Hello
I'm trying to find out some information about how V11 handles LIVE Credit Cards and TEST Credit Cards.
LIVE
I'll list my setup as it may differ from others; Currently, we have an in-house credit card server running
Tessitura Credit Card Server
CCServer (Client and Web)
CCServer Manager (Client and Web)
CCSmart Server (Client and Web)
CCSyncro Server (C&P)
CCSyncro Local (C&P)
We use CommsXL/TNSi as a bureau service
Our Web/Client transactions hits the Tessitura Credit Card Server. That drops a file into a folder. CCServer picks the file up and sends it over ISDN to CommsXL/TNSi. TNSi puts the reply back in the folder and Tess CCard Server picks the reply up and sends it to the client.
TEST
CCServer (Client and Web) (this is placed in loop back mode e.g. authorise everything)
With the new version of the Credit Code setup,
Q1. Do we need to go down the hosted route for "Hosted SecureCXL Service" OR if we choose "Internal Transcend Server", will that use the same setup as now e.g. drops a file in a folder etc... (we don't have Transcend in the UK...I think)?
Q2. If we are forced down the Hosted SecureCXL Route, how do we setup a test credit card server so we can put through e.g. Visa No: 4111111111111111 and get an auth code back so the test transaction can proceed in Tessitura
Thanks
Wayne
Hi Nick,
The Payment Gateway Service in v11 is a windows service, a drop-in replacement for the CCServer. It takes the same inputs and generates the same outputs as the old CCServer, and uses the same socket communication back and forth. Behind the scenes, there is REST capability, but in v11 it is implemented and distributed as a windows service. At some future point, we will likely turn on REST functionality in the Payment Gateway Service and move away from using it as a windows service.
But using SSL with the REST services is a good thing because it means that all of the data and credentials going back and forth with those services are encrypted. You should also operate the SQL Server with Force Encryption turned on, in order to make sure all SQL Server traffic is transmitted over SSL. See the PA-DSS Implementation Guide for details on that.
Rob™
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nick InsellSent: Thursday, May 31, 2012 7:55 AMTo: Rob PedersenSubject: RE: [Tessitura Technical Forum] V11 Test Credit Card server (UK) (CommsXL/TNSi)
Hi Guys
We have just been reading through this post after testing V11 with the Credit Card server, just about to test SmartCCard Lite. All seems to be working fine but I had a quick question for Rob about the unecrypted Transaction data from the client to the Payment Gateway.
We have setup a SSL certificate for the REST services. So even if we have this certificate in place the credit card data will not be encrypted? I thought this was the main reason for us having a SSL certificate for REST.
Many thanks
Nick
From: Rob Pedersen <bounce-robpedersen2393@tessituranetwork.com>Sent: 5/24/2012 9:26:40 AM
I did all my testing on Windows 7 for TNS Pay. I didn’t realize there was an issue with the USB driver. The unit I had only had serial, and I have a serial port on my docking station so I used that.
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Scott WhitehouseSent: Thursday, May 24, 2012 6:43 AMTo: Rob PedersenSubject: RE: [Tessitura Technical Forum] V11 Test Credit Card server (UK) (CommsXL/TNSi)
Just to add, we have being trying to test TNS Pay recently in preparation for this scenario. Turns out if you intend to use the vx810 then the current USB driver for the device is incompatible, so you have to use a serial connection. We have been told that a driver is in development and are playing the waiting game for it! Not great for new PC's that dont have a serial connection though....
TNSPay will work on Windows 7 too.
From: Rob Pedersen <bounce-robpedersen2393@tessituranetwork.com>Sent: 5/10/2012 12:52:32 PM
Dara,
TNS are ending support for SmartCCard Lite and replacing it with TNSPay, with the VeriFone vx810 pinpad. I am not sure of the exact details on this so you would have to contact them. From a Tessitura perspective, v10 supports SmartCCardLite of course, and v11 supports both SmartCCardLite and TNSPay with the new vx810 pinpad. So your current chip & pin set up will continue to work on v11, as far as Tessitura is concerned.
In an unrelated issue, since you are discussing chip & pin configuration, in the workflow section of the configuration tab in the TNSPay Admin app, I discovered that you can shut off asking for cashback if you want to by setting “Allow Cashback” to false. Tony and I had been discussing how to set that.
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Dara HoganSent: Thursday, May 10, 2012 12:23 PMTo: Rob PedersenSubject: Re: [Tessitura Technical Forum] V11 Test Credit Card server (UK) (CommsXL/TNSi)
Thanks Wayne. That info was very helpful.
I think we are on the hosted TNSI service already on v10 so things were pretty straight forward for us.
I've installed the PaymentGatewayService on our test credit card server, stopped the old v10 service and the CommsXL services, then put through a payment in Tessitura v11 TEST and all worked fine.
Thanks for the tip on setting NLog.config to debug and the response codes. Helped my testing.
Rob,
You mentioned "SmartCCard Lite is being replaced by TNS Pay" in your post. Is this a requirment before we go live with version 11?
We are using SmartCCard Lite for the Chip and PIN's. I'll want to test v11 with a chip and pin transaction before we go live so wondering if I need to do this software upgrade first.
thanks,
Dara
From: Wayne Evans <bounce-wayneevans6619@tessituranetwork.com>Sent: 5/2/2012 9:44:08 AM
This is only for people who have been struggling with moving across to hosted TNSi from having an in house CC server.
These are TEST settings ONLY for Version 2.0.11 (and possibly beyond)
C&P
Mode:
Interactive Workstation
Authorization Type: SecureCXL
Host: bank.securecxl.com
Server Port: 4433
Configuration:
Allow Test Card: True
CCEms Host Name: securecxl.com
CCEms Port: 4488
Customer ID: 3541XXX this is not your main merchant ID
Enable Auto-Update: True
Device Serial No: This is not the serial number, it is the PTID
Printer
Printer Type: None
Once you are done, run TNSPayments.exe (there wasn't a shortcut for me in the start menu). This updates the PDQ files. You should also end up with a circle icon next to the clock. Right click and Open the Visualizer to check for error messages. This gives you a screen similar to a trace.log file
Test the transaction using TNS own POS Client
Server Windows Service
Change your NLog.config on TEST to be:
<logger name"*" minlevel="Debug" writeTo="file" enable="true"/>
TessituraPaymentGateway.exe.config. (Ensure your setting are similar - you should not have to change any settings - these all come from TIM.exe for TEST)
SecureCXL ServiceURL="https://bank.securecxl.com:4433/" (this is the external side)
AppSettings:
ServerIPAddress: 10.5.6.182 (this is the internal IP address of the server you have installed this service onto)
Port: 12002 (or pick a port you want. Don't forget the local firewall hole)
PaymentGateway: secureCXLWebApi
In T_Defaults, change the credit card server IP address to be the internal settings above, e.g.:
IP: 10.5.6.182
Port: 12002
READ THIS FOR TEST'S RESPONSE CODES
When you put a payment through to TEST for C&P, eCommerce, phone etc..., the amount that is charged dictates the response code:
Last Digit of Amount (-am)
Response
0
Authorised
1
2
3
Referral B
4
Unknown Card
5
Card Expired
6
Keep Card Decline
7
8
Decline
9
If your order is for £12.30, the last digit is 0, so the auth code is Authorised.
If your order is for £12.34, the last digit is 4, so a response code of Unknown Card
If your order is for £12.39, the last digit is 9, so a response code of Decline
^^^^^This info has been really useful for me once I have found out about it, but haven't seen it the TNSi install documentation, so sharing it here.
You should also have a web logon to TNS Pay. You should be able to see your transaction going through to the system, if you logon (to TEST at https://bank.securecxl.com) with the credentials TNS supply you.
Choose Search
Change the merchant number to: Comms XL Test - 6815145
From Date: Today
To Date: Today
Submit and go to the last page. You should be able to see your transaction there. If you can - you've made it work, if you can't see it, check your firewall has holes for port 4433 and 4488 and firewall holes on your internal server.
Hope if your reading this, its helped
This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Thanks Rob that makes perfect sense!
Just to clarify so I understand this, the V11 interface between client and Payment Gateway Service IS NOT PCI compliant yet, but will be in the future when it gets encrypted using REST.
Is there any date when this will be made active?
However, Tessitura recommend setting SQL Server --> Force Encryption ON, so all the comms with the SQL server are encrypted. (I'm assuming this is a SQL Server side setting I will need to switch on - I'll do my homework on this)
I am able to do a man in the middle attack on my PC sending a transaction to the payment gateway and read the unencrypted card details using wireshark (filter: ip.dst==10.5.6.181&&tcp.port==12002)
I used credit card number 4111 1111 1111 1111 Expiry: 05/12 and CVV 123 and works postcode CV37 6BB:
0000 00 19 bb b1 49 00 6c 62 6d 87 07 5d 08 00 45 00 ....I.lb m..]..E.
0010 00 96 43 4b 40 00 80 06 00 00 0a 02 07 66 0a 05 ..CK@... .....f..
0020 06 b5 7f 67 2e e2 27 ca 91 ff 40 71 04 f8 50 18 ...g..'. ..@q..P.
0030 01 00 22 aa 00 00 24 42 4f 54 24 41 55 54 48 4f .."...$B OT$AUTHO
0040 52 49 5a 45 7c 09 09 31 34 32 32 30 31 34 09 41 RIZE|..1 422014.A
0050 09 34 31 31 31 31 31 31 31 31 31 31 31 31 31 31 .4111111 11111111
0060 31 09 30 35 31 32 09 35 30 30 09 30 30 30 09 09 1.0512.5 00.000..
0070 09 09 57 61 79 6e 65 20 45 76 61 6e 73 09 09 43 ..Wayne Evans..C
0080 56 33 37 20 36 42 42 09 09 09 31 32 33 09 09 09 V37 6BB. ..123...
0090 09 09 09 09 09 09 09 09 09 09 09 09 09 4e 09 24 ........ .....N.$
00a0 45 4f 54 24 EOT$
Is there a date when we are able to use the encrypted transmissions as I'd thought we'd finally nailed PCI-DSS.