Related Links


Applies To

Spectra:

 

Article Information

Reference #: KB 00015
Author: MattH
Created: 03.13.12
Last Revised: 03.20.12

Spectra 2012 Credit Card Processing Changes


 

Applies To

This article applies to existing users of StudioPlus 2011 (or prior) that currently process credit cards with Merchant Warehouse and that are upgrading to StudioPlus Spectra 2012.

Overview

Spectra 2012 offers great new tools designed to simplify the PCI compliance burden that all studios face. To accomplish this, Spectra will no longer touch a credit card number and will no longer store a credit card number in its database. Doing so removes Spectra from the PCI compliance scope. In addition, because you are no longer storing credit card numbers within your network, the PCI compliance assessment you must complete each year becomes much simpler.

So, how can Spectra process credit cards if it never touches the card number, and how can you process payment plans if the card number is never stored in the Spectra database? When you need to process a card, Spectra will open a special window provided by Merchant Warehouse. You will then swipe the card or manually key it in. That window will then communicate direct with the Merchant Warehouse secure server, process the credit card, and then pass a unique token back to Spectra. The card is stored on the Merchant Warehouse secure server and NOT in StudioPlus Spectra or anywhere on your system. With that unique token, Spectra will still be able to process repeat transactions, pending payments, and payment plans.

To take advantage of these new features, you must be processing credit cards through Merchant Warehouse. Second, you must turn on the new credit card processing feature in Spectra. Third, you must purge your existing database of all previous credit cards you have processed.

Setup

  1. Open your Studio Preferences > Credit Cards page. You will notice two new fields have been added to the form – User Name and Password. If these fields are blank, enter the User Name and Password that you use to log into the Merchant Warehouse Gateway. This information can be found in the original email you received from Merchant Warehouse when you set up your account. Make sure to enter this information on both the Keyed and Swiped tabs.
  2. Next, check the Do not store credit card numbers in StudioPlus Spectra for PCI compliance option to turn on the new credit card processing feature.
  3. Next, if you have used Spectra in the past to process credit cards you must perform a Purge routine to remove those credit cards from the Spectra database. The purge routine will not only clear out any stored credit card information from Spectra, but also has the ability to move that existing card information to Merchant Warehouse. Simply check the Move existing credit card information to Merchant Warehouse secure server for future transactions prior to purge option. This option will send the necessary credit card number to the Merchant Warehouse secure server prior to deleting it. Merchant Warehouse will then provide Spectra with a unique token that can be used down the road to process a pending payment, a payment plan, or any other payment you wish using this credit card. It is recommended that you check this box.

    It is strongly recommended that you back up your StudioPlus Spectra database prior to running a purge routine! Also, the purge routine can take some time to run, depending on how long you have been using StudioPlus Spectra and how many card numbers are present. For large databases, we recommend that you allow at least two hours for the routine to run.

    Click Purge to begin the purge routine. The following items will be scanned and removed from your Spectra database:
  • Pending Payments - The database will be scanned for existing payment records that are still pending. For each pending payment, the card number will be removed from the pending payment record, leaving only the last four digits of the card number. If the checkbox for moving the information to Merchant Warehouse is checked, the credit card details will be sent to the Merchant Warehouse secure server and Spectra will receive a unique token back. The token is stored with this pending payment record to be used later, when the payment is actually due.
  • Client Payment Methods - The database will be scanned for all credit card numbers stored as a client payment method. For each credit card payment method found on a client record, the card number will be removed from the payment method, leaving only the last four digits of the card number. If the checkbox for moving the information to Merchant Warehouse is checked, the credit card details will be sent to the Merchant Warehouse secure server and Spectra will receive a unique token back. The token is stored with this client payment method to be used later. Note: If the credit card is marked as inactive or if the card has expired, the credit card payment method will be deleted.
  • Previous Payments - The database will be scanned for all credit card payments that have already been recorded. For each payment, the card number will be removed from the payment, leaving only the last four digits of the card number.

How to Use

Now that you have completed the setup, let’s discuss how these changes will affect your day-to-day processing. When creating a payment record in Spectra and after selecting a credit card payment method from the Payment Methods list, you will be presented with two additional buttons – Get Swiped Card and Get Keyed Card.

Swiped Cards

Click Get Swiped Card if your client is with you and you have the ability to swipe their credit card. When clicked, you will be presented with a window provided by Merchant Warehouse. In that window you can proceed to swipe the card using either a standard non-encrypted reader like the ones you may already own or a new encrypted card reader. Encrypted readers will encrypt the sensitive card details immediately in the reader hardware before the data ever reaches the computer, providing an additional level of security for your business. To order new encrypted credit card readers, contact Merchant Warehouse.

Keyed Cards

Click Get Keyed Card if your client is not with you and you are taking the card details over the phone. When clicked, you will be presented with a window provided by Merchant Warehouse. In that window you can proceed to manually enter the card details and then click Submit.

After swiping or keying the card, you will be presented with a message box telling you if the transaction was approved or declined. If the transaction was approved, the payment record in Spectra will be saved automatically to prevent you from exiting without saving the record.

Refunds

When processing a refund, Merchant Warehouse and Spectra will require you to select the payment record to be refunded. You can refund any amount up to the amount of the original payment. If you have multiple payments to refund, you’ll need to create a separate refund for each payment.

Effects on PCI Compliance

Because Spectra has now been removed from PCI compliance scope and because you are no longer storing credit card numbers anywhere on your network, the process to become PCI compliant has become much simpler.

The PCI Data Security Standards (PCI DSS), established by Visa, MasterCard, Discover, and AMEX, were designed to help businesses ensure that payment card information is handled safely and securely. PCI compliance is mandatory for all merchants accepting payment cards and compliance could save your business thousands of dollars, or more, in fines and fees due to a data breach.

In order to help their merchants become compliant, Merchant Warehouse has entered into an agreement with ControlScan, one of the top data security firms in the country. Merchant Warehouse will charge you a fee to cover their cost of working with ControlScan to take the necessary assessments in order for you to become PCI compliant. ControlScan will walk you through the process and make sure you take the proper actions. The first step in this process is to enroll at www.merchantwarehouse.com/enroll which we encourage you to do as soon as possible. If you are already enrolled with ControlScan, no further action is needed at the moment. ControlScan will contact you when it is time to re-enroll. The terms and conditions governing ControlScan’s work are provided to you by ControlScan; Merchant Warehouse does not represent or warrant the completeness or accuracy of the services provided by this vendor. This fee is being assessed in accordance with section 18.5 of the current governing Merchant Warehouse agreement; the services provided by ControlScan are included with this Administrative Service Fee.

For more information about the PCI Security Standards Council please visit www.pcisecuritystandards.org.

So what does this all mean to you? It means that when you have marked the option in Spectra to not store credit card numbers in StudioPlus Spectra for PCI compliance, your process (called the Self-Assessment Questionnaire) will be MUCH shorter. The following is a specific question to watch for when completing the assessment:

If you have specific questions regarding the assessment process, contact ControlScan at 800-438-0240.

 

Additional Information

+ Spectra User Guide - Credit Card Processing, Studio Preferences - Credit Cards
+ Merchant Warehouse
+ PCI Compliance Guidelines