certified ASVs, click
here.
For more information, log on to
https://www.pcisecuritystandards.org/.
1.1 Hardware
You can enter the credit card information manually. We do, however, recommend that you use an ISO magnetic card reader to read the information.
Suitable card readers must only be capable of reading the 1st data track (track 1) of the credit card (exception: CreditCall). We support the following devices:
- All generic ISO magnetic card readers featuring RS232 interface (COM)
- Emulation by keyboard (magnetic stripe card reading keyboards) (usually PS2)
Some magnetic card readers merely transmit keyboard signals. SiteKiosk supports these special readers provided the corresponding driver can precede the card information with a certain set of characters.
For more information, click here.
- Type: Swipe card readers
- Producer: Magtek http://www.magtek.com
Model: Magstripe Swipe Card Reader Mini Port-Powered RS-232 & Mini USB (HID)
Model: Sureswipe (Part Number: 21040140) Reader HID (USB)
- Producer: Semtek
Model: Mini-Swipe Magnetic Stripe card readers RS-232
- Producer: Cherry https://www.cherry-world.com
Model: Cherry G81-7000/8000 keyboard with Magnetic stripe card reader (keyboard emulation)
- Producer: ID TECH http://www.idtechproducts.com
Model: MiniMag II, MagStripe Reader (IDMB-3351xx series, requires OPOS driver from ID TECH)
- Type: Insertion card readers
- Producer: Magtek http://www.magtek.com
Model: Magstripe Insert Card Reader MT-215 RS-232 & USB (HID)
Model: IntelliStripe 65 RS-232 & USB (direct & emulated COM-Port versions)
- Producer: Semtek
Model: Manual Insert card reader RS-232
Model: Manual Insert card reader USB (keyboard emulation)
- Producer: ID TECH's http://www.idtechproducts.com
Model: Spectrum RS-232 Hybrid Partial Insert Card Reader and SPT3-323 Insertion Reader (USB)
- Producer: Uniform Industrial
Model: MSR 152 RS-232 and MSR 152 USB
- Producer: Dione/VeriFone http://www.verifone.com
Model: Dione Secura PINPad RS-232 (for chip and PIN)
- Type: Motorized card readers
- Type: MagneSafe Readers
Special card readers that encrypt the credit card information while reading it, which increases security significantly and makes it easier to obtain PA-DSS certification if necessary. Can be used in combination with the Magensa.net Payment Protection Gateway (MPPG).
SiteKiosk supports HID readers with Security Level 3 which are compatible with MagneSafe V5. Contact Magtek for more information.
When using this type of reader, you should disable the option that lets you enter credit card information manually as the only data that will be encrypted is the data read directly by the reader.
We recommend that you use the credit card solution in combination with a card reader. Please install and configure the hardware corresponding to the requirements of the device you want to use. If you need further assistance, refer to the manual that comes with the device as well as the website of the respective manufacturer.
3.1 General
To configure credit card settings, go to the Payment Module page in the configuration and select the entry "
Credit card: ISO/MagTek/etc." from the list of available devices and click on
Customize.
The green dot next to the entry for the device indicates that the payment device has been enabled.
You will need access to a payment processing gateway if you want to be able to use the credit card device. This is because credit card debiting over the Internet is only possible through such gateways. Here is how the payment process usually works:
- Customers enter their credit card number or swipe the card through the reader to provide the necessary information.
- The information stored on the card and the amount due will be sent online to the payment processing gateway along with your merchant ID.
- The payment processing gateway will check the information and the amount and will, if the checking process succeeds, debit the amount due and credit it to your merchant ID.
Advantage: False or stolen credit cards will automatically be rejected.
- The payment processing gateway will send feedback whether the amount could be debited or not. Best of all, this process will only take a few seconds!
- If the checking process is completed successfully, SiteKiosk will automatically credit the amount to the account of the Internet terminal.
- A few days later, you will receive a credit note on your bank account (minus the fees charged by your credit card company (MasterCard, Amex, etc.) and the payment processing gateway).
Some gateways allow users to send a comment or description. In order to let a number of terminals use the same configuration while the comment/description can be used to identify a single terminal you can use
$(computername)
for the computer name,
$(computerguid)
for the computer GUID,
$(ipaddresses)
for the IP address of the terminal and
$(fqdn)
for the Fully Qualified Domain Name of the computer.
CUSTOM SCRIPT SETTINGS
The custom script allows you to implement an individual credit card payment solution, e.g. transferring the card data to an existing payment/shop system, or any credit card gateway. The communication with the gateway needs to be done according to the Software Development Kit (SDK) provided by the gateway. The
SiteKiosk Object Model must be used to add the credit under SiteKiosk.
If manual input of the credit card data is used the transaction with the gateway must be done according to the SDK of the gateway. After the successful transaction the SiteKiosk.Plugins("SiteCash").Credit(amount) function of the SiteKiosk Object Model can be used for the amount transaction in SiteKiosk.
If a credit card reader is used, SiteKiosk fires the SiteKiosk.Plugins("SiteCash").Devices("CreditCard").OnCardSwiped = handler event if a card has been swiped. SiteKiosk then provides access to all credit card information that is necessary to complete a transaction successfully. Please proceed in the same way as described for manual input.
Example:
The following example writes the credit card number to the SiteKiosk log file after a card has been swiped.
|
creditcard = SiteKiosk.Plugins("SiteCash").
|
|
Devices("CreditCard");
|
|
creditcard.OnCardSwiped = OnCardSwiped;
|
|
function OnCardSwiped(ccardinfo)
|
|
{
|
|
SiteKiosk.Logfile.Notification
|
|
SiteKiosk("Credit Card Number: " + ccardinfo.Number);
|
|
}
|
SETTINGS SecureTrading
After applying for a merchant account with Secure Trading, you will receive a user name and password along with your site reference ID. Please note that starting with SiteKiosk 8.5, SiteKiosk only supports the new STPP payment process method of Secure Trading. Please contact Secure Trading to learn how to switch from the old ST2K process to STPP.
The Card Security Code Validation (CVC) is available as an additional security option.
Another option is to enable automatic email confirmation. You will then receive an email containing the corresponding information after the completion of every credit card transaction.
You can also delay the actual charge.
If you require this information in order to identify a transaction more easily, you can also receive a description that includes, for instance, the computer name.
The Card Security Code Validation (CVC) is available as an additional security option.
SETTINGS DIBS Payment Services
The use of DIBS requires that you enter your merchant information, login ID and password.
To increase security, you can also incorporate an optional MD5 signature.
The Card Security Code Validation (CVC) is available as an additional security option.
If your payment gateway account supports the
3-D Secure procedure, you can activate this feature here. The timeout determines how long SiteKiosk is supposed to wait for the user to type in the 3-D Secure password.
SETTINGS Authorize.Net
Complete the fields based on the information you received when signing up at Authorize.net. Please select the credit cards you wish to allow as well.
Authorize.net offers better terms if there is proof that the selected credit card actually exists (CardPresent). In this case, customers CANNOT type in their credit card number but will have to use a magnetic stripe reader. If you like to use this option, choose it when you sign up your Authorize.Net account.
Important: If you want to enable only the Credit Card Present payment option, you also have to disable the option "Enable manual input of credit card information" in the main credit card dialog box (Credit Card Payment).
Authorize.net also allows you to enable a test mode. This option lets you carry out billing without actually debiting the card.
To increase security, enter the MD5 signature and the referer URL as well. Authorize.Net can arrange for you to receive this additional information.
Attention:
The MD5 value does not secure the credit card transaction, but merely ensures that the response is sent from the correct server. This means that by the time SiteKiosk discovers that the MD5 values do not match, the transaction will have already been completed and the credit card will have been charged as the transaction is triggered on the server end. There is nothing SiteKiosk can do about that. SiteKiosk will then, however, not credit this transaction as it is suspected to be manipulated. We, therefore, urge you to test drive the feature when using MD5 verification.
If you require this information in order to identify a transaction more easily, you can also receive a description that includes, for instance, the computer name.
SETTINGS iPayment
iPayment provides you with access to your own personal online admin menu. As this menu can be run in test mode as well, you can practice posting amounts without actually crediting them to a user's account.
In addition to specifying the credit cards that will be accepted, you can define the text that is to appear on your customer's credit card bill (will NOT appear in your transaction report). However, the information given under 'Send comment with transactions' will appear in your transaction report you receive from iPayment. Other information that can be included comprises the computer's IP address and the time and date of the transaction.
The Card Security Code Validation (CVC) is available as an additional security option.
iPayment will ignore credit card transactions that are submitted in rapid succession if they are sent from the same IP address. However, if you use a router, you may have to disable this function. In order to do that, you will have to open SiteKiosk's configuration file .skcfg. Look for the following entry:
<disable-fraud-detection>false</disable-fraud-detection>
and set this value to "true.
SETTINGS PayPal Payflow Pro
Log on to your Payflow Pro Gateway account to sign up for your own merchant account. Once you have registered, you will receive the partner ID that is associated with your merchant account.
Payflow Pro also allows you to enable a test mode. This option lets you carry out billing without actually debiting the card.
The transaction comment allows you to track from which terminal a transaction is posted. The comment fields should not contain any special characters.
The Card Security Code Validation (CVC) is available as an additional security option.
SETTINGS Moneris Solutions
Complete the fields based on the information you received from Moneris after signing up for an account. This information includes Store ID and Api Token. Please select the credit cards you wish to allow as well.
Moneris also allows you to enable a test mode. This option lets you carry out billing without actually debiting the card.
SETTINGS SecurePay
Complete the fields based on the information you received from SecurePay after registering with them (e.g. merchant, password).
Please select the credit cards you wish to allow as well.
SecurePay also allows you to enable a test mode. This option lets you carry out billing without actually debiting the card.
SETTINGS CreditCall
Please fill out the designated fields for Terminal ID and CreditCall key. Change the Server URL field to the URL assigned to you. By default, the field for Server URL contains a CreditCall test URL that you can use together with the test mode. Note that CreditCall may change that URL. You can enter the URL that is currently up to date here.
The Card Security Code Validation (CVC) is available as an additional security option.
To use chip and PIN, please select, for instance, the Dione Secura card reader in the main dialog box that lets you pick credit card options and select the setting Use an ICC reader.
SETTINGS DPS PaymentExpress
Enter user name and password in the designated fields.
The transaction comment allows you to track from which terminal a transaction is posted. The comment fields should not contain any special characters.
The Card Security Code Validation (CVC) is available as an additional security option.
SETTINGS Magensa.net Payment Protection Gateway (MPPG)
Please enter host ID and host password as well as merchant ID and password. Next select the cards you would like to accept.
The transaction comment allows you to track from which terminal a transaction is posted. The comment fields should not contain any special characters.
The Card Security Code Validation (CVC) is available as an additional security option.
Please note that the CVC dialog will only be shown if the card data has been typed in manually.
SETTINGS PayPrin AxisGwy
Complete the fields based on the information you received when signing up at PayPrin. Please select the credit cards you wish to allow as well.
PayPrin also allows you to enable a test mode. This option lets you carry out billing without actually debiting the card.
If you require this information in order to identify a transaction more easily, you can also receive a description that includes, for instance, the computer name.
3.3 Input options
This option refers to the way the user can provide card information. SiteKiosk supports two different types of input:
- Enable manual input of credit card information
We implemented this option in order to make it possible for you to employ this method of payment even though you did not connect a magnetic card reader to your system. If you choose this option, the user will have to enter card information by hand in order to make use of this payment option.
- Use a magnetic card reader
SiteKiosk provides support for all generic RS232 (COM port) magnetic card readers. At present, the only supported USB device is a card reader made by MagTek. The information stored on the card can be read with any magnetic card reader capable of reading track 1.
Press the Test button to check if the reader you connected functions properly.
- Use an ICC reader
Enable the ICC reader (integrated circuit card reader) option if you, for example, want to use the CreditCall Chip and PIN solution with the Dione Secura card reader.
3.4 Payment dialog boxes
The user will see the payment dialog box immediately after the card is swiped or ENTER is pressed in the payment dialog box.
- Minimum amount
You can set a minimum amount that will be charged to your customer's credit card if this method of payment is used. As a result, the customer will not be able to choose an amount that is lower than the one you specify here.
- Maximum amount
You can set a maximum amount that will be charged to your customer's credit card if this method of payment is used. The customer will, therefore, not be able to choose an amount that is higher than the one you specify here.
- While picking amount, change value in increments of X
Your customer can use PLUS and MINUS buttons to decide on the value of the debit amount. This option lets you specify the increments by which the amount due is supposed to be raised and lowered, respectively, as soon as the user presses the MINUS or PLUS button.
- Charge an additional fee for paying by credit card (processing fee)
This option lets you specify an additional surcharge (fee) for credit card payment. This fee will not be credited to the surfing account. It serves the purpose of passing on to your customers the additional costs you will have to cover for the credit card transaction.
3.5 Email receipt settings
The payment module also allows you to send an email receipt to your customers when a transaction is completed.
- Enable email receipt
Provided the box is checked, the customer can have a receipt about the completed transaction sent by email (optional). Please note that since the payment module will apply the general email settings you specified in the Configuration Wizard, you will have to make sure you entered the correct account information.
- Edit email receipt template
You can adjust the receipt template to your individual requirements. The template's default body is written in English. Note that the values in curly brackets will automatically be provided by the system:
|
Thank you for using our service!
|
|
This is an automatic receipt for payment
|
|
of Internet terminal usage. Please keep it
|
|
for your records.
|
|
|
|
Merchant: {0}
|
|
E-Mail Contact: {1}
|
|
Transaction Date/Time: {2}
|
|
|
|
Description: Usage of Internet Terminal
|
|
Credit Card Used: {3}
|
|
|
|
Total Amount: {4}
|
- {0} = String you specified under MERCHANT.
This usually is your company name.
- {1} = String you specified under E-Mail address.
This will allow your customers to contact you should they, for example, have any questions.
- {2} = Auto value: Date and time of the transaction.
- {3} = Auto value: Credit card number used. For security reasons, parts of the number will be depicted as XXX.
- {4} = Auto value: Amount debited to the card.
You may find it useful in some cases to include your complete company address in the text.