Encrypting Credit Cards

 		Top  Previous Topic  Next Topic

For: Levels 4 and Above

The credit card encryption feature is reached by selecting SECURITY >> CREDIT CARD ENCRYPTION SETTINGS from the Menu Bar on top of the screen.  (To un-encrypt credit cards, select SECURITY >> UN-ENCRYPT CREDIT CARD NUMBERS.)

The best procedure is to delete credit card numbers and expiration dates after the cards have been processed.  (Card Validation Codes should always be immediately deleted after processing.)

If, however, you need to keep card numbers for any given period of time, they should be kept in an encrypted form.  It's very important to guard the safety of your customer's card data.  Both industry standards and government regulations require that stored card data be encrypted.  AnyOrder has an encryption system built in which allows you to do that.

Card Numbers do not Need to be Un-encrypted to Process Cards

Note that you can encrypt numbers before processing credit cards.  During the authorization process, when AnyOrder comes across an encrypted number or expiration date, it will un-encrypt the number internally before sending it to the processing center.  You can also verify an encrypted number.  Once again AnyOrder will internally un-encrypt the number before running the verification process.  Finally, AnyOrder will un-encrypted an expiration date and tell you whether it is still current by clicking on the "V Button".  To provide additional security, in all of these cases, you don't actually see the number or the expiration date.

Encrypted Numbers Look Like a Series of Symbols

The encryption system internally saves the card numbers in a coded form.  The encryption system uses an encryption key based on your password.  (It's actually based on an encrypted form of your password which is a very long series of characters, numbers and symbols).  That means that the way in which card numbers are encrypted varies depending on the password.  Encrypted numbers in your data files will be different than the encrypted numbers in the data files of another AnyOrder owner.

When you look at the Card # or Exp Date fields on the Main Screen, and you see a series of symbols, it means the card number and expiration dates have been encrypted.  (Actually, you are only seeing a part of the encrypted number.)  Unless you need to re-enter a card number, just leave the symbols as they appear.

Removing Encrypted Numbers and Re-entering Card Numbers

If desired, you can remove the symbols.  Be sure to delete all of the symbols.  When all of the symbols are removed, AnyOrder figures you no longer want the card number and the field is now considered empty.

If you need to re-enter a card number or expiration date while encryption is on, you can do so.  It's not necessary to turn off encryption.  Just delete all of the symbols and then enter the number.  AnyOrder will later encrypt the newly entered number depending upon which option you've selected.

A Quick Test of the Encryption System

The first time you use credit card encryption, you should run a quick test to make sure that your Windows regional language settings are compatible with the encryption system.  To do so, select INVOICE TOOLS >> CREDIT CARD ENCRYPTION SETTINGS.  Click on the "Encryption Test" button.  AnyOrder will notify you if there are any problems and suggest an alternative method.  If the test is successful, you can select any of the encryption settings found on the dialog box.

Setting Up a User Name and Password

Before making a selection, you'll want to set-up a user name and password.  To do so, click on "Set-up Password."  Enter a user name from 1 to 15 characters in length.  Then enter your password.  Passwords can be numbers and characters. Both the user name and password are case sensitive. If you use a mix of capitals and lower case letters, you should write down exactly how you use them.

Level VI Users: Even if you have set-up an Administrator, you still need to enter a user name and password for credit card encryption.  The password is used as an encryption key.  If you have a small, one-person office, you can use the same name and password as you created for the Administrator.

If you'd like your user name to appear each time the encryption dialog box appears, place a checkmark beside "Show User Name."  That's handy since you don't have to enter both your user name and password.  You'll only need to enter your password.

When you are finished, click on OK and your user name and password will be saved in encrypted form.  If, some time later, you ever decide to change your password, you can click on the "Change Password" button.

Note:  when you change the password, AnyOrder will first un-encrypt all of your card numbers.  It needs to do this since the encrypted numbers are based on your password.  If the password is changed, then the numbers need to be re-encrypted using the new password as a key.  When you are finished changing your password, you can easily re-encrypt card numbers by using the "Encrypt All Cards" function found on the "Encryption Settings" dialog box.

Keeping the Password in Memory

On occasions, when you need to access encryption functions frequently, you may wish to keep your user name and password in memory.  That's done by placing a checkmark beside "Remember User Name and Password . . . "  AnyOrder will remember the user name and password each time you open the "Encrypt" or "Un-encrypt" dialog boxes.  When you no longer wish to the keep the password in memory, remove the checkmark.  AnyOrder will also automatically remove it from memory when you exit from the program

Encryption Settings Dialog Box

You have three encryption options:

1) No Encryption.

2) No Encryption, but hide credit card numbers

3) Encrypt numbers except for last four digits.

More details follow:

1) No Encryption. Credit card numbers are not encrypted.

2) No Encryption, but hide credit card numbers. You would use this option when you have a fairly secure office and computer system, but you want to add an extra measure of security so that credit card numbers can't be viewed by visitors that might come in the office.

When you select this option, the only part of the card number that can be seen on Main Invoice Screen is the last four digits.  The last 4 digits provide you with a way of identifying the customer's card number without showing the entire number.  That's the same way that credit card numbers appear on printed invoices.  In most cases, as long as you can see the last 4-digits, you'll have enough information to carry on transactions with your customer.

When you use this option, you can type in the individual's full credit card number on the invoice.  The entire number will remain visible as long as you stay on that invoice.  That allows you to re-check the number and make sure it is correct.  As soon as you move to another invoice, however, the first half of the number disappears, and from then on, you only see the last 4-digits.  If you ever need to see the full number, use SECURITY >> UN-ENCRYPT CREDIT CARD NUMBERS.

3) Encrypt numbers except for last four digits. In this case, AnyOrder will encrypt the credit number (except the last four digits).  If someone steals your business data files, they would not be able to use the credit card numbers since they are encrypted.

You have two additional preferences when you use this option.

A. If you select the first preference, the credit number will be encrypted when you move to a new invoice.  In other words, you can enter the customer's full credit card number on the invoice.  The full number remains visible until you move to another invoice.  Upon moving, the card number is encrypted and saved to the data file.  If you page back to the original invoice, you will see only the last four digits.

B. If you select the second preference (wait to encrypt numbers until exiting program) all new credit numbers are kept in an un-encrypted state until you exit.  For example, let's say you enter 10 credit card numbers.  You'll be able to see the full credit numbers as long as you have the program open.  As soon as you exit the program, the numbers will be encrypted.  (On a networked system, the card numbers are encrypted when all users have exited the program.)  When you re-start the program they will appear in their full encrypted form.  For identification purposes, you'll still be able to see the last four digits (which appear at the beginning of the encrypted number). This is the recommended method if you are using AnyOrder on a network.

You may be wondering why the last four digits appear first.  That's necessary for reporting purposes.  Any time the credit card field begins with a number, AnyOrder interprets it as a credit card number, even if has been encrypted.  Moreover, AnyOrder will be able to categorize the invoice as being paid by a credit card when it calculates itemized sales figures.  It will also calculate an average amount that is paid in credit card fees along with the itemized totals as long as you've indicated an average credit card fee percentage in Basic Setup.  When the credit card field starts with anything other than a number, then the invoice will not be included in those calculations.

To save your settings, click on "Accept Options."  Note that on a network, only one computer can be accessing AnyOrder when you save the settings.  The reason for this is that all computers must be coordinated to the same system.  Conflicts can result if computers on the network are running different encryption systems.

Once you select Option 3, you can indicate how many cards you want encrypted.  If you just want the card number on the current invoice encrypted, click on "Encrypt Current Card."  If you need to encrypt all of the cards, select "Encrypt All Cards."  The last choice is used if you have a large number of invoices.  It takes time to encrypt all card numbers in large files.  If you already have most of your cards encrypted, you can use this option to speed up the process, since only the most recent 200 cards are encrypted.

On a network, only one computer can be accessing AnyOrder to use "Encrypt All" or "Encrypt 200."  You can imagine what can happen if other users are entering credit card numbers and suddenly they turn up encrypted.  You can, however, encrypt one card at a time while on the network.

Copying Encrypted Card Numbers

You may find that you need to copy encrypted credit card numbers from time to time.  For example, if a customer orders once from you, and then orders again, he or she may ask that you use the same card number as the first order.  The most efficient way of creating a new invoice is to use the menu choice:  GO TO >> NEW INVOICE >> COPY ALL.  This will copy the encrypted credit card number with the rest of the information.  Once the number is on the new invoice, you can, if desired, un-encrypt the number.  That's done by using the "Un-encrypt" dialog box (described next).  This procedure works for both Option 3A (only 4-digits show) and Option 3B (full number shows).

You can also copy just the encrypted credit card number.  However, you must copy the entire encrypted number.  In other words, you can't copy the 4 digits that are displayed if you have encryption set to Option 3A.  If you are using Option 3A, you'll need to un-encrypt the number and then copy it.  If you have encryption set to Option 3B (show only the full encrypted number), you can copy the number.  To copy the number, you can use any method you desire.  You can use EDIT >> COPY or CTRL+C.  Or you can use right click menu choice (right click in the credit card blank) to copy the number, or to copy the number and the expiration date.

There is one thing you need to remember when it comes to pasting the number:  you must use the right click menu.  That's done by right clicking in the "Card/Exp" blank and using either of the following menu choices:  "Paste Number & Verify" or "Paste Number & Exp Date + Verify."  Note that you can not paste using CTRL+V  or  EDIT >> PASTE.  Pasting the coded characters of an encrypted credit number require a special paste which is only available by using the right click menu.  More information: Credit Card Menu.

Un-encrypt Dialog Box

If you need to view an encrypted credit card number, print the full number on a receipt, or export one or more card numbers to third party processing software, you'll need to un-encrypt them.

It is not necessary to un-encrypt cards to check for valid card numbers -- or if you use the internal credit card processor.  AnyOrder will do that for you automatically.  But for other purposes, un-encryption is necessary.

To get started, select SECURITY >> UN-ENCRYPT CREDIT CARD NUMBERS

The "Un-encrypt Credit Card Numbers" dialog box appears.  To undertake any of the processes on the dialog box, you'll need to enter your user name and password.

You have four options:

1. Un-encrypt CURRENT Credit Card. This will un-encrypt the card on the current invoice showing on the Main Invoice Screen.

2. Un-encrypt Cards on the 200 Most Recent Invoices.   Use this option when you need to view several recent card numbers.  This saves time when you have a large number of invoices since only the 200 most recent numbers are un-encrypted.  The cards will be re-encrypted when you exit the program.

3. Un-encrypt ALL Cards. This un-encrypts all the numbers in your data file.  This can be quite slow if you have a large number of invoices.  Cards will be re-encrypted when you exit the program.

4. Un-encrypt ALL Cards and turn OFF card encryption. This will un-encrypt all cards.  Additionally, the encryption feature will be turned off.  Cards will NOT be re-encrypted when you exit the program.

Note that if you select one of the last three options, AnyOrder will show the card numbers in their full, un-encrypted form.  In other words, you'll see all the credit card digits.  If desired, you can, at a later time, return to the Encryption dialog box and re-encrypt the card numbers.  Be aware, however, if you have Option 3A selected (whereby only the last four digits appear), AnyOrder will disregard that setting for the time being and continue to show the all of the number in its encrypted form.  That's necessary since AnyOrder is unable to run two separate encryption systems concurrently.  It always shows the entire encrypted number if two settings are in effect.  But, if you exit from the program, and then re-start it, AnyOrder will return to displaying the last four digits.

On a network, only one computer can be accessing AnyOrder to activate one of the last three options (options 2, 3, and 4).  Each of these options result in changing a considerable number of card numbers, and there is a remote possibility of encryption conflicts.  To protect your data, AnyOrder errors on the safe side and requires you to make global changes such as these with one computer only.

For network users, it is highly recommended (and a message will remind you to this effect) that, after finishing your work with the un-encrypted numbers, you exit from the program.  Then re-start it.  At this point, you and any other users on the network can re-connect to AnyOrder.  When the other users re-connect, all computers will be on the same encryption system.  While it is possible to have unencrypted numbers in one computer and encrypted numbers on another, it's not good practice to do so.  It's much safer to exit and then re-start your computer before other users re-connect.