EDC Enhancement Release v6.4

EDC Enhancement Release v6.4 Last Modified: December 17, 2009 Table of Contents Purpose of This Document ...............................................
Author: Liliana Anthony
5 downloads 2 Views 560KB Size
EDC Enhancement Release v6.4 Last Modified: December 17, 2009

Table of Contents Purpose of This Document .................................................................................................. 3 List of Enhancements by Product ...................................................................................... 5 Supporting RBS Lynk for Debit Cards, RFID, and AVS Verification ............................... 6 Supporting Amex CAPN Requirements ............................................................................. 9 Supporting Comdata (SVS) Gift Cards Over SSL ........................................................... 12 Enhancing Audit Logging in EDC .................................................................................... 14 Supporting RFID with Amex ............................................................................................. 15 Masking CC Numbers in EDC Transaction Report ......................................................... 16 Supporting Nova Over SSL ............................................................................................... 17 Supporting Amex Authorization and Settlement Over SSL ........................................... 21 Supporting ISO Field 62.23 for Visa and BA Merchant Services ................................... 24 Including Required Fields on the Guest Check for Chip and PIN ................................. 25 Supporting Amex Partial Authorizations ......................................................................... 26 Supporting DE22 Field for BAMS and TSYS ................................................................... 29 Creating Installation Method For Standalone EDC Modules ......................................... 30 Supporting All Processors with No Physical Modem Installed ..................................... 31 Aloha EDC Checks Network Configuration with Ping Frequency ................................. 32 Supporting Settlement Summary Report ........................................................................ 33 Implementing AES 256 Encryption .................................................................................. 35

Page 1

Copyright ©2009, Radiant Systems, Inc. The information contained in this publication is confidential and proprietary. No part of this document may be reproduced, disclosed to others, transmitted, stored in a retrieval system, or translated into any language, in any form, by any means, without written permission of Radiant Systems, Inc. Radiant Systems, Inc. is not responsible for any technical inaccuracies or typographical errors contained in this publication. Changes are periodically made to the information herein; these changes will be incorporated in new editions of this publication. Any reference to gender in this document is not meant to be discriminatory. The software described in this document is provided under a license agreement. The software may be used or copied only in accordance with the terms of that agreement. © Radiant Systems, Inc., 2009 All Rights Reserved. ALOHA® is a U.S. Registered Trademark of Radiant Systems, Inc. MenuLink® is a U.S. Registered Trademark of Radiant Systems, Inc.

Page 2

Purpose of This Document

Purpose of This Document This document contains instructions on how to set up and use the enhancements implemented in the EDC v6.4.x enhancement release. In some instances, we combine features together to better explain the new enhancements. When applicable, we include a scenario, how to configure the feature in Aloha® Manager, how to use the feature in the Front-of-House (FOH), and references to other materials to fully implement the feature. This document is not intended to fully explain a particular function or other options available or surrounding the function. For your convenience, the material for each enhancement begins on a new page, so you can properly remove and distribute the material to the necessary recipients. This document does not guarantee the options discussed are in the same location, nor that the functionality remains the same due to enhancements implemented in future versions of the affected products.

EDC Version Compatibility and Dependencies Beginning with Aloha EDC versions 6.4 and later, EDC adopted a policy of assured backwards compatibility with Aloha POS versions 6.1.23 and later, 6.2.16 and later, and 6.4.7 and later. Generally speaking, you can upgrade to a newer version of EDC to take advantage of new features, and to comply with new processor requirements, without having to upgrade the POS. However, some new features require an upgrade to both the EDC and POS products. Although you must upgrade your HASP key to Aloha v6.4 to run Aloha EDC v6.4, this change in license status does not require you to upgrade the POS to Aloha v6.4. Refer to RKS ID10265 “Aloha EDC and Aloha Point-of-Sale Version Compatibility and Dependencies” for clarity on POS and EDC version compatibility. Refer to the EDC Enhancement Release v6.4 document for detailed information on the EDC enhancements in v6.5.

Installation Methods for Aloha EDC v6.4 You can create an Aloha Update executable file to install Aloha EDC v6.4, or you can install it manually, if you have the component files. We recommend you use the Aloha Update method, as this process uses the rollback feature to restore the previous version immediately, if it encounters any problems. The rollback feature can help you avoid downtime in your business, if the upgrade does not proceed as expected. Refer to the Aloha Update documentation for information about how to create, configure, and use an Aloha Update executable file to upgrade your current EDC installation. Use the following procedure, if you decide to install EDC v6.4 manually, without using an Aloha installation CD: 1. Process all outstanding transactions, and settle all pending batches. This step is of extreme importance, to avoid losing sales data. 2. Stop POS Processing, in EDC. 3. Unregistered Deceiver. 4. Install all prerequisites on the BOH file server: a. Microstate.NET Framework 2.0 (required by processors using the Universal Payment Interface (UPI). b. Microstate Visual C++ Redistributive 2005 SP1 (as VCRedist_x86.exe). EDC Enhancement Release v6.4

Page 3

Purpose of This Document

5. Use an Aloha Update file to upgrade your EDC installation, as described in the Supporters document, ‘Aloha Update.’ Or Place the following files into the %Iberdir%\Bin directory, on the Aloha BOH file server, replacing any existing files of the same name: a. AmexAlohaUPI.dll. Place this file in the %Iberdir%\Bin directory only if you want to use the new CAPN, high speed authorization, settlement, and prepaid card functionality. b. ChillkatDotNet2.dll. c. Dbghelp.dll. d. Edc.exe. e. Edcsec.dll. f. EdcSvr.dll. g. EdcSvr.UpiClient.Interop.dll. h. EdcSvrps.dll. i. Ipwssl6.dll. j. Log4net.dll. k. NovaAlohaUPI.dll. Place this file in the %Iberdir%\Bin directory only if you want to use the new Nova functionality. 6. Register EDCSvr. This step is required, regardless of installation method used. 7. Start POS Processing in EDC. Refer to Radiant Knowledge System document number 5989 for more information about how to unregister and register Aloha application files. If you upgrade to EDC v6.4, and then use Aloha Update to upgrade your Aloha POS to a version earlier than 6.4, this installation overwrites your previous EDC v6.4 installation. You must reinstall EDC v6.4 after upgrading your Aloha POS, but before you begin accepting transactions for the new business day.

EDC Enhancement Release v6.4

Page 4

List of Enhancements by Product

List of Enhancements by Product Version

RFC Number Description

EDC v6.4

RFC 45770

EDC v6.4 EDC v6.4

RFC 46228 RFC 60111 RFC 48033

EDC v6.4

RFC 48425

“Enhancing Audit Logging in EDC” on page 14

EDC v6.4

RFC 49589

“Supporting RFID with Amex” on page 15

EDC v6.4

RFC 50130

“Masking CC Numbers in EDC Transaction Report” on page 16

EDC v6.4

“Supporting Nova Over SSL” on page 17

EDC v6.4

RFC 51827 RFC 59408 RFC 53642 RFC 65055 RFC 56704 RFC 58064 RFC 58678 RFC 58679 RFC 58677 RFC 59804 RFC 59805 RFC 60176 RFC 59747 RFC 62484 RFC 60229 RFC 60230 RFC 60376

EDC v6.4.10

RFC 63977

EDC v6.4.2 EDC 6.5.1 EDC v6.4.4 EDC v6.5.1 EDC v6.4.7

RFC 63978

EDC v6.4 EDC v6.4 EDC v6.4

EDC v6.4 EDC v6.4

“Supporting RBS Lynk for Debit Cards, RFID, and AVS Verification” on page 6 “Supporting Amex CAPN Requirements” on page 9 “Supporting Comdata (SVS) Gift Cards Over SSL” on page 12

“Supporting Amex Authorization and Settlement Over SSL” on page 21 “Supporting ISO Field 62.23 for Visa and BA Merchant Services” on page 24 “Including Required Fields on the Guest Check for Chip and PIN” on page 25

“Supporting Amex Partial Authorizations” on page 26 “Supporting DE22 Field for BAMS and TSYS” on page 29 “Creating Installation Method For Standalone EDC Modules” on page 30

RFC 66183

“Supporting All Processors with No Physical Modem Installed” on page 31 “Aloha EDC Checks Network Configuration with Ping Frequency” on page 32 “Supporting Settlement Summary Report” on page 33

RFC 67834

“Implementing AES 256 Encryption” on page 35

EDC Enhancement Release v6.4

Page 5

Supporting RBS Lynk for Debit Cards, RFID, and AVS

Supporting RBS Lynk for Debit Cards, RFID, and AVS Verification Version

RFC Number

Products

Audience

EDC v6.4

RFC 45770

Aloha QuickService, Aloha TableService, Aloha EDC

Configuration Technicians Store Managers

You can now configure the RBS Lynk processor for the following: • • •

Debit Cards Radio Frequency Identification (RFID) chips Address Verification System (AVS) The codes for the RBS Lynk and Visanet processors are very similar. Because of this, you should not configure both of these processors on the same EDC server as this could cause problems with the batch number sequence. If you must use both processors, configure an incremented number in the ‘Store Index’ option on the ‘Select Processor to Add’ dialog box, as you would if you have two of the same processors.

Configuring RBS Lynk for Debit Cards The Aloha system supports the use of debit cards in QuickService and TableService for certain processors. You can accept debit transactions for purchases, and apply tips to debit transactions. You can also permit ‘cash back’ requests with debit cards. The Aloha system uses EDC (Electronic Draft Capture) to accomplish debit card transactions, using many of the same settings and features used with traditional credit cards. The major difference between debit and credit transactions is that EDC does not settle debit transactions in the same way it does credit transactions. Debit transactions occur immediately upon approval. For this reason, when the system is in spool-down, it disallows debit transactions, as it is not possible to verify the status of the debit account. To respect account security requirements, the Debit Card feature requires the system to read the debit card with a magnetic stripe reader, with the customer subsequently entering their PIN number on a VeriFone© PINpad©. The system does not allow manager override for manual card number entry or card authentication. For RBS Lynk, you must configure the processor to process transactions via SSL using socket connections, instead of post commands. Refer to the Debit Cards Feature Focus Guide for more information on configuring and using debit cards.

EDC Enhancement Release v6.4

Page 6

Supporting RBS Lynk for Debit Cards, RFID, and AVS

To configure RBS Lynk for debit cards: 1. Launch Aloha EDC. 2. Select File > Stop POS Processing, if POS processing is active. 3. Select Configure > Cards. The Assign Cards to Processor dialog box appears.

Figure 1 Assign Cards to Processor Dialog Box

4. 5. 6. 7.

Select RBS LYNK from the ‘Debit’ drop-down list. Click OK. Select File > Start POS Processing to resume processing transactions. Exit Aloha EDC.

Configuring RBS Lynk for RFID RBS Lynk supports contactless credit cards equipped with radio frequency identification (RFID) chips that allow guests to pay by tapping their card against a proximity reader device. These cards are also referred to as tapped cards. When configured, the device captures the credit card number, name of the cardholder, and the security code needed to charge against the guest’s account. The Aloha system supports the VivoPay 4000 and 4500 proximity readers, mounted as a stand-alone device or attached to the POS terminal. ‘M’ models also include a magnetic card reader within the devices. Benefits of using proximity readers: • • • •

Increases confidence among guests who are not comfortable with handing their card to employees for fear of credit and identity theft. Captures all required credit card information, such as card number and security code, needed to reduce the transaction fee charged to the restaurant. Increases speed of service, which improves customer loyalty and transaction turn-around times. Entices guests to pay with credit purchases, which has proven to lead to higher check averages. Refer to the Radio Frequency Identification (RFID) Feature Focus Guide for more information on configuring and using cards with radio frequency identification chips.

EDC Enhancement Release v6.4

Page 7

Supporting RBS Lynk for Debit Cards, RFID, and AVS

Configuring RBS Lynk for AVS To increase fraud protection, many credit card companies offer reductions in credit card fees to merchants if they submit the cardholder ZIP code with the transaction for verification. This verification is referred to as an Address Verification System (AVS). As of this writing, the Aloha system is AVS certified with the following processors: • • • •

AlohaNet (Universal Payment Interface) Visanet BA Merchant Services (formerly known as NPC) RBS Lynk (formerly known as Lynk Systems) Refer to RKS ID 7316 Supporting Credit Card Address Verification for more information on configuring and using cards with AVS.

EDC Enhancement Release v6.4

Page 8

Supporting Amex CAPN Requirements

Supporting Amex CAPN Requirements Version

RFC Number

EDC v6.4.1 RFC 46228 RFC 60111

Products

Audience

Aloha EDC

Store Managers

The Card Acceptance Processing Network (CAPN) is a set of requirements mandated by American Express (Amex), to ensure processing Amex transactions according to their new security standards. The new requirements impact anyone processing direct to American Express for authorization. The deadline for this requirement for Aloha customers is July 31, 2008. This deadline, and these requirements apply only to customers processing directly to American Express for authorizations. If you are processing Amex charges through another processor, your system is already CAPN compliant. Any transactions submitted directly to Amex for authorization after July 31, 2008 that do not conform to the CAPN format are subject to non-compliance, or ‘downgrade,’ fees, for which the merchant is responsible. To support the CAPN requirements, Radiant Systems made the necessary modifications in EDC v6.4.

Obtain a New Merchant ID from American Express Before you attempt any installations or upgrades to comply with CAPN requirements, you must contact American Express, and obtain authentication elements for your site. Each site must have a Submitter ID, and a unique user name and password, all of which must come directly from American Express. Contact your American Express representative for a copy of this request form.

Prepare for the Upgrade While you are waiting to receive site authentication elements from American Express, you can accomplish the following, in preparation for the upgrade:

‰ Install Microsoft® .Net Framework, v2.0 on the Aloha BOH file server. ‰ Install Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) on the Aloha BOH file server. This file is available on the Aloha installation CD, v6.2 and later, as file name ‘VCRedist_x86.exe,’ and also on the Radiant FTP site. ‰ Establish high-speed Internet service for EDC to use for authorization and settlement.

CAPN information required at settlement includes the location, city, and state. Please ensure this information is filled out correctly in EDC>Configure>Store>Store Information. Settlement will not process without this information. Refer to RFC 53642, “Supporting Amex Authorization and Settlement Over SSL” on page 21 of this document, for related information about authorizing and settling direct to Amex over SSL.

EDC Enhancement Release v6.4

Page 9

Supporting Amex CAPN Requirements

Install Aloha EDC v6.4 After satisfying all prerequisites listed above, you are ready to upgrade EDC to v6.4. Upon upgrade, the system is in the CAPN-compliant state, by default. It is of the utmost importance to process and settle all EDC transactions before you upgrade Aloha EDC or the Aloha POS to v6.4, to avoid losing transaction data. We recommend performing all upgrades after running End-of-Day (EOD), and before the start of the next business day.

What If I Upgrade Aloha or EDC Before Satisfying Prerequisites? You may intentionally or inadvertently upgrade to Aloha EDC v6.4 before satisfying all of the prerequisites listed above. If this occurs, use the following procedure to temporarily disable CAPN: 1. Select File > Stop POS Processing, in Aloha EDC, to stop EDC POS processing. 2. Navigate to the %Iberdir%\Bin directory at a command prompt, and use the following commands, in the order listed, to unregister EDCSvr. a. EDCSvr.exe /UNREGServer b. RegSvr32.exe /U EDCSvrPS.dll c. RegSvr32.exe /U EDCSec.dll 3. Stop the EDC service, (EDCSvr.exe). 4. Move AmexAlohaUPI.dll from the \Bin directory to a neutral directory, such as %Iberdir%\Tmp. You will need to restore this file to the \Bin directory, when you re-enable CAPN. 5. Navigate to the %Iberdir%\Bin directory at a command prompt, and use the following commands, in the order listed, to register EDCSvr to run as a service. a. EDCSvr.exe /SERVICE b. RegSvr32.EXE EDCSvrPS.dll c. RegSvr32.exe EDCSec.dll Or Use the following commands, in the order listed, to register EDCSvr not to run as a service. a. EDCSvr.exe /RegServer b. RegSvr32.exe EDCSvrps.dll c. RegSvr32.exe EDCSec.dll 6. Start the EDC service. 7. Select Configure > Processor > Amex > OK in Aloha EDC, and verify the Amex processor is still configured for the type of processing you were using prior to the upgrade. 8. Select File > Start POS Processing in Aloha EDC. Amex will now use the pre-CAPN functionality.

Refer to RKS 5989 for more information about registering and unregistering Aloha applications.

EDC Enhancement Release v6.4

Page 10

Supporting Amex CAPN Requirements

After satisfying all prerequisites, use the following procedure to re-enable CAPN functionality: 1. Process and settle all EDC transactions and batches before proceeding. This step is of utmost importance, to avoid losing transaction data. Refer to the Caution note, above. 2. Select File > Stop POS Processing, in Aloha EDC, to stop EDC POS processing. 3. Unregister EDC (refer to the previous procedure for these commands). 4. Stop the EDC service. 5. Return AmexAlohaUPI.dll to the %Iberdir%\Bin directory. 6. Register EDC. 7. Start the EDC service (refer to the previous procedure for these commands). 8. Select Configure > Processor > Amex > OK, and select the General tab to enter the Submitter ID, as received from Amex, and make any other changes, as required. 9. Select the TCP/IP tab, and configure EDC to use high-speed authorization and settlement with Amex. 10. Type the user name and password received from Amex on the TCP/IP tab. 11. Select File > Start POS Processing in Aloha EDC. Amex will now use the CAPN functionality.

Frequently Asked Questions: Why do some processors have ‘no action required?’ Some processors are handling the changes required on the host side which means the processor passes the required information to the card brand and no software changes to EDC are currently required. Why is the upgrade due date later than the deadline listed on mandate? Some processors or Aloha clients have received extensions by American Express or by Visa. If I authorize and settle through different processors, what action is required? Compare both processing companies and follow Radiant’s upgrade recommendation in the table above. Will I still be able to process cards if I do not upgrade Aloha? There will be no interruption in the processing of the cards; however, processors may assess downgrade rates or fees. What should I do if my processor is not listed? We are working to obtain additional information for other processors. You may contact the POS Product team using [email protected] Who can I contact if I have questions? You may contact the POS Product team using [email protected]

EDC Enhancement Release v6.4

Page 11

Supporting Comdata (SVS) Gift Cards Over SSL

Supporting Comdata (SVS) Gift Cards Over SSL Version

RFC Number

Products

Audience

EDC v6.4

RFC 48033

Aloha QuickService, Aloha TableService, Aloha EDC

Configuration Technicians Store Managers

As technology advances in the industry, many customers now authorize transactions solely with a DSL line to the public Internet, using a secure socket layer (SSL) connection, and do not install a modem for backup. Prior to EDC v6.4, sites that use Comdata gift cards could only send transactions via a dialup or a TCP/IP frame relay connection, both of which do not access the public Internet. You can now configure Comdata gift cards to authorize over an SSL connection. As of Aloha EDC v6.4, the processor interface for Stored Value Systems reflects its current title of ComData. To configure the Comdata processor to support gift card transactions over SSL: 1. 2. 3. 4.

Log in to Aloha EDC. Select Configure > Processors. The Select Processors dialog box appears. Select Comdata and click OK. The COMDATA dialog box appears. Select the TCP/IP tab.

Figure 2 Comdata Dialog Box

5. Select Connect using SSL (Secure Socket Layer).

EDC Enhancement Release v6.4

Page 12

Supporting Comdata (SVS) Gift Cards Over SSL

6. Type the primary URL for SSL authorizations in the ‘Host’ text box. The system defaults to pos.tnsi.com and is obtained by the processor. 7. Type the TCP port number for SSL authorizations. A valid range is 0 to 65535. The default is 5190 and is obtained by the processor. 8. Click OK and exit Aloha EDC. When you authorize a Comdata gift card via SSL, the system uses the URL and port to attempt a connection. If the connection fails or times out, the system ‘failovers’ to dialup.

EDC Enhancement Release v6.4

Page 13

Enhancing Audit Logging in EDC

Enhancing Audit Logging in EDC Version

RFC Number

Products

Audience

EDC v6.4

RFC 48425

Aloha EDC

Configuration Technicians Store Managers

The configuration of EDC, as it relates to PCI DSS security, is of vital importance. If mis-configured, EDC may not work properly, but it is also possible to use EDC for less than legitimate purposes. For this reason, EDC records all program activities, such as: • • •

The date, time, and from which terminal an employee logs in or out. The menu options the employee selects. The actions performed in the Aloha EDC program.

It is not possible to disable the capturing of this information. After you install EDC v6.4, EDCSvr captures this information and stores it in the Debout.edc file.

Figure 3 Debout.edc

EDC Enhancement Release v6.4

Page 14

Supporting RFID with Amex

Supporting RFID with Amex Version

RFC Number

EDC v6.4.1 RFC 49589

Products

Audience

Aloha EDC

Configuration Technician, Store Managers

Aloha and EDC currently support reading and processing card data using VivoPay RFID proximity readers. This RFC establishes support for Amex ‘ExpressPay’ contactless cards using the same readers. The following actions are confirmed with this change: 1. The Aloha POS and EDC now support contactless RFID cards issued by American Express, to be read by VivoPay RFID proximity readers. 2. EDC receives and processes track one and track two data from the proximity reader in exactly the same way as with a magnetic stripe reader. 3. EDC processes the data and the transaction, providing indication the card is present and swiped.

EDC Enhancement Release v6.4

Page 15

Masking CC Numbers in EDC Transaction Report Version

RFC Number

EDC 5.3.36 RFC 50130 EDC 6.0.3 EDC 6.1.1

Products

Audience

Aloha EDC

Configuration Technician, Store Managers

In support of recent efforts to enhance payment card security at multiple levels, this change masks the appearance of payment card numbers in the EDC Transaction report. EDC replaces all digits except the last four with the character ‘X,’ to prevent unauthorized access, and possible misuse of the information.

Page 16

EDC Enhancement Release v6.4

Supporting Nova Over SSL

Supporting Nova Over SSL Version

RFC Number

Products

EDC v6.4

RFC 51827 RFC 59408

Aloha EDC

Audience Configuration Technicians Store Managers

In EDC v6.4, you can now configure the Nova processor to authorize and settle over SSL, using Aloha UPI for communication. From a manager’s perspective, this allows Nova to be more user friendly since a manager does not have to retrieve and purge batch totals before depositing. As a result, Nova is now a terminalbased processor, not a hybrid processor. As a hybrid processor, prior to EDC v6.4, Nova processes only over dialup and the configuration settings are located in EDC.ini. As part of your batch routine and authorization of personal checks, you must use these menu options in the EDC interface: • • • •

Get Current Batch Totals Get Previous Batch Totals Purge Batch Check Authorize

As a terminal-based processor, introduced in EDC v6.4, Nova tries to process over SSL, and attempts a dialup connection upon failover. This is accomplished with the existence of the NovaAlohaUPI.dll file in the Bin directory. Once registered, the EDC program creates AlohaUPINova.cfg as a separate file in the EDC directory, rather than use the configuration settings in EDC.ini. Additionally, the Nova configuration dialog box is now in tabular format and we removed the aforementioned menu options from EDC. Be aware that once you configure Nova over SSL, you cannot revert back to a hybrid processor (dialup only) without downgrading your EDC version. To configure Nova over SSL: 1. Log in to EDC. 2. If POS processing is turned on, select File > Stop POS Processing. 3. Select Configure > Processors.

EDC Enhancement Release v6.4

Page 17

4. Select Nova from the list of processors and click Select. If Nova is not listed, click Add to add Nova as a processor. If you have Nova configured as a hybrid processor, a message appears. Click Yes to enable the system to copy all current Nova settings to the NovaAlohaUPI.cfg file.

Figure 4 AlohaUPINova Copy Confirmation Dialog Box

5. Select and complete the Properties tab. These options are all existing prior to v6.4. If Nova was configured as a hybrid processor, these options auto-populate.

Figure 5 Nova - Properties Tab

Page 18

EDC Enhancement Release v6.4

Supporting Nova Over SSL

6. Select and complete the SSL tab.

Figure 6 Nova - SSL Tab

7. Type the Web address provided by the processor, if the default Web address, is not used: webgate.viaconex.com. 8. Click OK to add Nova to the list of processors.

Additional Configuration for Nova Over SSL When you use AlohaUPI communication, the EDC program creates an .xml file for the respective processor in the EDC directory.

Figure 7 AlohaUPINova.cfg

EDC Enhancement Release v6.4

Page 19

Some configuration areas in the EDC interface are not written to the file; therefore, you must manually enter them. To do this, locate and open AlohaUPINova.cfg, using Notepad, and optionally alter the following variables: Default Variable

Action

n false

Replace n with the number of SSL retries.

false

Replace false with true when you want to troubleshoot a processing problem. Replace false with true when you want to test your modem.

For additional troubleshooting information, you can view Debout.NovaAlohaUPI in the Tmp directory.

Page 20

EDC Enhancement Release v6.4

Supporting Amex Authorization and Settlement Over

Supporting Amex Authorization and Settlement Over SSL Version

RFC Number

EDC v6.4.4 RFC 53642 RFC 65055

Products

Audience

Aloha EDC

Configuration Technician, Store Managers

In earlier versions of EDC, the Amex (American Express) processor authorizes and settles via dialup or authorizes only via the Merchant Link high-speed gateway. In EDC v6.4, you must configure the Amex processor to authorize via a high-speed SSL (Secure Socket Layer) connection, as part of the CAPN requirements. You can no longer use the Merchant Link gateway, and all use of dialup connections for settlement terminates. EDC stores configuration settings for the Amex processor, which now uses the Universal Payment Interface (UPI), in a new XML configuration file, AlohaUPIAmex.cfg, located in the EDC directory. Amex processor settings formerly located in EDC.ini are now in this new file. To configure Amex over SSL: 1. 2. 3. 4.

Log into EDC. If POS processing is turned on, select File > Stop POS Processing. Select Configure > Processors. Select Amex from the list of processors and click OK. If Amex is not listed, you must click Add to add Amex as a processor and complete all required options on the Setup tab. If you previously had Amex configured, a message appears. Click Yes to enable the system to copy all current Amex settings to the AmexAlohaUPI.cfg file. 5. Select the TCP/IP tab.

Figure 8 Amex – TCP/IP Tab

EDC Enhancement Release v6.4

Page 21

6. Select Connect using HTTPS (Secure HTTP) to authorize transactions via a high-speed SSL (HTTPS) connection. 7. Select Connect using FTPS (Secure FTP) to settle transactions via secure, high-speed FTPS connection. 8. Type the user name provided by Amex in the ‘Username’ text box. 9. Type the password provided by Amex in the ‘Password’ text box. 10. Type the file name provided by Amex in the ‘File Name’ text box. 11. Click OK to exit the Amex dialog box. 12. Select File > Start POS Processing to begin processing with Amex over SSL. No default value exists for the user name and password required on the TCP/IP tab. Amex supplies a unique user name, password, and file name to each site.

Other Changes We have made other changes to Amex configuration, as well. On the Setup tab, the ‘PCID’ text box has been renamed to ‘Submitter ID,’ to more accurately describe its function. You must obtain a Submitter ID from Amex, along with the unique user name and password. We have replaced the ‘GateWay Connection’ control with options that control the use of prepaid card processing, shown in the box in Figure 9.

Figure 9 Amex – Setup Tab

Refer to “Supporting Amex Partial Authorizations” on page 26 in this document for more information about prepaid card processing.

Page 22

EDC Enhancement Release v6.4

Supporting Amex Authorization and Settlement Over

All settings on the Dialing tab relating to settlement remain, but are disabled, as Amex does not yet support this type of settlement under the CAPN framework. The ‘Settlement Processor’ group box has been removed altogether, as split dialing is also not supported under CAPN.

Figure 10 Amex – Dialing Tab

EDC Enhancement Release v6.4

Page 23

Supporting ISO Field 62.23 for Visa and BA Merchant Services Version

RFC Number

Products

Audience

EDC v6.4

RFC 56704 RFC 58064

Aloha EDC

Configuration Technicians

Visa U.S.A. requires support of their Card Level Results field 62.23 in both the authorization and settlement messages. This field determines the card type used in a transaction. EDC v6.4 now supports the mandated ISO field 62.23 for Visa credit card transactions. The BA Merchant Services (a.k.a. Bank of America Merchant Services, a.k.a. BAMS) processor is a settlement-only processor and does not authorize transactions. Typically, customers use TSYS (a.k.a. Visanet or Vital) to authorize Visa transactions and BA Merchant Services to settle. In Aloha EDC v6.4, the BA Merchant Services processor now includes the Visa ISO field 62.23 during settlement. In both cases, no configuration is necessary to enable support for this feature. The ISO field 62.23 automatically populates during the transaction.

Firewall Consideration If you are having problems accessing a port for BA Merchant Services and Visa via a firewall, you must change your port settings, as noted in the following table: Processor BA Merchant Services Visanet

Page 24

Previous Port 80 443

New Port 6660 5003

EDC Enhancement Release v6.4

Including Required Fields on the Guest Check for Chip

Including Required Fields on the Guest Check for Chip and PIN Version

RFC Number

Products

Audience

EDC v6.4

RFC 58677 RFC 58678 RFC 58679 RFC 59804 RFC 59805 RFC 60176

Aloha QuickService, Aloha TableService, Aloha EDC

Configuration Technicians

We have made several enhancements to the Chip and PIN feature in EDC v6.4, to conform to evolving International and processor requirements. These changes do not require configuration in the Aloha system, as they are primarily driven from the processor side. The Aloha system merely accepts the input, compares it with existing configuration settings, and converts each element to an appropriate output for printing, on the terminals and the Chip and PIN devices. All current changes involve data items sent to the guest check printer by the Aloha system, mostly as part of the signal returning from the processor, and are as follows: • • •







The currency symbol in use at the site prints, as defined in Maintenance > Store Settings > International group > Special Currency tab. The Chip and PIN application ID prints on the guest check. Aloha reads the Application ID from the card chip, and prints it for each transaction. The method used for inputting the card information when using a chip and PIN device also prints. The Chip and PIN application prints ‘ICC’ if it reads the information from the chip on the card, ‘SWIPED’ if the information comes from a magnetic card reader, or ‘KEYED’ if someone enters the information manually on a keypad. A signature line prints, in conjunction with the method used for inputting the card, if configured to do so by the processor. The instructions to print the line come directly from the processor as part of the approval, and Aloha passes it to the printer when the final guest check prints. The cause for any failures that occur also prints, which may include communication failures, insufficient funds, or inability to provide the PIN. Instructions to print this information are part of the signal returning from the processor. The method of verification prints, whether by signature, PIN input, or both. Instructions to print this information is part of the signal returning from the processor. Refer to the Chip and PIN UK Implementation or Chip and PIN Dutch Implementation Feature Focus Guides for more information on configuring and using a Chip and PIN device with Aloha.

EDC Enhancement Release v6.4

Page 25

Supporting Amex Partial Authorizations Version

RFC Number

EDC v6.4.1 RFC 59747

Products

Audience

Aloha EDC

Configuration Technician, Store Managers

As part of the new CAPN requirements, Amex now requires Aloha EDC and the Aloha POS, both QuickService and TableService, to support partial authorizations on prepaid American Express cards, when using the Amex processor for authorizations. Amex accepts or declines payments based on the balance on the card, and how it compares with submitted transactions. You can configure the way EDC responds to a partial authorization request by selecting Configure > Processors > Amex, in EDC, to access the relevant options. This configuration causes the Aloha terminal to return a ‘terminal capable’ signal to Amex, along with the authorization request, to indicate the system is capable of partial authorizations.

Figure 11 Amex - Setup Tab

Aloha QuickService and TableService v6.4 and Aloha EDC v6.4 are required to support partial authorizations for transactions involving American Express prepaid cards, so you must upgrade both applications to take advantage of this new capability. If you are using an earlier version of Aloha, enabling the new capability in EDC can have unpredictable results. Regardless of how you configure EDC to respond to a partial authorization request, when the balance on the card equals or exceeds the authorization request (meal plus tip), Amex processes the transaction exactly the same way it does for a standard credit card, except it provides the card balance. The Aloha Front-of-House (FOH) can only respond in three ways, depending on the EDC configuration: •

Approve the transaction, and provide the card balance after the current transaction.

Page 26

EDC Enhancement Release v6.4

Supporting Amex Partial Authorizations

• •

Decline the transaction, and provide the current card balance. Partially approve the transaction, indicate the card balance is zero, and provide the balance due on the transaction.

Configuring Aloha EDC for Partial Authorization of Amex Prepaid Cards This section describes how Amex responds to a partial authorization request, depending on the configuration selected in Aloha EDC. In each case, use the following hypothetical scenario to illustrate the results: The customer presents an Amex prepaid card in payment for their meal, which costs exactly $10.00. The Aloha POS adds 20% to the authorization request, making this amount $12.00. The authorization request determines there is only $8.00 left on the card. Schematically, the transaction is as follows: Cost of the meal: Automatic gratuity, 20%: Authorization request: Card balance before transaction:

$10.00 $2.00 $12.00 $8.00

EDC Configured with ‘Auth with Balance’ Selected EDC sends the transaction, along with a ‘terminal capable’ signal to the Amex processor, which responds in one of two ways: •



If the authorization request (meal plus tip) is greater than the balance remaining on the card, Amex returns a decline, and the current card balance. The payment request fails, and EDC records the results in the .ans file. In the example scenario, Amex returns a decline, and a card balance of $8.00. If the authorization request (meal plus tip) is less than or equal to the balance remaining on the card, Amex returns an approval, and the card balance after the transaction. The payment request succeeds, and EDC records the results in the .ans file.

If, in the second case, the card balance had been $15.00 or $12.00, Amex would have returned an approval in both cases, and reported a card balance of $3.00 and zero, respectively.

EDC Configured with ‘Partial Authorization’ Selected EDC sends the transaction, along with a ‘terminal capable’ signal to the Amex processor, which responds in one of two ways: •

If the authorization request (meal plus tip) is greater than the balance remaining on the card, Amex returns a ‘partially authorized’ value, and the card balance, which in this case is always zero. The payment request succeeds, and EDC records the results in the .ans file. Aloha adjusts the payment

EDC Enhancement Release v6.4

Page 27



due on the check in accordance with the amount approved by the processor. In the example scenario, Aloha accepts $8.00 in payment, reports a card balance of zero, and shows $4.00 still owed on the transaction. If the authorization request (meal plus tip) is less than or equal to the balance remaining on the card, Amex returns an approval, and the card balance after the transaction. The payment request succeeds, and EDC records the results in the .ans file, exactly as in the previous example.

Amex Payment Card ‘Business Rules’ Configuring the Amex processor to allow partial authorizations for prepaid Amex cards can result in revenue losses, in certain circumstances, based on the ‘business rules’ by which authorizations occur. If the balance on the card is less than the authorization request (meal plus 20%), but more than the base transaction, Amex approves the full amount remaining on the card, counting any funds above the base transaction as the tip, and reports the card balance as zero. Using the example scenario, above, if the card balance had been $11.00, Amex wold approve the authorization for the full $11.00, counting $10.00 for the meal and $1.00 for the tip, and returning a card balance of zero. The remaining $1.00 pending for the tip must come from the customer in some other form of payment. If the customer has already left the premises, this payment is lost.

Voids and Prepaid American Express Cards If it becomes necessary to process a void against a charge made on a prepaid American Express card, it is important to realize that the returned funds will not be available on the card until settlement takes place, most often at the end of the business day. If the initial transaction was $30.00 against a $100.00 starting balance, followed by a void of $9.00, the funds available on the card will be $70.00 until settlement restores the $9.00 void to the card balance. If the starting balance was $30.00 in the same scenario, the funds available on the card will be $0.00 until settlement restores the $9.00 void.

Page 28

EDC Enhancement Release v6.4

Supporting DE22 Field for BAMS and TSYS

Supporting DE22 Field for BAMS and TSYS Version

RFC Number

Products

Audience

EDC v6.4

RFC 60230

Aloha EDC

Configuration Technician, Store Managers

MasterCard recently modified their specifications, to require authorization and settlement data streams to populate the new ‘DE22’ field. EDC receives and stores this data during the authorization process, and sends it back again during settlement. These two RFCs support DE22 in Aloha EDC for authorization and settlement through Bank of America Merchant Services (BAMS) and Visanet (TSYS).

EDC Enhancement Release v6.4

Page 29

Creating Installation Method For Standalone EDC Modules Version

RFC Number

Products

Audience

EDC v6.4

RFC 60376

Aloha EDC

Configuration Technician, Store Managers

Beginning with version 6.4, Aloha EDC is an independent application. It no longer relies on the installed version of the Aloha QuickService or TableService applications. This independence makes it possible to meet the ever-changing needs associated with payment cards without having to upgrade the entire Aloha installation. To support this version independence, we added EDC to Aloha Update as a separate product suite. To upgrade Aloha EDC to v6.4 or higher, access the Aloha Update Portal, per normal procedures, and select ‘EDC’ from the Product Suite drop-down list as you prepare to create the update file. Create and use the EDC Update file exactly as you would any Aloha Update file. If a rollback becomes necessary, whether during installation or later, the rollback procedure restores your previous version of EDC, thus protecting you from lost processing time. Refer to the SupportReady document, ‘Aloha Update,’ for more information about how to use the Aloha Update Portal, and how to use an Aloha Update file to upgrade Aloha EDC. As with any upgrade, the Aloha BOH file server must meet prerequisites for upgrading Aloha EDC to v6.4 or later: •

• •



• •

Upgrade the license for HASP key to v6.4 or higher. It is not necessary to upgrade the Aloha installation to match the key version, but the key must be licensed for a version level equal to or higher than the version of Aloha EDC you are installing. Install Microsoft® .Net Framework, v2.0 on the BOH file server. The basis for this requirement is to support any processor making use of the Universal Payment Interface (UPI). Install the Visual C++ 2005 runtime .dlls, by installing VCRedist_X86.exe to meet this prerequisite. This file is available from Radiant Systems, or from an Aloha v6.4 installation CD. You can also download it directly from the Microsoft Web site. Install the Windows Installer, v3.1 or higher. Obtain this prerequisite from Radiant Systems, or from an Aloha v6.4 installation CD. You can also download it directly from the Microsoft Web site. Verify the file ‘Dbghelp.dll’ is in the %Iberdir%\Bin directory. The presence of this file indicates a successful completion of the installation process. Verify the ‘IPwssl6.dll,’ ‘Log4Net.dll,’ and ‘ChikatDotNet2.dll’ files are in the %Iberdir%\Bin directory. The presence of these files indicates a successful completion of the installation process.

If EDC begins installation, but then performs a rollback, you can find information about the cause in Debout.set. The most common cause for installation failure is a missing prerequisite.

Page 30

EDC Enhancement Release v6.4

Supporting All Processors with No Physical Modem In-

Supporting All Processors with No Physical Modem Installed Version

RFC Number

EDC v6.4.10 RFC 63977

Products Aloha EDC

Audience Configuration Technician Store Manager

Some sites now rely solely on a broadband connection for their secure socket layer (SSL) authorizations and do not install an analog modem on the BOH computer. The typical protocol for Aloha EDC is in the event the system cannot connect to the host, via an SSL connection, the system automatically attempts a dial-up connection, regardless if a physical modem is installed. This causes delays for each transaction while the system tries to find the modem to dial out. Beginning with v6.1.4, the solution for this was the ‘No modem failover’ option on the TCP/IP tab for Paymentech only. In EDC v6.4.10, this option is removed and you can now configure all processors that support SSL to not roll over to a modem connection by selecting ‘None’ from the ‘Modem’ drop-down list. Upgrade If you previously configured the ‘No modem failover’ option for your Paymentech processor, Path the system automatically selects ‘None’ from the ‘Modem’ drop-down list in the Paymentech configuration dialog box. There is no configuration required. To configure a processor to never rollover and attempt a modem connection: 1. 2. 3. 4. 5. 6. 7. 8.

Log in to Aloha EDC. Select Configure > Processors to display the Select Processor dialog box. Click Add to display the Select Processor to Add dialog box. Select a processor that supports SSL, such as Visanet, and OK to display the configuration dialog box for the processor. Select the Dialing tab. Select None from the ‘Modem’ drop-down list. Click OK to return to the Select Processor dialog box. Click OK.

EDC Enhancement Release v6.4

Page 31

Aloha EDC Checks Network Configuration with Ping Frequency Version

RFC Number

Products

Audience

v6.4.2 v6.5

RFC 63978

Aloha EDC

Configuration Technician Store Manager

Aloha EDC can continually check the Internet for a valid connection, using a ‘ping’ check. Activate this feature, and configure it to work, as required, by editing EDC.ini. Use the following procedure to enable this feature: 1. 2. 3. 4. 5. 6. 7. 8. 9.

Locate and open EDC.ini in an appropriate text editor, such as Windows Notepad. Locate the [System] section in the file, and add the following variables to that section. Add the variable ‘CheckNetwork,’ and add ‘=1’ to make the variable active. Add the variable ‘CheckNetworkTimeout,’ and assign it a value that reflects the number of seconds for EDC Server to wait in response to a ping, e.g. ‘=10’ for ten seconds. Add the variable ‘CheckNetworkComputerAddress,’ and assign to it the IP address you want EDC Server to ping, e.g. ‘=212.112.210.12,’ substituting the IP address of your processor. Add the variable ‘PingInterval,’ and assign it a value representing the number of seconds between pings, e.g. ‘=20.’ EDC versions 6.4.2 and higher support this variable. Add the variable ‘PingCount,’ and assign it a value representing the number of consecutive, unsuccessful pings before disabling EDC, e.g. ‘=5.’ EDC versions 6.4.2 and higher support this variable. Save the changes, and close the text editor. Stop and restart the EDC Server to make your changes effective in Aloha EDC. If one or more, or all of the variables listed in this procedure already exist in the [System] section of your EDC.ini file, configure them as noted to enable this feature.

The following is a fictionalized example of the [System] section with the new variables added:

Figure 12 System Section, EDC.ini, Showing Ping Settings

If these variables are already in the EDC.ini, simply edit them, and give them the desired values.

Page 32

EDC Enhancement Release v6.4

Supporting Settlement Summary Report

Supporting Settlement Summary Report Version

RFC Number

Products

Audience

v6.4.4 v6.5.1

RFC 66183

Aloha EDC

Configuration Technician Store Manager

The EDC Settlement report lists each transaction, per card, since the last settlement date. You can also automate the process of running this report using the Winhook batch file. For instances when it has been many days since the last report, the Settlement report can be very long and cumbersome, when you only need the totals to settle a batch. In EDC v6.5, you can now print an EDC Settlement Summary report that displays only the totals for each card, per processor.

Figure 13 Settlement Summary Report

To manually view or print the EDC Settlement Summary report: 1. Log in to Aloha EDC. 2. If POS processing is not started, select File > Start POS Processing.

EDC Enhancement Release v6.4

Page 33

3. Select Report > Review Transaction Report.

Figure 14 Batch Transaction Report

4. Select the batch. 5. Select Summary. Full — Prints each card transaction for the selected card, per processor, on the EDC Batch Transaction report. Summary — Prints the totals for each card, per processor, on the Settlement Summary report (EDC Batch Transaction report). This option disables the ‘Card Types,’ ‘Employees,’ ‘First Sort By,’ ‘Second Sort By,’ and ‘Multi-Store Mode’ group boxes. 6. Click View or Print. 7. Exit Aloha EDC. To create the Settlement Summary report from a DOS prompt, a batch file, Winhook, or any other method that invokes EDC.exe, include the following line: /SettleSumRep xx The command line parameter prints the Settlement Summary report, where xx is the number of days previous to the date of business. If you enter zero or no days, the report prints for settlements on the current date of business. You may also include the /Date, /ProcessorNumber, and /Index parameters in the command line, as needed.

Refer to AKBID 1028 Winhook for more information on using the Winhook utility.

Page 34

EDC Enhancement Release v6.4

Implementing AES 256 Encryption

Implementing AES 256 Encryption Version

RFC Number

Products

Audience

v6.4.7

RFC 67834

Aloha EDC

Configuration Technician

The Advance Encryption Standard (AES) is now used worldwide and is officially approved by the National Security Agency (NSA) as a means of securing sensitive information. Aloha now uses AES 256encryption for data transfer across networks for transaction security and includes additional security enhancements. You must upgrade your POS and EDC to v6.4 to take advantage of these encryption features. POS v6.4.7 requires EDC v6.4.8, 6.4.10 or higher, or 6.5.2 or higher, because of the changeover to 256-bit encryption. EDC v6.4.9, v6.5.0, and 6.5.1 are not compatible. POS v6.4.8 and higher requires EDC v6.4.9 or higher, or v6.5.3 or higher, because of additional changes to the 256-bit encryption. EDC v6.5.0, 6.5.1, and 6.5.2 are not compatible.

EDC Enhancement Release v6.4

Page 35

Page 36

EDC Enhancement Release v6.4