|
|
|
|
|
|
Configuring Your Business Center Settings
This chapter introduces you to the various settings that determine how your payment transactions are processed.
Configuring the Virtual Terminal
Configuring Smart Authorization
Choosing Default Hosted Order Page Settings
Managing Users and Their Privileges
Updating Your Account Information
Important In this section and in the rest of this chapter, you will be able to perform the described tasks only if your administrator has configured the appropriate permissions for your user name. To change your settings, you must log in as an administrator. For more information, see Managing Users and Their Privileges.
Configuring the Virtual Terminal
The Virtual Terminal is a Web-based version of the credit card terminals that you use at a retail store. Use the Virtual Terminal to process a purchase by telephone, fax, or email, or at the point of sale, such as in your store.
The Virtual Terminal settings, located under the Virtual Terminal tab, determine the information that you will enter to process each new transaction.
This section describes the Virtual Terminal fields that you can configure. The figures show the many sections of the settings page. The online help in the Business Center explains how to configure the settings.
Settings View
Views that are available for the Virtual Terminal: if these options are available to you, you can view the settings for either card-not-present or retail (card-present) transactions. You can display or require totally different elements for each view.
Default Type of Transaction
Default type of Virtual Terminal that appears if these options are available to you. You need to select how you want to process your card transactions. Your may accept transactions in one of two ways:
• Card-present transactions: the customer and the card are both present in your store (retail transactions).
• Card-not-present transactions: neither the customer nor the card are present in your store (MOTO or Internet transactions).
Note Your account provider may support retail card-present transactions, which apply to all credit cards and to debit cards that have the Visa or MasterCard logo. For more information, please contact your account provider or Customer Support.
For either type of transaction, your options are to process an authorization or a sale. However, remember that an authorization does not move money into your bank account. After you ship the customer’s order, you must capture the authorization. Card associations require you to ship the customer’s order or perform the service before you request a capture.
The following table shows the available settings in the first two columns and the corresponding results in the New Transaction page. In every case, the default Transaction Source is MOTO - Mail/Phone Order before the card is scanned and Retail after the card is scanned or after the card information is entered in the order form.
Credit Card
Types of credit cards that your merchant bank account supports. The default card types are Visa and MasterCard. The selections that you make in the Virtual Terminal apply also to the Hosted Order Page settings.
Three- or four-digit number printed on the back or front of credit cards. This number ensures that your customer has physical possession of the card at the time of the order. For more information on the card verification number, see Card Verification Number.
For each card type that you select in the first column, you can also select to display (second column) or require (third column) the card verification number. The field appears in the order form below the credit card number in bold if you choose to require it or in normal type if you choose to only display it.
When the customer selects a credit card type in the order form, the CVN field appears below the credit card field.
Fields that appear in the order form:
|
Credit card type |
Card verification number (optional) Expiration date |
To display the check fields in the Virtual Terminal and offer checks as a payment option, check this box. These fields always appear in the order form:
|
Account number |
Check number |
The fields that appear on the order form may vary according to the payment processor that your account provider uses. If your processor is AmeriNet, check with them to see if they require you to provide the date of birth. Required fields are shown in bold type whereas optional fields are in normal type. The account types available are checking, savings, or corporate checking.
For this and the next sections, you have many choices for using these fields:
• If you display the fields on the order form, the fields will be optional for the user to complete.
• If you require the fields on the order form, the fields will appear orange, and the user will not be able to submit the order unless these fields are completed.
• If you add the fields to the receipt, the fields’ content will appear on the customer’s receipt or packing slip.
Customer ID
Optional customer’s account ID, tracking number, reward number or other unique number that you can assign to the customer. This ID will appear on the settlement page where you can modify the value if necessary.
Company
Name of the customer’s company.
Phone Number
Customer’s phone number.
Email Address
Customer’s email address.
The behavior and requirements that apply to the customer information fields in the previous section also apply to these fields.
Order Number
Unique merchant reference number that you create for the order.
Comment
Brief description of the order or any comment you wish to add to the order. Comments will appear on the settlement page where you can modify the content if necessary.
Shipping Address
Whether to display the shipping address fields. These fields appear in the Customer Information section of the order form.
The behavior and requirements that apply to the customer information fields in the previous section also apply to these fields. These fields appear in the Order Information section of the order form.
You can use these four fields to add non-sensitive comments or additional information to the order. The content of the field appears in the Virtual Terminal, the transaction confirmation and receipt, the transaction search detail page (even after you capture or void the transaction), the exportable search results, and the Order Detail report. You can use these fields with all the credit card and check transactions available in the Virtual Terminal. When using the merchant-defined data fields, you must follow these rules:
Warning Merchant-Defined Data fields are not intended to and MUST NOT be used to capture personally identifying information. Accordingly, Merchant is prohibited from capturing, obtaining, and/or transmitting any personally identifying information in or via the Merchant-Defined Data fields. Personally identifying information includes, but is not limited to, name, address, credit card number, social security number, driver's license number, state-issued identification number, passport number, and card verification numbers (CVV, CVC2, CVV2, CID, CVN). In the event CyberSource discovers that Merchant is capturing and/or transmitting personally identifying information via the Merchant-Defined Data fields, whether or not intentionally, CyberSource WILL immediately suspend Merchant's account, which will result in a rejection of any and all transaction requests submitted by Merchant after the point of suspension.
Unless you specify in the settings page a name for the field(s) that you display, require, and/or add to the receipt, the field(s) will appear labeled as Merchant-Defined Data Field X on the order form. You can choose any name that you want, such as shipping method. If you enter a default value, this value will appear on the order form as an editable field.
The behavior and requirements that apply to the customer information fields in the previous section also apply to these fields. For more information on these fields, see Level II and Level III Fields.
When you select the line-item fields in the Virtual Terminal settings page, the fields appear in the Virtual Terminal, the transaction receipt, and the details page for the transaction:
Note The local and national tax fields apply only to Visa and MasterCard orders if your processor is TSYS Acquiring Solutions (Vital).
|
Local sales tax for the order. |
|
|
Local tax exempt |
Local tax-exempt order. |
|
National tax |
National sales tax or value-added tax for the order. |
|
Summary Commodity Code |
International description code of the overall order’s goods or services. Contact your payment processor for a list of codes. |
|
Purchase Order Number |
This number may be different from any other in the order form. |
|
Commodity Code |
International description code used to classify the item. Contact your payment processor for a list of codes. |
|
Product Code |
Type of product purchased. Depending on your company, this field may also apply to the category of the product. |
|
Product Name |
Name of the product. |
|
Quantity and unit price |
Quantity and unit price of the item in the default currency. |
|
Unit |
Unit of measure, such as each or dozen. |
|
Sum of all taxes (local, national, and other) that apply to the line item. To find out the total tax for the order, calculate the sum of all line-item taxes. |
Level II Duty
Amount charged on imported and exported items.
Level II Purchase Order Number
Purchase order number or customer reference ID that is provided by the customer. Note that this number is different from the Customer ID mentioned above in the Customer Billing Information section.
Amount of tax in the order.
Level II Tax Exempt
Tax exemption status of the order.
In addition to order fields, you can add two of the results fields to the receipt. These results, which are returned only for payment card transactions, can help you in reconciling your transactions or in keeping track of statistics.
AVS result
This field provides the abbreviated definition of the address verification result for the transaction. This result is returned by the Address Verification Service of Smart Authorization, which is discussed on this page.
Authorization code
This field provides the 6-digit authorization code that you receive for card transactions.
Country
Default country where you process transactions.
Currency
Default currency that you accept.
Transaction Type
Default type of transaction that you process: authorization or sale (authorization and capture).
You use these settings to indicate whether you want to send an email receipt to the customer and the email address that is to appear in the sender’s field of the receipt.
This section is divided into two parts:
• Indicate the phone number and email address that you want to appear on the printed receipt for your business.
• Use printed receipts for retail transactions and as packing information for the orders that you ship. You can select either a single or a double receipt. You can use part of the double receipt format to give to your customer at the point of sale or as packing slip when you ship goods. This figure shows a sample single receipt with all the possible fields. For a sample double receipt, see the printed receipt on this page.
Configuring Smart Authorization
A fraudulent customer can easily steal a credit card number and use it to place orders at your store. For this reason, when you sell items online, by telephone, or by mail, you need to take precautions to avoid fraud attempts. According to card association rules and even if the cardholder’s bank authorized the transaction, you are liable for losses if customers claim that their cards were used without their knowledge or consent. If this happens, you will be subject to a reversal of payment, also known as a chargeback.
With Smart Authorization and Advanced Smart Authorization, basic fraud detection tools, you can quickly and accurately identify fraudulent orders while minimizing the rejection of valid orders. Smart Authorization returns risk factor codes, which identify the conditions that contribute to a high risk result. You can use these factor codes to identify the reasons for the high risk result and, if justified, to attempt to convert the order to a sale. You decide whether to process the order regardless of the results of Smart Authorization or choose to review the order before you process it further. The figure below shows a sample Smart Authorization settings page. The online help explains how to set the tests that you want CyberSource to run for each of your transactions.
Because CyberSource uses the order data to evaluate the level of risk, you should assess the customer’s input before you submit the data to CyberSource to ensure that the data is accurate. If you detect a problem, such as an typographical error, ask your customer to correct the data.
Rejection by the Smart Authorization tools is a soft reject as opposed to hard reject, which is due to causes other than Smart Authorization, such as invalid data, invalid card, or a system error:
• Soft rejection: If an order is rejected because it appears to be risky, you should review the order to verify that it is legitimate so that you can capture the authorization and fulfill the order. For more information on reviewing orders, see Reviewing Declined Credit Card Authorizations.
• Hard rejection: You cannot capture these orders.
If you use Smart Authorization with card-present transactions, see Card Present: Retail.
Address Verification Service (AVS)
Important note if you do not use Smart Authorization The Address Verification Service always screens orders even if you do not use Smart Authorization. If you request a sale (authorization and capture) for an order that receives a no address match result, the order will be processed successfully, and you will not be notified of the address verification results. Therefore, we recommend that you request only an authorization, which allows you to review the authorization results before capturing the order.
Although the Address Verification Service (AVS) runs automatically for every credit card authorization, AVS data is ignored when no address is submitted for card-present (retail) transactions processed in the Virtual Terminal.
The service compares the customer-provided billing address with the address on file at the issuing bank. A mismatch between these addresses may indicate fraud. Basic Smart Authorization interprets the results of the Address Verification Service. You can use its settings to decline transactions with any or all of these address verification results:
• Partial address match. Either the street address or the postal code matches.
• No address match. Neither the street address nor the postal code matches.
If you do not use the Smart Authorization settings for the address verification tests, and you request a sale (authorization and capture), your orders will be processed regardless of the address verification results, and you will not be notified of the address verification results.
• Service not available. The Address Verification Service is not working or is not supported.
• Card issued outside of the United States.
The card verification number (CVN) is a three- or four-digit number printed on most credit cards helps to prove that the customer has physical possession of the card, and that the card is valid. The table below gives the details for the cards accepted in the Virtual Terminal.
|
Visa |
Card Verification Value (CVV2) |
Back of card: if present, 3 digits in the signature area to the right of the card number. |
|
MasterCard |
Card Verification Code (CVC2) |
Back of card: if present, 3 digits in the signature area to the right of the card number. |
|
American Express |
Card Identification Number (CID) |
Front of card: 4 digits on the right above the card number. |
|
Discover |
Card Identification Number (CID) |
Back of card: if present, 3 digits in the signature area to the right of the card number. |
|
Diners Club |
Card Verification Value (CVV) |
Back of card: 3 digits in the signature area. |
|
JCB |
Card Verification Number (CVN) |
Front of card: 4 digits on the left below the card number. |
This number, which is never printed on credit card receipts, is a security feature that helps ensure that your customer has physical possession of the card. The issuing bank compares the customer-provided number with the number it has on file. A mismatch may indicate fraud. If you want to check this number, ask your customers to provide the number with the credit card number when you request authorization.
The following illustration shows how a card verification number appears on the back of a credit card.
You can decline transactions with any of these card verification results:
• Card verification number not matched. The number that the customer provided does not match the number on the card.
• Card verification number system unavailable. The card verification check is not working or is not available for this card type.
• Card verification number not submitted. A number is printed on the card, but the customer did not provide it.
• Card verification not supported by the card issuing bank.
You can choose the maximum dollar amount to allow in a single authorization. If a customer attempts to make a purchase for more than this amount, the authorization will be declined.
Advanced Smart Authorization Features
In addition, if you are signed up for Advanced Smart Authorization, you can use additional fraud control tools. Advanced Smart Authorization performs additional tests on each order to identify all of the following conditions, which increase an order’s risk:
• Obscenities or nonsensical input, such as the customer’s last name entered as zqmmz.
• Billing or shipping address not verified or that do not match.
• USA PATRIOT Act compliance. The person or organization placing the order or the country in the shipping address are on a list of denied parties or places to whom the United States prohibits commercial sale according to the USA PATRIOT Act.
Choosing Default Hosted Order Page Settings
If you choose to use the Hosted Order Page to process your transactions, you use the Business Center to change the default appearance of the Hosted Order Page and choose how you are notified about orders. For information on configuring and customizing each section of the Hosted Order Page, see the Hosted Order Page User’s Guide available in the Business Center. Your Hosted Order Page default settings are located under the Settings tab. The online help explains how to configure the settings.
Managing Users and Their Privileges
You can control the identity and the level of access of each user. Users can be assigned individual permissions or a role, which contains a pre-determined set of permissions. This section describes how to choose roles and permissions:
Adding and Modifying Users and their Privileges
When your account is created, you are given one default user, which has the same name as your merchant ID.
This merchant user is an administrator who can create up to nine merchant ID users. However, your account provider may allow a different number of users. For more information, contact your account provider. Merchant users can add users, modify, and delete users.
All users can be assigned either specific permissions or a role, which is a group of permissions.
When a user, including an administrator, performs a task, the Business Center verifies that the user has the correct permission for the task. For example, only an account administrator can configure reports.
You may need to combine several permissions to allow users to perform what appears to be a single task. For example, to process credit card authorizations and sales in the Virtual Terminal, users must have three permissions: Virtual Terminal Transaction, Payment Authorization, and Payment Capture/Settlement/Debit.
Important Before assigning any of the permissions, make sure that the feature is part of your package. In addition to the documentation guides mentioned below, refer also to the online help for the section of the Business Center for instructions on configuring users.
The following tables show the permissions available for users (Table 1) and administrators (Table 2).
|
Location or Type |
Description and Usage |
|---|---|
|
Virtual Terminal |
These permissions gives the user access to the various functions of the Virtual Terminal: • Virtual Terminal Settings View: can see but cannot modify the Virtual Terminal settings. • Virtual Terminal Settings Management: can see and modify Virtual Terminal settings. • Virtual Terminal Transaction: can process transactions in the Virtual Terminal. If you are the merchant account holder and have the Virtual Terminal Transaction permission, you may be able to process transactions for your merchants if you also have one or more of the Payment permissions. For more information, contact your account provider. |
|
Payment |
These permissions gives the user the ability to successfully process in the Business Center the specified payment type(s) if the user also has permission to use the feature where the payment type can be processed, such as the Virtual Terminal Transaction permission, customer profiles, and subscriptions: • Payment Authorization: can process credit card authorizations. • Payment Capture/Settlement/Debit: can process credit card capture (sale or capture with verbal authorization) and electronic check debit, and direct debit. • Payment Credit: can refund money to the customer: all credits (card and electronic check), and other refunds, such as bank transfer and direct debit. • Payment Void: can void a credit or debit or can reverse a card authorization. • Re-Authorization: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization permission to successfully re-authorize a partial transaction. • Re-Authorization and Settlement: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization and Capture/Settlement/Debit permissions to successfully process a re-authorization and capture. • New Order from Previous Authorization: can see and click the link; can retrieve the order information in the Transaction Search and process a new authorization in the Virtual Terminal; must have the Payment Authorization permission to successfully process a new order. For more information about these payment types, see the documentation specific to the features that you are authorized to use: Processing an Order with the Virtual Terminal. |
|
Transaction Search |
This permission gives the user access to the Transaction Search feature of the Business Center: • Transaction View: can search for transactions and view their details. If the user with this permission has the appropriate Payment permission(s), this user can also refund money or void a transaction by using the button options on the search details page. For more information about searching for transactions, see Searching and Reviewing Orders. |
|
Location or Type |
Description and Usage |
|---|---|
|
User Management |
These permissions gives the user access to the permissions that can be assigned to users: • User View: can see the list of users and the permissions assigned to each user. • User Management: can see, create, modify, and delete users privileges; can generate a User Management Report to view a list of users and their permissions. The user with this permission is a manager (not an administrator) who cannot assign individual permissions but can assign existing roles to other users (not to other user managers or administrators). |
|
Merchant Settings |
These permissions give the user access to some of the basic information of the merchant ID: • Banking Information Management: can see and modify the payment processor information. • Merchant Information Management: can see and modify the basic contact and service information. • API Key Management: can see, create, modify, and delete API keys. For more information on API keys, see the Business Center Simple Order API User’s Guide. |
|
Hosted Order Page |
These permissions give the user access to the management options of the Hosted Order Page: • HOP Script Management: can see, create, and delete the Hosted Order Page security scripts but cannot see or modify the settings. • HOP Script View: can see the Hosted Order Page security scripts but cannot modify them; cannot see or modify the settings. • HOP Settings Management: can see and modify the Hosted Order Page settings; cannot see, create, or delete the security scripts. • HOP Settings View: can see the Hosted Order Page settings but cannot modify them. For more information about the Hosted Order Page, see the Business Center Hosted Order Page User's Guide. |
|
Reporting |
These permissions give the user access to the many reports functions: • Report Settings View: can see the report settings and subscriptions. • Report Settings Management: can modify report settings and subscriptions. • Report View: can search for and view reports. • Report Download: can download programmable reports but cannot log into the Business Center. For more information about reports, see the guide appropriate for your package: Business Center Reporting User's Guide. |
By combining permissions into roles, you can customize how your users access and use the Business Center. In addition, to update the users who are assigned a role, you need to update only the permissions defined in the role. The figure below shows an organization with the default roles (administrator and report download) at the top and several users below. Users are listed in order of creation.
Read-Only Roles
The Business Center provides two default roles: administrator and report download:
• Administrator: This role, assigned to the account and merchant users, contains all permissions. The account administrator, created during registration, has the same name as your merchant ID and can assign the administrator role to up to nine other users. These administrator users can be modified or deleted as necessary, but the account administrator user cannot be modified or deleted. All administrators can add, modify, and delete merchant ID users.
• Report Download: This role exists only to enable you to download programmable reports. The password assigned to this role never expires, but the user cannot log into the Business Center.
Custom Roles
Only administrators (account or merchant can create and modify roles. When creating a role, you can add and later modify the role with any of the permissions in Table 1 and Table 2 above that can be assigned to a user. For example, instead of assigning individual permissions to process orders in the Virtual Terminal, you can create a role for that purpose. This role would contain the three required permissions: Virtual Terminal Transaction, Payment Authorization, and Payment Capture/Settlement/Debit.
When adding permissions to a role, remember to assign to an administrator or to a user only the appropriate permissions.
Adding and Modifying Users and their Privileges
You can view a list of users under the Account Management section of the Business Center. This section describes briefly how to add and modify users. If you are logged in as a user with the correct permissions, you can perform these tasks. Only an account or merchant administrator can change settings. For detailed instructions, see the online help
Important If you add, delete, or modify users in the test system, the changes affect both the test and production systems.
This figure shows the page that you use to create or modify a role. This page is similar to the page that you use to add individual permissions to a user. To streamline your management process, you should create the roles that you will need before creating users.
A sample page appears below. You use this page only to create a user. You need to modify the user to assign permissions or a role.
Note By using generic names for users instead of user names based on employees’ names, merchants can give the user name, with the associated permissions or role, to any employee.
Modifying Privileges
The figure below shows that in addition to identifying the user and assigning a password, you also assign a role or individual permissions. The dropdown menu always contain the options Administrator and Report Download. The menu also contains any role that you have created and a custom option that you can use to assign specific individual permissions to the user.
To see at a glance all the permissions and role granted to users, users with the appropriate permission can download a daily report or use a query to request an on-demand report. The report is available in CSV or XML format. For example, this report in CSV format was run September 14, 2007. The report shows two enabled users:
• The first user has a custom role with the permissions to process a payment authorization in the Virtual Terminal.
• The second user has the report download role, which enables the user to download reports but not to log into the Business center.
|
User Listing Report,Version 1.0,2007-09-14 Username,Merchant ID,First Name,Last Name,Email,Date Created,LastAccess,Status,Role, Permissions infodev_user,infodev,Jane,Doe,,2007-03-29 07:47 GMT,2007-09-21 11:44 GMT,Enabled, Custom,Virtual Terminal Transaction|Payment Authorization infodev_user_2,infodev,John,Doe,,2007-03-29 07:47 GMT,2007-09-21 08:00 GMT,Enabled, Report Download,Report Download |
CyberSource recommends that you immediately save the report on your computer. You can save the report by date if you are a merchant or by merchant ID if you are an administrator. By downloading the report regularly, you can easily keep track of the changes among your users and their permissions. You can obtain this report at any time.
For the complete description of the report in CSV and XML formats, see the Business Center Reporting User’s Guide.
Updating Your Account Information
The Business Center stores your company information, which you can update at any time. Make sure to keep your account information up to date so that CyberSource can contact you if necessary. Your account information is located under Account Management.
Status
This section indicates whether your account is in live or test mode.
Duplicate Order Check
You can have CyberSource check your orders that are duplicated within 15 minutes of the original order. With this feature, you can decline these duplicate orders.
Account Contact
You need to provide your complete contact information.
Contact Information
You can use the Shipping Contact information to communicate with your customers after the order is settled. If you choose to use these fields, you must edit them yourself because the customer’s information is not transferred automatically from the Account Contact section to the Shipping Contact section.
Service Order
The Service Order section lists the information entered on your behalf by your account provider.
Payment Processor
The Payment Processor section details the information entered on your behalf by your account provider.
Payer Authentication
Payer Authentication enables you to quickly and easily add support for the Verified by VisaSM and MasterCard® SecureCode™ programs to your Web store without running additional software on your server. This service is available only on the Hosted Order Page. For more information, see the Hosted Order Page User’s Guide. This service may not be available in your package.
Payment Authorization
You need to provide your complete payment authorization information for the methods of payment (electronic check and credit card) that you want CyberSource to use for your account.
Note If CyberSource cannot debit your bank account for the required fees, the credit card will be billed. However, if you choose not to provide your credit card information, and your bank account has insufficient funds, CyberSource may be forced to send your account to a collection agency.
Go Live
If your account is still in test mode, the Go Live section also appears.
The figure below shows the first four sections of the Account Information page.
Important For your protection, CyberSource recommends that you change your password often and that you store it in a secure place.
You can change the password that you use to log into the Business Center under Account Management. Your password must meet these requirements:
• Must contain from 8 – 32 characters, with at least one number or punctuation character and at least 3 letters
• Must be different from the user name and the previous password
• Cannot contain more than 4 instances of the same character
You cannot change a password more than once every 24 hours. For instructions on constructing passwords that are easy for you to remember but difficult for others to guess, see the online help.
You can also update your password recovery question and answer for the Business Center.
If you forget your password or enter an incorrect password three times, you must answer the password recovery question correctly before you are allowed to log in. At that time, you need to choose another password. If you fail the question three times, you are locked out of the Business Center. If you are the account holder, you need to call customer Support. If you are a user, your administrator must re-enable your user name in Account Management > User Administration.
|
|
|
|
|
|