Difference between revisions of "CreditLine Security Setup"
(→Resetting Passwords) |
|||
Line 135: | Line 135: | ||
[[Security Journal Cleanup]] | [[Security Journal Cleanup]] | ||
− | |||
− | |||
==Resetting Passwords== | ==Resetting Passwords== |
Latest revision as of 19:07, 12 July 2017
This article is part of the Payment Processing Software Library |
|
Get it... | |
Install it... | |
Connect to it... | |
Set it up... | |
Learn to use it... | |
→ Manual & User Guide | |
Fix it... | |
→ Errors & Troubleshooting | |
Get Help... | |
More Info ... | |
See also... | |
CreditLine Payment Processing Software Setup. This site can also be reached at http://docs.911software.com
→ Looking for better rates? Get a Free Credit Card Processing Cost Comparison!
Contents
- 1 Industry Required Security Guidelines
- 2 Operating System Security Setup
- 3 Default Login Credentials
- 4 Definitions
- 5 Recommended Configuration
- 6 High Risk Functions
- 7 Entering Security Setup
- 8 Upgrading From Older Versions Without Security
- 9 Creating An Account
- 10 Merchant Index Access
- 11 Changing User Names Passwords
- 12 Disabling Users
- 13 Default Rights Setup
- 14 Login And Logout
- 15 Creating An Administrator Account
- 16 Cleaning Up Old Journals
- 17 Resetting Passwords
'The following guide describes Security Features of CreditLine. These features were implemented as part of participation in industry wide credit card security programs. CreditLine version 3.2.x and up has been certified by VISA to be secure and follows the PA-DSS, as well as CISP PABP guidelines based on the PCI Data Security Standard.
Industry Required Security Guidelines
Please see PA-DSS Guide
Operating System Security Setup
The following are the guidelines for PA-DSS compliant installation protection from the Operating System side:
Default Login Credentials
- User Name
- admin
- Password
- creditline1
These will have to be changed on the first login
Definitions
- Administrator Account
- The only type of account that can access and modify security settings. There must be at least one administrator account per install. You won't be able to disable or remove Administrator privilege from your single administrator account unless there is at least one more administrator present. It is not recommended to have more than one administrator account.. → Administrator accounts are denoted by a ! sign next to the name.
- User Account
- An account that has access to low risk, easily audited sales operations only such as Auth, Sale, Force, etc.
- Manager Account
- An account that has access to manager level operations such as batch, report, void and credit.
- Disabled Account
- An account that has been disabled and is inactive. → Disabled accounts are denoted by a x sign next to the name.
- Security Risk
- Permissions are grouped into risk profiles according to the degree of risk due to possibility of fraud, loss and financial information exposure when allowed.
- Default User
- Default user rights are the override permissions that will apply to all setup users regardless of the individual permissions assigned. Only selected default permissions will override all user selections. You cannot remove permissions by default. For instance if Batch is enabled in the Default User, all user accounts will be able to batch regardless of whether Batch is enabled in individual user setups. → It is not recommended to use this feature unless you are an advanced user.
Recommended Configuration
- One administrator account (required) for security changes.
- At least one manager account for supervisor operations such as batch, void, reports, etc.
- At least one user account for server sales operations such as sale, add tip, etc.
→ For older versions that do not have security setup a new administrator account must be created. New versions come with an administrator account built-in.
High Risk Functions
Some functions may expose the cardholder information and must not be enabled for any user except the administrator. Please see the following warnings:
Entering Security Setup
Upgrading From Older Versions Without Security
If you are upgrading from an older version without security you will see the following dialog on the first startup:
Administrator is a required account. Before proceeding with the rest of the security setup, please create an administrator account.
Creating An Account
See Recommended Configuration for the type of accounts that you should setup.
Below is an example of a Manager confiration.
- Enter User Name and Password.
- Change Password On Next Login can be used to force the user to change the password at first login time. This can be useful if you are an administrator and want to give your users ability to set private passwords.
- Set the permissions as desired. The example given is for a manager account. A regular user account would have less permissions (e.g. only Auth, Sale, Force, etc)
- If you are using a multiple merchant setup and wish to restrict the user to certain merchant indeces, click Merchants button to enter merchant index access dialog
Merchant Index Access
→ This feature only works if Dealer Mode is not enabled.
- Select merchant setups that you do not want the user to access and click ← Delete to move them out of Selected Merchants list. You can use Add → to add merchant setups to the access list.
- Click OK when done.
Changing User Names Passwords
You can change User Names and Passwords in the main security clearance dialog.
If Change Password On Next Login is checked by the administrator for a particular account, the user will have to change the password on the next login.
NOTE: the new password cannot repeat the last 4 passwords. However, an administrator can force an old password by entering it into the User Setup Dialog.'
Disabling Users
If a disabled user tries to login, the following will be displayed.
Default Rights Setup
Default user rights and the rights that will apply to all users that you setup by default. → It is not recommended to use this feature unless you are an advanced user.
See Definitions for detailed explanation of Default User functionality.
Login And Logout
You can user the command below to login and logout users.
Note: after 15 minutes of inactivity a user will automatically logged out.
Creating An Administrator Account
→ If you are not upgrading from a version without security, you already have an administrator account and should proceed to Creating An Account.
Follow these steps:
- Check the Administrator check box.
- If you are not planning to change the password on the next login uncheck Change Password On Next Login check box. Enter a user name (for instance, admin) and password (passwords must have both letters and numbers and must be 7 or more characters long).
- Check all administrator rights and click OK to apply changes. Note that you can see '!' sign next to the administrator that we just setup.
- Proceed to Creating An Account.
Cleaning Up Old Journals
Resetting Passwords
Please, see Reset Password for more info.