I. INTRO
Part of the rental process involves the collecting and storing of personal data about the renter. Among that data is sensitive credit card information. The credit card industry holds merchants responsible and liable for the protection of this sensitive data. One of their requirements is that the card number should be masked (hidden) so that it is unusable unless there is a "compelling business need" for it to be visible. This chapter explains the two methods that CARS+ has for masking credit card numbers and related issues.
II. SET UP REQUIRED FOR CREDIT
CARD MASKING
A. MASKING METHOD
There are 2 methods available for masking credit cards.
1. USING THE MASKING TEMPLATE IN EDIT CARD DEFINITIONS (Shortcut: EDITCC)
a. The Edit Card Definitions record is used to define all credit cards accepted by the rental operation. One of the fields is devoted to how a credit card should masked. An industry accepted standard of masking is to replace all but the last four characters of the card number with the character "X".
Data Field #3: MASK
Enter a "X" in each position that is to be masked. The screen illustrated below configures Mastercards to show a series of 12 "X's", then the last 4 digits of the 16 character card.
OPTION: ___ EDIT CARD DEFINITIONS
12345678901234567890
1 Card# high 5999000000000000
2 Card# low 5100000000000000
3 Mask XXXXXXXXXXXX
4 Description MASTERCARD
5 Fop name MC 21 Batch with others (Y/N) Y
6 Handler program AUTHCC 22 Card Type
7 Check digit? Y 23 Curr Code GB
8 Floor limit 100 24 Issuing Country GBI
9 CC Proc. Flag 2 (1 = Auth only, 2 = Auth/Settle)
10 Reversal Code 76 25 DO DCC
11 Increment Code 75 26 Charge Fee Code CCFEE
12 Tolerance % 15
13 Rental Fields on Auth Y
14 Rental Fields on Capture Y
15 Extra Output Fields Y
16 Allowable Pct 5
17 Block on RA Open N
18 CDPID Number 12345678
19 Require Security ID(Y/N) Y
20 Clearing House
1SAVE 2NEXT 3ERASE 4DELETE 5BACKUP 6 7HELP 8Example: MasterCard # 5100 5555 6666 7890 using the above template will appear on screens as: XXXXXXXXXXX7890
b. Once the masking templates are set up, turn on masking in the EDIT MISCELLANEOUS CONTROL FILE (shortcut: EDITMISC)
Page 2; Data Field # 35: MASK CC NUMBERS
Enter "Y" in this field to turn on the masking of credit cards.
2. USING THE CREDIT CARD FILE
In this method, the PCI compliant CARS+ card masking format is to display only the last four characters of a credit card number. This truncated card number is proceeded by a one letter code identifying the card Brand (Visa, MasterCard, AX, etc.) and a code to indicate type of card (credit, debit, prepaid/gift). The codes are listed below:
Brand Codes
Meaning A
American Express D Discover, Diners Club, Carte Blanche, Enroute, Novus H Hertz Charge Card J JCB M MasterCard U China Union Pay V VISA X all other credit or charge card brands
Brands that are not processed by EDCType Codes C Credit card D Debit card P Pre-paid or Gift card * Example: The Visa credit card with Card # 4234 5555 6666 7890 would appear as: V C *7890
* American Express does not participate in the industry wide identification of gift cards. As a result, there is no way for CARS+ to differentiate between an American Express credit card and an AX gift card from te card number or the data read from the back of the card. Both will be reported as a Type "C" credit card. Only MasterCard and Visa prepaid cards and gift cards will be reported accurately. Currently, American Express clearly indicates on the face of the card if it is a pre-paid/gift card. Counter agents need to be trained to recognize these cards and react appropriately because CARS+ cannot make that determination.When using this method, it is not necessary to set up the masking template in the Credit Card Definitions record.
Under this method, not only are credit card numbers masked on all screens but they are stored in a special encrypted file. This method of masking meets the most stringent requirements of the Payment Card Industry (PCI standards). Contact Thermeon's Customer Support Dept. to have this method of card protection turned on.
B. FURTHER MASKING DEFINITIONS
Credit card numbers are not masked as they are being entered into a screen and they remain open to be seen until the record is saved. But once they have been saved, the are masked when redisplayed.
Masking works one way for operations that are using Thermeon EDC (Electronic Draft Capture = credit card processing by CARS+ directly with the bank) and another way for operations not using EDC:
For EDC users credit card numbers are never automatically unmasked at the counter unless EDC is unable to get an authorization and the card must be made visible so that a phone authorization can be sought.
For non-EDC users who must use an external device, such as a ZON machine, to get authorizations, cards are initially masked but unmasked during the rental process so the rental agent can seek an authorization. When an existing RA is extended and an estimate is done, if the estimated charges are less than the authorized amount and deposits, the credit card remains masked. But if the estimated charges are greater than the authorized amount, the user can press Shift/F4 to unmask the card.
Whenever a card is unmasked, the fact that it was made visible is recorded in the credit card viewing log file along with the user, date, time and location.
It is also possible to grant to selected users the authority to request that any card number to be unmasked. This is discussed in the next section.
C. EXEMPTING CERTAIN USERS FROM MASKING
Regardless of the method chosen to mask cards, it is possible to grant to selected users the authority to unmask credit card numbers at will on various CARS+ screens.
1. This is done through a field in EDIT USER ACCESS FILE (shortcut EDITUAF).
Page 2; Data Field # 1: MASKING EXEMPT
Enter "Y" in this field to grant the ability to unmask any credit card number at will.
Unmasking is done as follows:
When bringing up an existing Reservation or RA, the credit card is always initially masked. Those users who are exempt from the masking logic can use Shift/F4 to request that the card be unmasked. The user is then prompted for their user code and password for verification. If the user code entered is exempt from masking, the full credit card number will display. This display is logged as an event in the credit card viewing log. If the user code entered is NOT exempt from masking, the request to unmask is rejected.
2. Additional Alternate Set up in Edit Locations
Page 6: Data Field #9: UNMASK EMPL PROMPT
This field can be configured to allow users at this location to bypass the need to enter their user code and password when unmasking credit card data. Enter:
N = No. Do not prompt for the user code and password when Shift/F4 is pressed to unmask credit card data.
Y (or blank) = User code and password are required in order to unmask credit card data.
WARNING!! When this field is set to "N", it deludes the integrity of the FOP Viewing Log. THE SYSTEM WILL ASSUME THAT THE USER WHO ORIGINALLY SIGNED ONTO THIS TERMINAL IS THE ONE WHO IS VIEWING THE UNMASKED CREDIT CARD. It is their employee code that will be written to the FOP Viewing log when the credit card is unmasked. Note, setting this field to "N" may result in the location being regarded as non-compliant to PCI standards.
III. UNIQUE MASKING SITUATIONS
A. DEPOSIT/PAYMENT FILE SEARCHIV. RESEARCHING ACCESS TO CREDIT CARD NUMBERSB. REPORTSThe Deposit/Payment (Dep/Pay) file search when searched by credit card number accepts the full credit card number. The number is used to read the Dep/Pay file for an exact match search (rather than a “start with” search.) The number will be shown in masking format.
The records in the Deposit/Payment File can be a valuable source of information when researching payments on closed RAs, deposits on Open RAs and Reservations, Petty Cash Entries, credit card charge backs, and other situations. The Deposit/Payment File may be searched from many screens including the following: Reservations, RA Open, RA Close, Batch Open, Batch Close, Edit Opening Fields, Edit Closed RA, Edit Posted RA, Petty Cash Entry, Batch Petty Cash Entry, Edit Petty Cash Entry.
Users that are exempt from masking can access a full credit card number if necessary, if the cards were not process through a PIN Pad device, by doing the following:
- Access a search of the Dep/Pay File from Reservations, RA Open, RA Close, etc.
- Find the record, then select it from the search by entering its line number.
- A prompt for the username and password will appear. If the user is exempt from masking, the full credit card number and expiration date will appear in a pop-up window. This access is logged in the credit card viewing log file..
All reports in CARS+ that include a credit card number, such as, Drawer Balance Report or Cash Receipts Report will print the credit card in the masked format. There is no way to request that they be printed unmasked.
From time to time, it may be necessary to research which users have had access to an unmasked credit card number.
When transactions are first created, such as RAs, Reservations, and Petty Cash entries, the employee code of the user who created the transaction is stored with it. That individual had access to the unmasked credit card. However, transactions are often recalled to a screen and changed or simply viewed, so other employees other than the creator of the transaction may have seen the card. To track this access, a credit card viewing log is maintained in CARS+. This can be very helpful to management when there is a need for research.
The following three log files can be helpful when researching data access:
A. THE PROGRAM ACCESS LOG
This log file tracks each program that a user enters and exits. The times for access and exit are logged as well. This provides a way to track such things as:
The data requested can be displayed to the screen or sent as an attachment to an E-mail which can be imported into a spreadsheet program such as Excel. Once in Excel, the data can be sorted by employee code, date, or program name. Records in this log are kept for 365 days. Access to this file is restricted to Thermeon Support personnel. Contact Customer Support if this information is required.
- The programs that a particular user is accessing during their shift.
- Which users accessed a particular program.
- Users accessing the system during their off hours.
B. INDIVIDUAL LOG FILES
C. FOP VIEWING LOGChanges to major files are logged in individual log files for RAs, Reservations, Customer records, etc.
The access to view these log files is on the Transaction Logging Menu.
These files are kept until purged using the Purge Log Files program on the Purge Menu.
Sometimes a user enters a program and doesn’t make a change. For example, they may simply view a RA or Reservation and then exit from the screen. When those records have unmasked credit card data in them, the fact that the record was accessed and, therefore, the credit card number was viewed, is logged in the Credit Card Viewing Log File. This file records any viewing of unmasked credit cards from the following:
- Searches of the Deposit/Payment File
- Display of a previously saved RA, Reservation, Petty Cash Entry, or Customer Record.
The program View FOP Viewing Log (on the Transaction Logging Menu) can be used to print or display a report of data from FOP Viewing Log File. The report can be run for a particular credit card number, date range or employee.
Records in this log should be kept on the system for a minimum of 365 days, after which they can be purged using the Purge FOP Viewing Log program on the Purge Menu.