CreditLine Security Setup

From Payment Processing Software Library
Jump to: navigation, search
This article is part of the
Payment Processing Software Library

Categories

Get it...

Credit Card Software
Download

Install it...

Installation
Upgrade & Migration

Connect to it...

Point Of Sale Integration

Set it up...

Quick Start Guide
Setup
Processor Setup

Licensing

Learn to use it...

Manual & User Guide
Knowledge Base
Frequently Asked Questions
Compliance Guide
Merchant Account Rates
User Interface Guides

Fix it...

Errors & Troubleshooting
Knowledge Base
Corrupted Install Repair

Get Help...

Contact
Processor Support Contacts

More Info ...

Glossary
Articles

See also...

911 Software
Help

CreditLine Payment Processing Software Setup. This site can also be reached at http://docs.911software.com

Looking for better rates?   Get a Free Credit Card Processing Cost Comparison!

'The following guide describes Security Features of CreditLine. These features were implemented as part of participation in industry wide credit card security programs. CreditLine version 3.2.x and up has been certified by VISA to be secure and follows the PA-DSS, as well as CISP PABP guidelines based on the PCI Data Security Standard.

Industry Required Security Guidelines

Please see PA-DSS Guide

Operating System Security Setup

The following are the guidelines for PA-DSS compliant installation protection from the Operating System side:

  1. Installation directory protection
  2. Logged File Deletion

Default Login Credentials

User Name
admin
Password
creditline1

These will have to be changed on the first login

Definitions

Administrator Account 
The only type of account that can access and modify security settings. There must be at least one administrator account per install. You won't be able to disable or remove Administrator privilege from your single administrator account unless there is at least one more administrator present. It is not recommended to have more than one administrator account.. → Administrator accounts are denoted by a ! sign next to the name.
User Account 
An account that has access to low risk, easily audited sales operations only such as Auth, Sale, Force, etc.
Manager Account
An account that has access to manager level operations such as batch, report, void and credit.
Disabled Account
An account that has been disabled and is inactive. → Disabled accounts are denoted by a x sign next to the name.
Security Risk
Permissions are grouped into risk profiles according to the degree of risk due to possibility of fraud, loss and financial information exposure when allowed.
Default User
Default user rights are the override permissions that will apply to all setup users regardless of the individual permissions assigned. Only selected default permissions will override all user selections. You cannot remove permissions by default. For instance if Batch is enabled in the Default User, all user accounts will be able to batch regardless of whether Batch is enabled in individual user setups. → It is not recommended to use this feature unless you are an advanced user.


Recommended Configuration

  • One administrator account (required) for security changes.
  • At least one manager account for supervisor operations such as batch, void, reports, etc.
  • At least one user account for server sales operations such as sale, add tip, etc.

→ For older versions that do not have security setup a new administrator account must be created. New versions come with an administrator account built-in.

High Risk Functions

Some functions may expose the cardholder information and must not be enabled for any user except the administrator. Please see the following warnings:

Entering Security Setup

SecuritySetupMenu.jpg
The default is username admin, password creditline1. You will not see this dialog if you are upgrading from a version without security.

Upgrading From Older Versions Without Security

If you are upgrading from an older version without security you will see the following dialog on the first startup:

SecurityNoAdminWarning.jpg

Administrator is a required account. Before proceeding with the rest of the security setup, please create an administrator account.

Creating An Account

See Recommended Configuration for the type of accounts that you should setup.

Select an empty line and click Edit

Below is an example of a Manager confiration.

Follow the steps below to arrive at the setup shown
  1. Enter User Name and Password.
  2. Change Password On Next Login can be used to force the user to change the password at first login time. This can be useful if you are an administrator and want to give your users ability to set private passwords.
  3. Set the permissions as desired. The example given is for a manager account. A regular user account would have less permissions (e.g. only Auth, Sale, Force, etc)
  4. If you are using a multiple merchant setup and wish to restrict the user to certain merchant indeces, click Merchants button to enter merchant index access dialog

Merchant Index Access

→ This feature only works if Dealer Mode is not enabled.

Click Merchants button to enter Merchant Index Selection Dialog


Selected Merchants are the merchant accounts that this user will have access to
  • Select merchant setups that you do not want the user to access and click ← Delete to move them out of Selected Merchants list. You can use Add → to add merchant setups to the access list.
  • Click OK when done.

Changing User Names Passwords

You can change User Names and Passwords in the main security clearance dialog.

If Change Password On Next Login is checked by the administrator for a particular account, the user will have to change the password on the next login.

ChangePasswords.jpg

NOTE: the new password cannot repeat the last 4 passwords. However, an administrator can force an old password by entering it into the User Setup Dialog.'


Disabling Users

Click Disabled check box to disable the user or to re-enable a disabled one
Disabled Users are indicated by an X

If a disabled user tries to login, the following will be displayed.

DisabledUserWarn.jpg

Default Rights Setup

Default user rights and the rights that will apply to all users that you setup by default. → It is not recommended to use this feature unless you are an advanced user.


See Definitions for detailed explanation of Default User functionality.

Select Default and click Edit
Click Ok to dismiss
Select Disabled if you wish to disable this feature or select the rights that all users will have by default

Login And Logout

You can user the command below to login and logout users.

Note: after 15 minutes of inactivity a user will automatically logged out.

Login.gif

Creating An Administrator Account

→ If you are not upgrading from a version without security, you already have an administrator account and should proceed to Creating An Account.

Select the first empty slot #1
Follow the steps below to arrive at the setup shown

Follow these steps:

  1. Check the Administrator check box.
  2. If you are not planning to change the password on the next login uncheck Change Password On Next Login check box. Enter a user name (for instance, admin) and password (passwords must have both letters and numbers and must be 7 or more characters long).
  3. Check all administrator rights and click OK to apply changes. Note that you can see '!' sign next to the administrator that we just setup.
  4. Proceed to Creating An Account.

Cleaning Up Old Journals

Security Journal Cleanup


Resetting Passwords

Please, see Reset Password for more info.