ICVERIFY User Manager Guide Version 1.0.7

(1)

ICVERIFY User Manager Guide

Version 1.0.7

This version of this document supersedes any and all previous versions of the ICVERIFY User Manager Guide.

Revision Date: 01 March 2010

ICVERIFY, Inc.

6200 South Quebec Street Suite 350

Greenwood Village, CO 80111 USA

For Sales and Product Information, call: (800) 538-0651

For Technical Support, call: (800) 900-6133

(2)

CHAPTER 2 – INSTALLING AND SETTING UP THE ICVERIFY USER MANAGER ... 5

OVERVIEW ... 5

ABOUT THE ICVERIFYUSER MANAGER ... 5

Payment Application Interaction with the ICVERIFY User Manager ... 6

User Accounts ... 6

INSTALLING THE ICVERIFYUSER MANAGER FOR THE FIRST TIME ... 7

Your First Login ... 14

UPGRADING FROM A PRIOR VERSION OF THE USER MANAGER ... 15

TYPICAL INSTALLATION ISSUES ... 16

Prerequisites ... 16

Insufficient System Permissions ... 16

Earlier Version of .NET ... 16

Firewall and Service Activities ... 16

Prior or Other Versions of SQL Server ... 16

More Information ... 17

CHAPTER 3 – USERS, ACCOUNTS AND PROFILES ... 18

OVERVIEW ... 18

Users ... 18

User Accounts ... 18

Merchants ... 18

Usage Profiles ... 18

CONFIGURING YOUR SECURITY MODEL ... 19

USER MANAGER TABS ... 20

The User Tab ... 20

The Profile Tab ... 28

The Login Tab ... 37

Create Your Real Accounts ... 40

COMMON USER PROBLEMS ... 41

Lockouts ... 41

APPENDIX A – PRIVILEGE LISTS ... 42

OVERVIEW ... 42

(3)

Page 1 of 48

Chapter 1 – Introduction to the

ICVERIFY User Manager

Purpose of

This Guide

This guide describes how to use the ICVERIFY User Manager to create user accounts, profiles and track users of ICVERIFY, Inc. software products, including ICVERIFY®_{for Windows}®_{and IC}_VERIFY_{Enterprise Edition.}

Audience

This guide is intended for ICVERIFY product administrators involved with

installing, configuring and managing an ICVERIFY software product.

Style

Conventions

The following style conventions are used in this document:

Bold type indicates items such as file names, window names, and buttons.

Italics type indicates a reference to another document, or terms that are defined within the text.

NOTE:

Indicates suggestions or additional, detailed, information.

! ! !

Indicates actions you must take or avoid for the system to

operate properly.

Contents of

This Guide

The chapters and appendixes in this document contain the following information:

Chapter 1, Introduction to ICVERIFY®_{for Windows}®_{Setup Supplement}_,

presents you with a brief overview of this guide.

Chapter 2, Installing and Setting Up the ICVERIFY User Manager, explains how to install and set up the ICVERIFY User Manager for its first use.

Chapter 3, Users, Accounts and Profiles, explains the relationship between user accounts and usage profiles, provides a tutorial for the User Manager graphical user interface, and guides you through setting up simple user accounts and usage profiles.

Appendix A, Privilege Lists, contains tables explaining the various privileges for both ICVERIFY for Windows and ICVERIFY Enterprise Edition, which you can associate with usage profiles. It also explains the pre-loaded profiles in both products, which you can use as a quick-start implementation of your own security model.

(4)

Page 2 of 48

Prerequisite

Activities

Prior to operating the ICVERIFY User Manager application, you should complete the following tasks:

Confirm that your computer system meets the minimum requirements and prerequisites, including the service pack levels of your chosen operating system.

Install the ICVERIFY, Inc. payment software application you intend to use. Finally, you must install and set up the User Manager software.

! ! !

When you install this software (or any software for that matter), you

should have Administrator-level privileges to the PC on which you are installing it. If you don’t have Administrator-level access, it may not be possible to install all the components needed to use the application, or they may appear to install properly and be unusable or unstable later.

Minimum

System

Re-quirements

To use the ICVERIFY User Manager, you will need the following:

Pentium IBM-compatible system running Microsoft® Windows 2000 (service pack 4 or later), Windows XP Home / Professional (service packs 1 or 2), Windows 2003 Server (service pack 1) or Windows Vista.

60 Megabytes of free hard drive space; up to 500MB hard drive space for the full installation of Microsoft SQL Server 2005 Express Edition.

256 Megabytes of RAM.

CD-ROM drive required for program installation.

Microsoft .NET™ Framework Redistributable version 2.0 or later. If this is not currently installed on your computer, it will be installed as part of the ICVERIFY User Manager package.

Microsoft Internet Explorer™ version 6.0 or later. Internet Explorer is most likely already installed on your computer. If you need to install it, you can download a free installation at http://www.microsoft.com.

The computer on which you install the ICVERIFY User Manager database must be accessible by all installed copies of an ICVERIFY payment software product configured to use it. This generally means one of two things:

If you are using a single copy of payment software, and it is installed on the same PC you are installing the ICVERIFY User Manager, you should not have to make any changes. If you have installed the payment software on another PC, or have installed multiple copies on multiple PCs (for example a network of ICVERIFY substations or Enterprise Client applications), each PC must have network access to the PC where the User Manager database is running. Read Chapter 2 for details.

(5)

Page 3 of 48

Getting Help

The following is a list of the available Help features provided to assist you:

http://www.firstdata.com/paymentsoftware_integrators.com— provides a forum for getting your questions answered and accessing archived help information.

http://www.microsoft.com – provides additional information and troubleshooting tips for the Microsoft prerequisite software applications used by the ICVERIFY User Manager.

NOTE:

You can also call (800) 900-6133 for Customer Service assistance, or

(6)

(7)

Page 5 of 48

Chapter 2 – Installing and Setting Up

the ICVERIFY User Manager

Overview

This chapter provides a tutorial on how to install and set up the ICVERIFY User Manager to use it for the first time.

About the

ICVERIFY

User

Manager

The ICVERIFY User Manager is an easy-to-use application that allows you to create and assign user accounts and usage profiles for both ICVERIFY for Windows and ICVERIFY Enterprise Edition product users. In fact, you can manage both products from a single installed copy of the ICVERIFY User Manager.

The ICVERIFY User Manager functions in a client-server environment, in that the payment products transmit user activity requests (such as logging in, logging out, changing passwords, and so forth) from the payment application to the User Manager in encrypted form. The User Manager checks the information for validity and returns a response for the payment application to present to the user. The response could be one of the following:

The user isn’t recognized by the User Manager; The user’s password is incorrect;

The user tried to log in under a merchant account for which he isn’t authorized;

The user login was OK, but the password must be changed;

The user login was OK and the payment application may continue; And so on.

(8)

Page 6 of 48

Payment

Application

Interaction

with the

ICVERIFY User

Manager

Since the ICVERIFY User Manager is separate subsystem from the ICVERIFY for Windows and ICVERIFY Enterprise Edition payment applications, it is important to understand how the products interact. The interaction will help you understand the networking requirements that you must meet in order for your whole ICVERIFY application solution to work.

Because the ICVERIFY for Windows product is fundamentally a peer-to-peer product, and the ICVERIFY Enterprise Edition product is a client-server product, they interact with the User Manager in the following ways:

ICVERIFY for Windows

Each copy of the ICVERIFY software you install transmits user interaction messages to the User Manager.

This means that each and every installed copy of software must have network access to the machine running the User Manager, irrespective of whether the applications are configured as stand-alone or master/substation.

Therefore, when you install the ICVERIFY software, you should be sure to indicate the location of the User Manager database server, and ensure that all copies of software within the same substation / master station group are pointed to the same instance of the User Manager database server.

ICVERIFY Enterprise Edition

The Enterprise Client application transmits user interaction messages through the Enterprise Server, which then forwards them to the User Manager.

This means that while only the Enterprise Server must have network access to the machine running the User Manager, all the Enterprise Client systems must naturally have network access to the machine running the Enterprise Server, or they will be able to perform neither payment nor user related transactions.

User

Accounts

It is important to bear in mind that user accounts follow the application, not the other way around. This means that you will create and assign user accounts for a given application, such as ICVERIFY for Windows or the ICVERIFY User Manager itself. Another way to visualize this relationship is that the combination of the application and user account is what makes it unique.

In other words, the user1 account for the ICVERIFY User Manager is different from the user1 account for ICVERIFY for Windows. This is because they are two separate applications. There is no automatic single sign-on support; if you want to configure user accounts with the same name and password conditions across multiple applications, you must do so manually.

(9)

Page 7 of 48

Installing the

ICVERIFY

User

Manager for

the First Time

The ICVERIFY User Manager can be found on the following installation CD-ROMs:

The main ICVERIFY for Windows installation CD The ICVERIFY Enterprise Server installation CD

You can install the User Manager either on its own, or as part of the payment software installation process. In either case, when you first start the installer, you will be prompted to close any other active applications before continuing. Next you will see the screen shown in Figure 1 following.

Figure 1 ICVERIFY User Manager Welcome Screen

User Manager Installation Procedure

Follow the steps in the table below to install the ICVERIFY User Manager.

Step

Action

1. From the Welcome screen shown in Figure 1, click Next.

2. Read the End-User License Agreement displayed in the next screen. If you agree to the terms of use, click Yes to proceed with the installation. If you do not agree, you are not authorized to install and use the ICVERIFY User Manager.

(10)

Page 8 of 48

Step

Action

NOTE:

A copy of the End-User License Agreement, suitable for

printing, can be found on the installation CD-ROM.

3. Next you’ll be asked where you want to install the User Manager application. The default folder is C:\ICVERIFY\UserMgr. Change this if you wish by clicking the Browse… button and selecting a different installation folder. When you are ready to proceed, click Next.

4. Now you will arrive at a screen where you are asked to specify the type of installation you wish to perform. The screen is shown in Figure 2 following:

Figure 2 ICVERIFY User Manager Installation Type Screen

Step

Action

5. Choose Typical if you wish to do the following:

You are installing the User Manager for the first time, and you want all the components to be installed on the same computer.

(11)

Page 9 of 48

Step

Action

You want to install the User Manager GUI application, but connect it to a user database residing on another computer.

You want to install only the user database and have User Manager applications residing on other computers connect to it.

If you select Custom, you will see the screen shown in Figure 3.

Figure 3 ICVERIFY User Manager Custom Installation Screen

Step

Action

6. If you want to install only the User Manager GUI application, you should check the User Manager and Server Connection Utility components.

On the other hand, if you only want to install the database, you should check only the Install User Database component.

When you have decided on the type of installation you wish to perform (either from the screen in Figure 2 or 3,) click the Next button.

(12)

Page 10 of 48

Step

Action

7. Now the installation wizard will check your computer to see if Microsoft® Data Access Components is currently installed. If it is not present, MDAC version 2.8 will begin to install. When the installation is complete, you may see a screen asking if you would like to restart your system. If you do, select I will restart the system myself, and click Finish.

8. Next you need to specify the access information the ICVERIFY User Manager will use to communicate with the encrypted user and profile database. Make sure you provide a complex password while configuring the database for the first time.

! ! !

If you are installing SQL Server 2005 Express Edition for the first

time on the computer, do not change the username from sa. SQL Server will not work if the sa account is not specified.

TIP Bear in mind that the installer is designed to install the database on the local computer, not a network computer. If you want to install the database on a remote computer (for example, a server in your data center) and operate the User Manager GUI from a different PC, you need to install the database directly onto the server. The installer does not support remote installations.

9. If the installer determines that a copy of the User Manager database already exists on the computer (for example, if you are upgrading from a previous version,) you will be asked whether you want to upgrade the existing database or re-create it from scratch. See Figure 4.3.

You should upgrade your existing database if you have created any user accounts or profiles. Re-creating the database will delete any account and profile information previously generated and you will have to rebuild them again.

(13)

Page 11 of 48

(14)

Page 12 of 48

Figure 4.2 Database Creation Selection Screen

Step

Action

10. The installation wizard will begin copying files to your computer. When the Microsoft SQL Server portion of the installation is complete, you will be presented with an option to change the Start Menu program group in which the ICVERIFY User Manager will appear. If you are not satisfied with the default settings, make any necessary changes, and click Next.

11. You are now in the final phase of the installation process. The installation wizard will copy the final ICVERIFY User Manager files to your computer, configure final settings, and may prompt you if you wish to restart your computer, as in Figure 5.

(15)

Page 13 of 48

Figure 5 ICVERIFY User Manager Restart Prompt

Step

Action

12. If you are only installing the ICVERIFY User Manager, select Yes, I want to restart my computer now and click Finish. However, if you have yet to install either ICVERIFY for Windows or ICVERIFY Enterprise Edition, select No, I will restart my computer later, click Finish, and then install your payment software product. The installation wizard for that product will prompt you to restart as well, and you only need to do it once.

13. After you restart your computer, the ICVERIFY User Manager will be fully installed and ready for use.

(16)

Page 14 of 48

Your First

Login

The ICVERIFY User Manager comes equipped with one ―built in‖ administrator account that you can use to set up your users and profiles after installation. This default account exists for your convenience as the application administrator and should not be left in its default state. The default account information is as follows:

User name: sysadmin Password: administrator1$

NOTE:

As a convenience to you during application installation, both

ICVERIFY for Windows and ICVERIFY Enterprise Edition will install an identical administrator account with the same user name and password. This default administrator account is capable of performing all actions in each respective product, to help you perform your initial installation and configuration with ease.

! ! !

You can use the default accounts for your initial login and configuration

activities. However, you will be required to change the password upon your first login. DO NOT LOSE OR FORGET YOUR NEW PASSWORD! ICVERIFY, Inc. cannot tell you what it is and you will be unable to operate your software without it.

When you are ready to log in for the first time, run the ICVERIFY User Manager and enter the default account information in the login box shown in Figure 6.

(17)

Page 15 of 48

Upgrading

from a Prior

Version of

the User

Manager

If you are upgrading from a prior version of the ICVERIFY User Manager, the installer will detect the previous installation and pop up a maintenance screen asking you what operations you wish to perform. See Figure 7 below.

Figure 7 ICVERIFY User Manager Maintenance Options Dialog

Unless you are intentionally modifying only specific parts of the application, select the Remove radio button and follow the removal prompts. Then install the application as though you are doing so for the first time. Your user database will be retained and you can still upgrade it without losing your existing accounts.

(18)

Page 16 of 48

Typical

Installation

Issues

ICVERIFY, Inc. has not encountered any significant issues with installing the ICVERIFY User Manager on multiple computers running various operating systems. However, there are a few things you should keep in mind when attempting to install the application.

Prerequisites

The User Manager has three main prerequisite application packages that it

needs to run:

Microsoft®_{Data Access Components (MDAC) version 2.8 or later} Microsoft SQL Server®_{2005 Express Edition}

Microsoft .NET®_{Framework version 2.0 or later}

If your computer does not meet the minimum requirements for these prerequisites, you may experience problems running the ICVERIFY User Manager. However, the System Requirements section in this guide also account for the minimum requirements for all the prerequisites, so if your computer meets the System Requirements, you should be fine.

Insufficient

System

Permissions

Many installation issues can be traced to attempting to install the application under a user account that does not have administrator-level permissions to the computer. This is known to cause issues with MDAC. If you are running an operating system that supports user accounts, be sure you are installing under an account with administrator-level permissions to both the PC and the system registry.

Earlier Version

of .NET

This version of the ICVERIFY User Manager was built under the .NET Framework version 2.0. It is possible that you already have an earlier distribution package of the .NET Framework installed. You should make sure that you can install a working copy of the .NET Framework 2.0 Redistributable.

Firewall and

Service

Activities

If you have installed the Windows Firewall application that comes with Windows XP Service Pack 2, it may have disabled certain Windows services that the prerequisite applications require to function. Check your Services list to make sure the Server service is enabled to run on startup. Also be sure that the Named Pipes service is enabled by selecting File and Printer Sharing / TCP port 445. The ICVERIFY software products interact with the User Manager database by means of SQL Server named pipes.

Prior or Other

Versions of

SQL Server

The User Manager installation CD-ROM contains the most recent distribution of the Microsoft SQL Server 2005 Express Edition available. If, however, you choose to install the User Manager on one computer, and connect it to a database on a different computer, you may experience connection problems if the database computer is running a version of SQL Server other than SQL Server 2005 Express Edition. You can either download this version from http://www.microsoft.com, or install it from the installation CD-ROM.

(19)

Page 17 of 48

More

Information

More information on troubleshooting installation issues for the prerequisite applications may be found at http://www.microsoft.com. If you have other specific questions, contact the ICVERIFY Help Desk at (800) 900-6133.

(20)

Page 18 of 48

Chapter 3 – Users, Accounts and

Profiles

Overview

This chapter discusses the relationship between the four key concepts embodied within the ICVERIFY User Manager: users, user accounts, merchants and usage profiles. There is a hierarchical relationship between these entities and it is important that you understand it so you can assign and manage application access effectively. Also, you will add your first user to the User Manager in this chapter.

Users

A user is a person who wishes to access an ICVERIFY application (either

ICVERIFY for Windows, ICVERIFY Enterprise Edition, or the ICVERIFY User Manager) by means of a user account.

User

Accounts

A user account is a virtual representation of a physical user, and is represented by a user name and password. A user account grants access to a given software application. The level of access is determined by the usage profile(s) of which the account is a member, and the merchants under which the user account is entitled to operate.

Merchants

A merchant is a logical grouping of merchant profile information that allows

an ICVERIFY payment software product to perform transactions on your behalf, and is represented by a Merchant ID. Typically, each merchant in the ICVERIFY context would correspond to a single merchant account agreement that you have signed with an acquiring bank or financial services organization. In some cases, you may want to configure more than one merchant to segregate traffic from multiple lines of business. A merchant in the ICVERIFY context is associated with a single payment application, and in order to perform transactions for that merchant, a user must log in under a user account that grants access to that merchant. Even so, the user may only perform the actions available under his or her usage profile.

Usage Profiles

A usage profile is a logical grouping of activities or features contained within

a particular ICVERIFY payment software product, and is represented by a profile name within the ICVERIFY User Manager. Profiles are used to simplify the management of various types of users. For example, a profile with a very basic set of features might be called Clerk; a profile with a wider set might be called Supervisor; and a profile with all features active might be called Administrator. When you create a user account, you associate that account with one or more profiles.

(21)

Page 19 of 48

As a convenience to you, the ICVERIFY for Windows and ICVERIFY Enterprise Edition products come pre-loaded with a few basic usage profiles. You can change them to fit your particular business operations. More information about the pre-loaded usage profiles and the privileges they contain may be found in Appendix A.

Configuring

Your Security

Model

After you install the ICVERIFY User Manager, you can configure your product security model by following these high-level steps:

Step

Action

1. First you will use the default login to the ICVERIFY User Manager and create a new administrator account, or change the default account, to secure access to the application.

2. Next, you will select the payment software application you wish to administer, and create the user profiles you require.

3. Then, you will create user accounts, determine initial passwords, password expiration and lockout characteristics, and associate the accounts with the appropriate user profiles.

4. Finally, you will distribute the user accounts to the users you wish to log in under them.

5. If you are using the same instance of the ICVERIFY User Manager to manage more than one payment software product, you will return to Step 2 and perform the same tasks for the second product.

(22)

Page 20 of 48

User

Manager

Tabs

Before you make any changes, take a moment to familiarize yourself with the ICVERIFY User Manager interface.

The User Tab

When you log into the ICVERIFY User Manager using the default account, you

will arrive at the Users tab, shown in Figure 8. You’ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is pre-configured upon installation. Later we will create a new user from this tab.

(23)

Page 21 of 48

User Tab Fields The following table describes some of the important fields in the User tab.

Field

Purpose

Application Name Use this combo box to select the software application for which you want to display a current list of users. When you first log into the User Manager, the Application Name combo box will be set to ICVERIFY User Manager. If you click the drop-down button, you will see one or more payment applications, depending on the products you have installed.

User ID This field either displays the currently selected user in the User ID List, or is active if you are in the process of adding a user.

User ID List This field displays a list of all the user accounts that have been created for the application shown in the Application Name combo box.

Password This field is used to create or change passwords. The password you enter must be a complex one, i.e., it must be at least 8 characters long and must contain at least one alphabet, one numeral and one special character. An error will be displayed if the entered password does not follow any of the mentioned characteristics. Note that the field will only display asterisks. You should also be aware that two users of the same application cannot have the same password. You (or they) will be prompted to select a new password if a non-unique password is chosen.

Password Expires

After Use this combo box to select when a given user will be prompted to change his or her password. Your options are 30 days, 60 days, 90 days, or Never.

NOTE:

You may be under an obligation from your

merchant acquiring bank or financial institution to adopt a security model with expiring passwords. Read the Secure Software Guide for additional details.

Attempts Allowed

Before Lockout Use this combo box to select the number of attempts a user is allowed to log in before his or her account is locked. If a user keeps entering the wrong password repetitively, the account will be locked out upon the attempt number visible in the combo box. (In other words, if you select 3, the user will be locked out immediately upon the third unsuccessful login attempt, not the fourth one.)

(24)

Page 22 of 48

can select this value individually for each account.

NOTE:

You may be under an obligation from your

merchant acquiring bank or financial institution to adopt a security model with imposed account lockouts. Read the Secure Software Guide for additional details. Profiles This field displays a list of all the profiles that have been

created for the application shown in the Application Name combo box. When you first run the ICVERIFY User Manager, this list will contain only a single entry of Administrator.

Check / Uncheck all

A convenient check box, in case you have created many profiles for a given application. By checking this box, you can select or de-select all the profile entries in the Profiles list.

Prompt to change password after first

login

This check box allows you to force a new user to change his or her password when the first successful login is performed. This practice provides an additional level of security, since after changing the password, only the user will know it rather than both the user and the system administrator.

Create a New User Manager Administrator

When you log into the ICVERIFY User Manager using the default account, you will arrive at the Users tab, shown in Figure 8. You’ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is pre-configured upon installation.

Our first task will be to create a new user for the User Manager itself, so the default account can be removed or disabled.

Creating Your

First User Follow the steps below to create a new user for the User Manager.

Step

Action

1. Click the New User button. You’ll notice the screen changes so that certain fields have been emptied and others are active, as in Figure 9.1.

(25)

Page 23 of 48

Figure 9.1 ICVERIFY User Manager – Adding a New User

Step

Action

2. Click the User ID field and enter a name for the user account. It needs to be unique; that is, the word you use for the name cannot already be in the User ID List. In our example, we’ll use the name newuser.

Your User ID can be any combination of upper and lower case alphabetic characters, numbers, spaces, underscores (―_‖) and hyphens (―-―). Other characters are not allowed.

(26)

Page 24 of 48

Figure 9.2 ICVERIFY User Manager – Entering User Information

Step

Action

3.

Fill in the appropriate fields for the newuser account. In the

screenshot in Figure 9.2, the value newuser1 has been placed in

the Password field, the name New in the First Name field, the

word User in the Last Name field, and the value 1234567 in the

Location ID field. (You can use Location ID to reflect a physical

site or a telephone number.) Bear in mind that a password must be

at least 8 positions in length

and must contain at least one alphabet,

one numeral and one special character.

4. You will notice the Password Expires After combo box has been expanded so you can see the choices. You’ll also notice that the Prompt change password after first login checkbox is still grayed out. The feature to force a user to change a password is enabled for payment applications such as ICVERIFY for Windows and

(27)

Page 25 of 48

Step

Action

ICVERIFY Enterprise Edition. However, ICVERIFY User Manager users do not need to be forced to change their passwords.

5. Finally, you’ll notice the Administrator profile is selected. This is fine as it is the only profile currently available. Now click Save.

Figure 9.3 ICVERIFY User Manager – New User Entered

Step

Action

6. After you click Save, the newuser account will appear in the User ID List. Now click File-Logout…

7. You’ll return to the ICVERIFY User Manager splash screen. Click the mouse anywhere on it, or simply wait a few moments. The login box displayed in Figure 6 will appear. Use the User ID of newuser and the Password of newuser1 and click Login.

(28)

Page 26 of 48

Step

Action

8. The User Manager will prompt you to change your password. Change it to any combination of letters, numbers and special characters you wish, re-type it to confirm it, and continue.

! !

! The new password, and indeed any passwords you create,

must be at least 8 characters in length and include numeric, alphabetical and special characters. This is a requirement from PADSS and is enforced by the User Manager application.

User Tab for ICVERIFY for Windows

The User tab may change depending on the payment software you have installed. Let’s assume for a moment that you’ve installed the ICVERIFY for Windows software product and want to add a user to it. Click the Application Name drop-down box and select ICVERIFY for Windows. The User tab will change to that shown in Figure 10 following.

(29)

Page 27 of 48

Figure 10 ICVERIFY User Manager – User Tab for ICVERIFY for Windows

As you can see, the screen now shows specific information for the ICVERIFY application, including:

The screen now contains a new list window on the right hand side showing all the merchants you have configured in the ICVERIFY software. The term rify is used to refer to the first (default) merchant profile and cannot be deleted.

The User IDs listed on the left hand side of the screen are the users authorized to log into the ICVERIFY for Windows application, not the User Manager.

A new check box above the right-hand list window allows you to associate a new user with all merchants by one mouse click.

(30)

Page 28 of 48

User

Management Guidelines

When you are creating or managing users for ICVERIFY for Windows or ICVERIFY Enterprise edition, you should bear in mind the following guidelines:

If you add a user, you must associate that user with at least one merchant. If you try to save a new user without selecting at least one merchant in the right-hand list window, you will receive an error. If you want to delete a user, you must first dissociate that user from all merchants. If a user is still associated with a merchant, you will not be able to delete the account.

You cannot delete the rify merchant in ICVERIFY for Windows. This is a system-generated merchant associated with the ICVERIFY.SET setup file and must be present for the application to function. You do not, however, need to associate any users with it if you choose to use other merchant setup files.

The Profile

Tab

The ICVERIFY User Manager application is itself a very good tutorial on the concept of usage profiles, since the application is so simple. When you have familiarized yourself with profiles in the context of the User Manager, you’ll find it much easier to create profiles for other software applications.

Click on the Profile tab and you’ll arrive at the screen shown in Figure 11. The layout is similar to the User tab.

(31)

Page 29 of 48

Figure 11 ICVERIFY User Manager – New User Entered

Profile Tab Fields

The following table describes some of the important fields in the User tab.

Field

Purpose

Application Name This field has the same purpose as the same field in the User tab.

Profile This field either displays the currently selected profile in the Profile List, or is active if you are in the process of creating a new profile.

Profile List This field displays a list of all the usage profiles that have been created for the application shown in the Application Name combo box.

Available / Assigned Privileges

These fields display all the privileges, or actions, that are available to a user of the application displayed in the

(32)

Page 30 of 48

Field

Purpose

Application Name combo box. Privileges are the building blocks of user profiles.

The privileges listed in the Assigned Privileges list are those that are included within the current profile – meaning the actions a user may do if his or her account contains the current profile – while the privileges in the Available Privileges list are those that are excluded from the profile.

In the case of the ICVERIFY User Manager, the privileges are really rather simple:

Manage Logingrants access to the Login tab. Manage Profile grants access to the Profile tab. Manager Usergrants access to the User tab. These are the only privileges that exist for the User Manager.

Available / Assigned Users

These fields display all the user accounts that have been created for the application displayed in the Application Name combo box. User accounts must be associated with one or more profiles before they can be used.

The accounts listed in the Assigned Users list are those that have been assigned the current profile – meaning these users can access the privileges contained within the profile – while the users in the Available Users list are those that do not have the profile as part of their account.

Assign / Remove Buttons

The buttons in between the Privileges and Users list boxes are used to move entries between the two sets of boxes. The > and < buttons will move a single highlighted entry from one box to another, while the >> and << buttons will move the entire list from one box to another.

Build a New User Manager Profile

As discussed earlier, the ICVERIFY User Manager is not a very complicated application, and as you have seen from the Profile tab, there are not many privileges available to choose from. This makes it ideal as a starting point to learn how to create profiles and assign user accounts to them.

(33)

Page 31 of 48

Creating Your First Profile

Follow the steps below to create a new profile in the User Manager.

Step

Action

1. Click the New Profile button. You’ll notice the screen changes so that certain fields have been emptied and others are active. Furthermore, all the privileges in the Assigned Privileges list have moved back over to the Available Privileges list, as in Figure 12.1.

Figure 12.1 ICVERIFY User Manager – Creating a New Profile

Step

Action

2. Click the Profile field and enter a name for the new usage profile. It needs to be unique; that is, the word you use to name the profile cannot already be in the Profile List. In our example, we’ll use the name UserAdmin.

(34)

Page 32 of 48

Figure 12.2 ICVERIFY User Manager – Assigning Privileges

Step

Action

3. Now highlight the Manage User entry in the Available Privileges list, and click the > button. The Manager User entry will move to the Assigned Privileges list. This means that a member of the UserAdmin profile can now perform the Manage User function. 4. Click Save. The screen will change to what is shown in Figure 12.3.

(35)

Page 33 of 48

Figure 12.3 ICVERIFY User Manager – New User Entered

Step

Action

5. Take a moment to click between the Administrator and UserAdmin entries in the Profile List and notice the differences:

All three privileges have been assigned to the Administrator profile, while only the Manage User profile has been assigned to the UserAdmin profile.

Both the newuser and SysAdmin user accounts are associated with the Administrator profile, while no users are associated with the UserAdmin profile.

You may have noticed that the User Manager allows you to create profiles that do not have users. However, you may not create a user account that is not a member of at least one profile. 6. Now, let’s create a new user account. Return to the User tab.

(36)

Page 34 of 48

Figure 12.4 ICVERIFY User Manager – Adding a User with the UserAdmin Profile

Step

Action

7. This time there are two profiles in the Profiles list: Administrator and UserAdmin. Create a new user as follows:

User ID should be UserAdmin Password should be useradmin1$ First and Last Name are your choice Location ID is your choice

8. Try clicking Save while no profiles have been selected. You’ll receive an error that the user must have at least one profile. Now, click the UserAdmin profile and click the Save button again. You’ll

(37)

Page 35 of 48

Step

Action

see the UserAdmin user account appear in the User ID List, as in Figure 12.5.

Figure 12.5 ICVERIFY User Manager – Adding a User with the UserAdmin Profile

Step

Action

9. Now exit the application and run it again. Use the new user account useradmin to log in, and useradmin1$ as your password. (Notice the user name is not case sensitive.)

10. You’ll return to the User tab. Try clicking again on the Profile tab. You will be presented with the error message shown in Figure 12.6 and be returned to the User tab:

(38)

Page 36 of 48

Figure 12.6 ICVERIFY User Manager – Adding a User with the UserAdmin Profile

Step

Action

11. As a final lesson in profiles, let’s grant this user account access to the Profile tab. There are two main ways to do this:

Add the Manage Privileges privilege to the UserAdmin profile, so any account with that profile may reach the Profile tab.

Add another profile to the user account.

This raises an important aspect of the relationship between user accounts and profiles: that a user account may be associated with one or more profiles, and that if an account is a member of multiple profiles, the account’s privilege list is the combination of all the privileges in all the profiles of which the account is a member.

12. Since we already have a profile with the Manage Privileges privilege within it, all we have to do is add that profile to the useradmin account. To do this, select the Administrator profile from the Profiles list. Now both profiles should be checked. Click Save.

13. Exit the application and run it again. Log back in under the useradmin account. You’ll return to the User tab. Now try clicking on the Profile tab again. This time you will be permitted to access it.

Summary You now know how to create users, assign profiles, and the relationship between user accounts and profiles. These are the basic tools you will need to manage your ICVERIFY software product’s user base.

(39)

Page 37 of 48

The Login Tab

The final tab in the ICVERIFY User Manager allows you to get a real-time view

of the various users accessing your ICVERIFY payment software products, Click on the Login tab and you’ll arrive at the screen shown in Figure 13.1. Figure 13.1 ICVERIFY User Manager – Login Tab – User Manager View

Login Tab

Fields The following table describes some of the important fields in the Login tab.

Field

Purpose

Application Name This field has the same purpose as the same field in the User tab.

Application Type If the software product listed in the Application Name combo box consists of more than one component, this

(40)

Page 38 of 48

Field

Purpose

combo box will be enabled and will allow you to select the specific component you want to check on.

Active Users This field displays the user accounts currently logged into the software product listed in the Application Name field, and the component listed in the Application Type field (if the product consists of multiple components.) The User Name column lists the user account name, while the Last Login Time column shows the system date and time that the account actually signed on.

Logged In Users

If you have followed the tutorial in this chapter, your screen should look exactly like Figure 12.1, because you are still logged in under the useradmin account. However, the User Manager lets a system administrator watch activity across all ICVERIFY software applications that are connected to a particular user database.

Let’s assume you were running the ICVERIFY for Windows product. If you select ICVERIFY for Windows from the Application Name combo box, you would see something similar to the screen shown in Figure 13.2.

(41)

Page 39 of 48

Figure 13.2 ICVERIFY User Manager – Login Tab – ICVERIFY Application View

In the screen shot above, you can see that even though you are logged into the User Manager as useradmin, you can view the login activity of other accounts. In this example, a user has logged into the ICVERIFY for Windows application with the newuser account, and is currently using the application.

The Logout Button and Refresh Field

The last two features of the Login tab are the Logout button and Refresh field. You will probably use these features very rarely; however, it’s best to understand what they do.

(42)

Page 40 of 48

Use the Logout button to remove a user from the Active Users list forcibly. This is valuable if a user did not or could not log out of an ICVERIFY product before logging into one again. Examples of this behavior could be:

A user’s copy of ICVERIFY software, or the user’s whole computer, crashed unexpectedly without the user having the chance to log out gracefully;

A user logged into one computer and now wants to log in at another, but can’t return to the first to log out.

In these conditions, the next time that user logs in, he or she may receive a message stating You are already logged in. Contact your system administrator. As the administrator, you can use the Logout button to remove that user from the active list.

The Refresh View field shows you how often the list of active users will be updated to reflect real-time login and logout activity.

Create Your

Real

Accounts

Now that you know how to create user accounts and usage profiles, select the ICVERIFY software product from the User Manager drop-down box, familiarize yourself with the pre-loaded profiles, and create the accounts you need to manage your user base.

Don’t forget that you can customize your accounts and profiles in any way you wish. Refer to Appendix A and your product user guide for detailed information about the various functions available in your software and how they are reflected in the privileges shown in the User Manager.

NOTE:

Don’t take security lightly. One of the best safeguards against theft of

sensitive data is a well-thought-out security model. Moreover, you may be under certain obligations to your financial institution to demonstrate that you are striving to meet best practices in the card payments industry. It is generally wise to err on the side of caution when assigning privileges to your users. If you are not sure whether a user needs a particular privilege, don’t assign it unless and until there is a legitimate reason for the user to have it. Remember that your ICVERIFY software product is used to manage sensitive financial data and failure to safeguard it could damage your business.

We also recommend that you review the ICVERIFY Secure Software Guide for additional tips on securing your payments acceptance environment.

(43)

Page 41 of 48

Common

User

Problems

Some of your users may not be accustomed to being forced to log into software applications in order to use them. Others may be familiar with the concept of user accounts but simply have a hard time remembering passwords. Still others may be quite handy with security but have difficulty performing required tasks with the software. This section of the guide is intended to help you identify and troubleshoot common problems users may have with your ICVERIFY software applications.

Lockouts

When you log into the ICVERIFY User Manager using the default account, you

will arrive at the Users tab, shown in Figure 8. You’ll notice several fields of information, the most notable being the User ID List box on the leftmost side of the screen, showing only the default sysadmin user account that is pre-configured upon installation. Later we will create a new user from this tab.

(44)

Page 42 of 48

Appendix A – Privilege Lists

Overview

The key to giving your users the proper level of access to your ICVERIFY software product is to understand the various privileges within each application. This appendix provides tables listing out all privileges and their general meaning.

Also, as mentioned earlier, the ICVERIFY for Windows and ICVERIFY Enterprise Edition products come pre-loaded with a few basic usage profiles for Clerks, Supervisors and Administrators. The table for a given application will indicate which pre-loaded profile contains which privilege.

Remember that you can change the pre-loaded usage profiles, create new profiles and delete the pre-loaded ones, or otherwise make any modifications you wish.

Pre-Loaded

Profiles

The pre-loaded profiles named within these tables fall into one of the following three groups:

Clerk: The most basic usage profile containing privileges to perform common activities at the point of sale.

Supervisor: Includes all the Clerk-level privileges as well as privileges to perform uncommon or exception-handling activities.

Administrator: Includes all privileges available for a given software product, except ―View Full Data in GUI‖.

As you read the tables, the text in the blue fields explain the minimum profile a user account must have in order to have access to the given privilege. In other words, if a privilege is listed at the Administrator profile level, only users with the Administrator profile in their account will be able to perform the function represented by that privilege. On the other hand, if a privilege is listed at the Clerk profile level, by default it is available to all three of the profiles listed above.

(45)

Page 43 of 48

User Manager Privileges

The following table defines the privileges available in the ICVERIFY User Manager application.

Field

Purpose

Administrator is the only profile pre-defined for the User Manager.

Manage Login Allows a user to enter the Login tab, view users currently logged in for a given application, and manage their login status.

Manage Profile Allows a user to enter the Profile tab, create, update and delete profiles, and associate user accounts with profiles.

Manage User Allows a user to enter the User tab, create, update and delete user accounts, configure passwords and password expiration cycles, and associate accounts with usage profiles.

(46)

Page 44 of 48

ICVERIFY for Windows Privileges

The following table defines the privileges available in the ICVERIFY for Windows application. If you are not certain how to use a particular privilege, or do not understand the function it represents, refer to the ICVERIFY User’s Guide.

Field

Purpose

Privileges available at the Clerk profile level

Application Processing Report Ability to generate Application Processing transaction reports.

Application Processing Transaction Ability to access the Application Processing transaction tab.

BUYPASS Download Request Ability to execute a Download Request for the First Data Atlanta platform.

Check: Driver’s License & Check, Driver’s License & MICR,

Driver’s License Only, Guarantee, Long MICR,

MICR

Ability to perform a specific Check transaction type.

Check Report Ability to generate Check transaction reports.

Check Transaction Ability to access the Check transaction tabs. The specific types of Check transactions allowed are governed by the Check transaction list elsewhere in this table.

Convert Book to Ship Ability to select a Book transaction in the current batch and convert it to a Ship transaction for settlement.

Credit: Auth Only, Balance Inquiry, Book, Cash Advance Force, Refund, Sale, Ship

Ability to perform a specific Credit transaction type.

NOTE:

The ability to void a Credit transaction is not

available in the Clerk profile by default.

Credit Report Ability to generate Credit transaction reports.

Credit Transaction Ability to access the Credit transaction tabs. The specific types of Check transactions allowed are governed by the Credit transaction list elsewhere in this table.

Debit: Batch Inquiry, Batch Recovery Return,

Batch Recovery Sale, Return,

Sale

Ability to perform a specific Debit transaction type. NOTE: The ability to void a Debit transaction is not available in the Clerk profile by default.

Debit Report Ability to generate Debit transaction reports.

Debit Transaction Ability to access the Debit transaction tabs. The specific types of Debit transactions allowed are governed by the Debit transaction list elsewhere in this table.

(47)

Page 45 of 48

Field

Purpose

Find Current Transactions Ability to search within a current batch for a given transaction.

Find Settled Transactions Ability to search within a settled batch for a given transaction.

Installment Ability to access the Installments tabs to create and transmit installment transactions.

NOVA Debit Batch Inquiry Ability to perform a debit batch inquiry transaction for NOVA merchants. Not applicable if your debit processing is not performed on the NOVA platform.

Off-Line Group Mode Ability to change to Off-Line Group mode. Off-Line Group Report Ability to generate Off-Line Group reports.

Off-Line Result Report Ability to generate Off-Line Result reports. Private Label: Auth Only,

Book, Force, Purchase,

Refund, Ship

Ability to perform a specific Private Label transaction type.

NOTE:

The ability to void a Private Label transaction is not

available in the Clerk profile by default.

Private Label Report Ability to generate Private Label transaction reports. Private Label Transaction Ability to access the Private Label transaction tabs. The

specific types of Private Label transactions allowed are governed by the Private Label transaction list elsewhere in this table.

Print Receipt Ability to print or reprint receipts.

Save Transactions Ability to edit and save a transaction in a current settlement batch (for example, if a transaction originally declined due to bad data, the ability to edit the data and save the transaction to process it a second time.) Settlement Ability to perform an end-of-day settlement operation. Settlement Error Report Ability to generate a settlement error report.

Settlement Result Report Ability to generate a settlement results report. Setup Application Ability to access the ICVERIFY Setup Application. Stored Value: Activation,

Balance Inquiry, Batch Inquiry, Credit, Issuance, Prior Issuance, Prior Redemption, Redemption, Replacement, Replenishment

Ability to perform a specific Stored Value transaction type.

NOTE:

The ability to void or refund a Stored Value

transaction is not available in the Clerk profile by default.

Stored Value Report Ability to generate Stored Value transaction reports. Stored Value Transaction Ability to access the Stored Value transaction tabs. The

specific types of Stored Value transactions allowed are governed by the Stored Value transaction list elsewhere in this table.

(48)

Page 46 of 48

Field

Purpose

the processor.

Privileges available at the Supervisor profile level

Clear Batch Ability to clear a current batch. Credit: Void,

Void Refund, Void Ticket Only

Ability to void a prior Credit transaction type.

Customer Database Ability to access and manage the customer database. Debit: Void Ability to void a prior Debit transaction type.

Delete Current Batch Ability to remove the current batch, commonly used to clean up test data.

Delete Transaction Ability to delete a particular transaction.

Export Transactions Allows a user to export transaction data from the application. Sensitive data such as card numbers will be masked.

Import Transactions Allows a user to import transaction data from another application into the ICVERIFY product.

Maintain Tables Ability to access and change the information within the inventory / line item database for Purchase Card Level III transaction processing.

Options Ability to access the Options interface. Private Label: Void Return,

Void Sale, Void Ticket Only

Ability to void a prior Private Label transaction type. Retail Terms Manager Ability to access the Retail Terms management

subsystem.

Reset Batch Number Allows a user to reset the transaction batch number to help correct an out-of-balance or out-of-sequence condition at the processor.

Save Installments Ability to save a new or currently edited installment. Stop Transaction Editing Ability to exit transaction edit mode.

Stored Value: Refund, Void Activation,

Void Issuance, Void Redemption

Ability to void a prior Stored Value transaction type.

Substation Test Ability to confirm a substation is properly configured for use with a master station.

Switch Merchants Ability to change from one merchant setup to another. Transaction List Ability to access the Transaction List interface to tailor

your view of transaction types and tabs.

Ymodem File Send Ability to perform a YMODEM file send, commonly used for testing.

Privileges only available at the Administrator profile level

Export in Decrypted Form Allows a user to export transaction data from the application in fully decrypted form, including full account numbers and expiration dates.

(49)

Page 47 of 48

Field

Purpose

Import EMV Keys Ability to import the EMV Key File containing the latest EMV keysets.

Update EMV Keys Ability to download the latest EMV keysets from the First Data EMV web server.

Receipt Printer Setup Allows a user to configure a physical or virtual printer for receipt printing.

Report Printer Setup Allows a user to configure a physical or virtual printer for report printing.

Add / Remove Merchant Allows a user to configure merchant configuration information for multi-merchant processing environments. Note: Privilege ‘View Full Data in GUI’ is not available as a default privilege for any of the default profiles. The privilege provides the ability to see full transaction data in the Graphical User Interface, including full account numbers and expiration dates.

ICVERIFY

Enterprise Edition Privileges

The following table defines the privileges available in the ICVERIFY Enterprise Edition application. If you are not certain how to use a particular privilege, or do not understand the function it represents, refer to the ICVERIFY User’s Guide.

Field

Purpose

Privileges available at the Clerk profile level

Authorization Only Transaction Ability to perform an A

ICVERIFY User Manager Guide Version 1.0.7