B1 iPayment - Boyum IT · PDF fileDoes B1- iPayment transmit PII or PCI data from/to the ERP host system? Only non-sensitive PII data like first name, last name, street, city, state,

®

© 2018 Boyum Solutions A/SBoyum Solutions A/S

B1 iPayment

B1 iPayment

3

B1 iPayment © 2018 Boyum Solutions A/S

Table of Contents

1. iPayment general 7

1.1 iPayment and Payment Card Industry Data Security Standard (PCI-DSS) ..................... 8

1.2 GDPR Notes .......................................................................................................................... 9

1.3 iPayment and Payment Application Data Security Standard (PA-DSS) ....................... 10

1.4 PII/PCI ................................................................................................................................. 11

1.5 Data theft ........................................................................................................................... 11

1.6 Known limitations in iPayment ....................................................................................... 11

2. Card store/CIM system and Credit Card details (Tokenization) 13

2.1 What is Credit Card Tokenization and why is it important? ......................................... 14

3. Gateway requirements 17

3.1 Secure Trading ................................................................................................................... 18

3.2 Authorize.NET .................................................................................................................... 18

3.3 CyberSource ....................................................................................................................... 19

Cybersource and interaction with Add credit card website [Mandatory] ................... 193.3.1

Cybersource and interaction with Add credit card [How does it work] ...................... 223.3.2

3.4 Eway ................................................................................................................................... 22

3.5 Moneris .............................................................................................................................. 22

3.6 Cayan .................................................................................................................................. 23

3.7 ProPay ................................................................................................................................ 23

4. General must read notes on gateways 25

4.1 Secure Trading ................................................................................................................... 26

4.2 Authorize.NET .................................................................................................................... 26

4.3 CyberSource ....................................................................................................................... 26

4.4 Eway ................................................................................................................................... 27

4.5 Moneris .............................................................................................................................. 27

4.6 Cayan .................................................................................................................................. 27

4.7 ProPay ................................................................................................................................ 27

5. Setup 29

5.1 License ................................................................................................................................ 30

5.2 Database Information ....................................................................................................... 30

5.3 Configuration ..................................................................................................................... 31

Secure trading ............................................................................................................. 315.3.1

Authorize.NET .............................................................................................................. 335.3.2

4


Table of Contents

CyberSource ................................................................................................................. 335.3.3

Eway ............................................................................................................................ 355.3.4

Moneris ....................................................................................................................... 365.3.5

Cayan ........................................................................................................................... 375.3.6

ProPay .......................................................................................................................... 385.3.7

General ........................................................................................................................ 395.3.8

Authorization ............................................................................................................... 415.3.9

Settlement and refund ................................................................................................. 445.3.10

Credit Card mapping ................................................................................................... 465.3.11

Permissions ................................................................................................................. 475.3.12

Alerts ........................................................................................................................... 475.3.13

Payment terms ............................................................................................................ 485.3.14

5.4 Secure Trading ................................................................................................................... 49

Secure Trading - Customizing the “Add credit card” page ......................................... 495.4.1

Secure Trading - Currencies ........................................................................................ 505.4.2

5.5 Special scenarios ............................................................................................................... 51

Handling large authorizations and split shipments .................................................... 515.5.1Alternatives to creating large authorizations on Sales Orders ........................................................... 535.5.1.1

5.6 Credit Card Payment Methods ......................................................................................... 55

6. Go-live checklist 57

6.1 Go-live ................................................................................................................................ 58

7. General use 61

7.1 Action log ........................................................................................................................... 62

7.2 Assign credit cards to customers ..................................................................................... 62

7.3 One-time Credit Cards/Customers ................................................................................... 65

Send one-time Credit Card link (Secure Trading only) ................................................ 677.3.1

7.4 Converting a one-time credit card to a BP credit card .................................................. 68

7.5 Mass link generator (Secure Trading Only) .................................................................... 69

7.6 B1 iPayment tab on documents ...................................................................................... 71

7.7 Automatic fraud check on authorization/settlement ................................................... 73

7.8 Authorization .................................................................................................................... 74

Void authorization ....................................................................................................... 767.8.1

Automatic re-authorization ......................................................................................... 767.8.2

7.9 Settlement window .......................................................................................................... 77

7.10 "Pay now" links ................................................................................................................. 79

7.11 "Add Credit Card" links ..................................................................................................... 80

7.12 Document refund .............................................................................................................. 81

5


Table of Contents

7.13 Document refund – partial ............................................................................................... 82

7.14 Credit Memo refund ......................................................................................................... 84

7.15 Incoming payment ............................................................................................................ 86

7.16 Incoming payment – refund ............................................................................................. 88

7.17 Outgoing payment – refund (Send money to customer) .............................................. 88

7.18 Deposit on Order ............................................................................................................... 90

7.19 Cancel of Sales Order/Delivery ........................................................................................ 91

7.20 Batch Processing ............................................................................................................... 92

Batch refund ................................................................................................................ 967.20.1

Batch settlement ......................................................................................................... 977.20.2

Batch authorization ..................................................................................................... 997.20.3

7.21 Scheduled Processing ....................................................................................................... 99

7.22 Settlement Report .......................................................................................................... 100

7.23 Re-authorization of Sales Orders ................................................................................... 101

7.24 Result window ................................................................................................................. 102

7.25 Credit Card Expiration ..................................................................................................... 102

8. Common use cases 105

8.1 How do I handle prepayments? ..................................................................................... 106

8.2 How do I handle partial payments? .............................................................................. 107

8.3 How do I settle on multiple Credit Cards? .................................................................... 109

8.4 How do I refund everything? ......................................................................................... 109

8.5 How do I create a partial refund (Credit Card saved on Business Partner)? .............. 109

8.6 How do I create a partial refund for a one-time document? ...................................... 112

8.7 Transactions rejected after settlement (Manual process) ........................................... 114

8.8 Reconciliation .................................................................................................................. 114

9. Troubleshooting 117

9.1 I get the error “-10 – Payment method not defined” when iPayment doesthe settlement ................................................................................................................. 118

10. SQL Queries 119

10.1 All open sales orders without a Credit Card record ..................................................... 120

11. B1P&D integration 121

12. Appendix 1 - iPayment Gateway and server component flows 123

6


Table of Contents

13. Appendix 2 - Authorization flow explanation 127

Index 129

iPayment general

8


iPayment general

1 iPayment general

Welcome to the B1 iPayment Manual. In it you will find all information on how to successfully usethe add-on. For installation and license, please see the separate Installation guide and licenseguide.

CopyrightsCopyright© Boyum IT A/S 2005-2017. All rights reserved.

Warning: This computer program is protected by copyright law and international treaties.Unauthorized production or distribution of this program, or any portion of it that is owned byBoyum IT A/S, may result in severe civil and criminal penalties and will be prosecuted to themaximum extent possible under the law.

SAP®, SAP Business One® and Crystal Report® are Registered Trademarks of SAP AG ® Corporation

MS .Net Framework®, MS Outlook®, MS Word®, Internet Explorer®, Windows® and Microsoft® areRegistered Trademarks of Microsoft ® Corporation

All trademarks and registered trademarks used in this documentation are property of theirrespective owners.

1.1 iPayment and Payment Card Industry Data Security Standard(PCI-DSS)

When implementing iPayment please consult the PCI-DSS guidelines and understand theconditions presented. iPayment is not PCI certified/validation as the certification process isrequired to be completed by merchant and not Boyum It A/S. The bottom line is that only anorganization/merchant can be validated to be PCI-DSS compliant, never an application or a

system[1]. It is up to the merchant to make sure that all the conditions for PCI compliance or PCIcertification depending on the route taken is fulfilled when implementing iPayment. AsiPayment uses tokenization this reduces the PCI-DSS scope required to be completed by themerchant but it does not remove it entirely. Please see the tokenization chapter to learn moreabout how iPayment works with tokens.Boyum It A/S cannot help with the PCI-DSS certification or PCI-DSS compliance as we are not aQualified Security Assessor (QSA). We also cannot assist in picking the correct Self -AssessmentQuestionnaires (SAQ) as this depends on the setup of your business. Please contact your local

https://www.pcicomplianceguide.org/pa-dss-and-pci-dss-beware-the-critical-difference/

9


iPayment general

QSA partner or gateway to get assistance on this. We are able to assist on answering technicalquestions on how iPayment operates if required by the QSA partner.

1.2 GDPR Notes

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, theCouncil of the European Union, and the European Commission intend to strengthen and unify dataprotection for all individuals within the European Union (EU). It also addresses the export of personaldata outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and tosimplify the regulatory environment for international business by unifying the regulation within the EU. It becomes enforceable from 25 May 2018.

It is to the best of Boyum IT Solutions A/S ability that B1 iPayment adhere to privacy by design as theadd-on does not store any personal data beyond the SAP Business One database itself but below arereferences to how B1 iPayment handles data

GeneralAll configured data are stored in the SAP Business One database itself and will not leave the customerssystem. It is the people responsible for the SAP Business One environment that ensure these data arekept secure.

License SystemOur online license check will at start-up of the add-on communicate with https://portal.boyum-it.com/LicenseKey. During this call, we send the following information in order to verify you have a valid license•Installation + System Number•DB Name,•Number of SAP Users and assigned B1UP users•Database server name It is possible to block this call (via normal firewall) and work with an offline license key, withoutinterruption

Feedback SystemThe add-on has an optional Feedback system that on add-on shutdown and in case of errors sendanonymous data to Boyum's internal Feedback servers. It sends the following data to us:•Install no•SAP Version•.NET Version•OS Version•SAP Username•SAP Dabasename•Stats for each module (number of configurations etc. - nothing customer specific) You choose on initial install if you want to participate or not and can at any time turn it off.More information about the Feedback System can be seen here: http://www.boyum-it.com/sbo/uip

https://portal.boyum-it.com/LicenseKey

https://portal.boyum-it.com/LicenseKey

http://www.boyum-it.com/sbo/uip

10


iPayment general

Credit card dataiPayment does not store any sensitive credit card payment information (please refer to the othersections for further details), but it does store the masked credit card number along with name andaddress information associated with the card when we receive it from the gateway.This information is used exclusively for display purposes, to make it easier for the users to identifyunique cards/cardholders. The data is not used when performing transactions and is not sent to 3rd parties at any point.

Cloud connectorThe add-on uses a Cloud Connector located in the Microsoft Azure hosting environment to facilitate easyof use for some of the features we offer. The Cloud Connector does not store any sensitive or user-specific data at any point.

1.3 iPayment and Payment Application Data Security Standard(PA-DSS)

PCI PA-DSS is the standard against which Payment Applications needs to be tested, assessed, andvalidated. PCI-DSS Compliance is later obtained by the merchant. Obtaining PCI-DSS Complianceis the responsibility of the merchant. As much as the PA-DSS provides industry standards fordeveloping payment applications, not all software applications that play a role in transactions areeligible for review and listing by the PCI SSC under the PA-DSS program. iPayment does not fallunder the category of a Payment Application and we are not eligible for PA-DSS validation as wedo not store, process or transmit cardholder data as part of authorization or settlement. In regards

to cardholder data PCI-DSS, does not apply if PANs are not stored, processed, or transmitted[2] bythe payment application. This is the case with iPayment that never store, process or transmitPANs.The PCI Security Standard Council has created the following document https://www.pcisecuritystandards.org/documents/which_applications_eligible_for_pa-dss_validation.pdf on how to determine if an application like iPayment is eligible for PA-DSSvalidation. The document has the following sentence: “If the answer is YES to ANY of thefollowing questions, the application is NOT eligible for validation under PA-DSS.”.The answer for iPayment is yes to point 3: “Does the application facilitate authorization orsettlement, but has no access to cardholder data or sensitive authentication data?” and iPaymentis not eligible for review.

What should a merchant or service provider do if they use, or wish to use, applications thatstore, process or transmit cardholder data that are not eligible for PA-DSS validation?Applications that store, process or transmit cardholder data and that are not eligible for PA-DSS validation would be included as part of an entity’s annual PCI DSS assessment to ensure

that the application is compliant with all applicable PCI DSS requirements.[3]

What should an application vendor do if their product is not eligible for validation underthe PCI SSC’s PA-DSS Program?If an application is not eligible for validation under the PCI SSC’s PA-DSS program, the PCISSC recommends that those applications, if intended for use in the cardholder data

https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

https://www.pcisecuritystandards.org/documents/which_applications_eligible_for_pa-dss_validation.pdf




11


iPayment general

environment, are developed using PA-DSS as a baseline for protection of payment carddata. Merchants and service providers using or wishing to use such applications in theircardholder data environment would include these applications as part of their annual PCI

DSS assessment.[4]

We have developed iPayment using PA-DSS as a baseline but iPayment are not eligible forvalidation.

1.4 PII/PCI

Does B1- iPayment transmit PII or PCI data from/to the ERP host system?Only non-sensitive PII data like first name, last name, street, city, state, country, email and postalcode are transmitted. Only non-sensitive PCI data is transmitted like masked Credit Card number,expiry data and Credit Card type.

What is the transmission method and is the data encrypted?The transmission is done using a HTTPS call to the gateway API. PCI sensitive data like full CreditCard Number and Security Code are never transmitted or stored in the database.

CyberSource specificThe transmission is done using a HTTPS call to the CyberSource gateway API. Besides beingtransferred using HTTPS the data is also encrypted using a private certificate that is created byCyberSource (https://www.cybersource.com/developers/getting_started/test_and_manage/update_keys_and_certificates/) and the certificate is then used by CyberSource to verify thatsender.

1.5 Data theft

In case of data theft change the username/password/transaction key for the gateway login.The Credit Card tokens in the database are useless to any attacker as it does not contain anypayment information.The gateway login information is encrypted in the database but given enough time it might bepossible to reverse the encryption so we advise changing the login details on data theft.

1.6 Known limitations in iPayment

· Business Partnerso “All Currencies” Business Partners are not supported as the token is only valid for

one specific currency.

· Secure Trading – Tokenso For Secure Trading auth token are used. If Secure Trading starts to archive auth

tokens they will no longer be available on the Business Partners. Secure Tradingdoes not archive tokens today but they might in the future. Archiving tokenswould lead to old tokens disappearing from the business partner Credit Cardswindow as they would no longer be valid.


12


iPayment general

Card store/CIM system and Credit Card details(Tokenization)

14


Card store/CIM system and Credit Card details (Tokenization)

2 Card store/CIM system and Credit Card details (Tokenization)

As per the technical guidelines for PCI data storage:

[5]

[1] These data elements must be protected if stored in conjunction with the PAN. This protection should be per PCI DSSrequirements for general protection of the cardholder data environment. Additionally, other legislation (e.g., related toconsumer personal data protection, privacy, identity theft, or data security) may require specific protection of this data,or proper disclosure of a company’s practices if consumerrelated personal data is being collected during the course ofbusiness. PCI DSS, however, does not apply if PANs are not stored, processed, or transmitted.

[2] Sensitive authentication data must not be stored after authorization (even if encrypted).

[3] Full track data from the magnetic stripe, magnetic stripe image on the chip, or elsewhere.[6]

iPayment does not store primary account number (PAN), Full Magnetic Stripte Data, CAV2/CVC2/CVV2/CID or PIN/PIN block. As we do not store the primary account number we are not we are notrequired to protect the cardholder name, service code or expiration date.

All interaction with the gateways are done using a Card store/Customer Information Managersystem.This means that only a token generated by the gateway is stored in the system but not the actualprimary account number.

Authorize.NET http://developer.authorize.net/api/reference/features/customer_profiles.html

Secure Trading http://www.securetrading.com/service/card-store-tokenisation/

CyberSource https://www.cybersource.com/products/payment_security/payment_tokenization/

Eway https://www.eway.com.au/developers/api/token-payments

You can read more about data tokenization here:https://en.wikipedia.org/wiki/Tokenization_(data_security)

2.1 What is Credit Card Tokenization and why is it important?

Tokenization can be defined as “the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token that has no extrinsic or exploitable meaning or

value”[7]. Tokenization is not a new or purely technical term as it has origins dating back



http://developer.authorize.net/api/reference/features/customer_profiles.html

http://developer.authorize.net/api/reference/features/customer_profiles.html

http://www.securetrading.com/service/card-store-tokenisation/

http://www.securetrading.com/service/card-store-tokenisation/

https://www.cybersource.com/products/payment_security/payment_tokenization/

https://www.cybersource.com/products/payment_security/payment_tokenization/

https://en.wikipedia.org/wiki/Tokenization_(data_security)

https://en.wikipedia.org/wiki/Data_element

https://en.wikipedia.org/wiki/Tokenization_(data_security)

15



thousands of years. During the course of time when someone has had the need to protect acurrency or a valuable item during a transaction, they have used tokenization by switching it witha less-valuable item. A good example of tokenization happening today is the use of casino chipswhere real money are switched for a token.When dealing with Credit Cards in a business environment there is a constant threat of cyber-attacks that has made business extremely susceptible to exploitation. Losing a SAP Business Onedatabase that contains Credit Card information is the worst case scenario for many businesses asthis can ultimately lead to having your customers Credit Card information exploited by criminals.Tokenization as utilized by major payment gateways digitally converts sensitive data to a tokenthat has no value outside a specific gateway system. When a gateway provides a tokenizationservice, the gateway system must be secured and validated using security best practicesapplicable to sensitive Credit Card data protection, secure storage, audit, authentication andauthorization. This is all handled by the gateway lowering the security requirements forbusinesses that uses the tokenization service. For this reason, tokenization provides excellentsecurity to data that is stored in a system.

Tokenization vs EncryptionA common misconception is that tokenization and encryption are essentially the same. In fact,tokenization and encryption are very different in how they protect data.Encryption is the process of taking data and encrypting it into an unreadable format. Whileencryption does provide a substantial layer of protection against unauthorized viewing of data,the data needs to be decryptable so that it can be returned to the original format. This is indeedthe case with solutions that encrypt Credit Card data in the database as they need to be able toreverse the encryption and extract the Credit Card number when processing transactions. If youhave the correct key, you are able to decrypt the data and reveal the Credit Card numbers. Thisweakness has led hackers to develop sophisticated programs that have ultimately succeeded inuntangling encrypted data previously considered unbreakable.Tokenization instead replaces sensitive payment data with a token that cannot be mathematicallyreversed back to the original data.

How does iPayment use tokenization?When gateway tokenization is utilized in combination with B1 iPayment, it provides substantialprotection to customers and businesses alike. Should a data breach occur the database wouldonly be yielding unusable tokens to hackers. The tokens cannot be reversed to the actual CreditCard number and is as such useless for the fraudsters.

The result of this process is that only a token generated by the gateway is stored in the SAPBusiness One database but not the actual primary account number. This leads to increasedsecurity as no one is able to obtain the primary account number after it has been submitted to thegateway. iPayment uses the token to keep track of the transaction and handle authorization,settlement and refunds.

16



A token is unique for a gateway and an account and as an example a token from Authorize.NETcannot be used with Secure Trading/CyberSource or even a different account at the samegateway. This renders the token entirely useless for anyone who is able to obtain it as it cannotbe reversed to the actual Credit Card number and the token is linked to the account at thegateway.

Question and answers for tokenization Does iPayment store Credit Card data in the database?

a. Yes and no. It stores the token that represents the primary account number but notthe primary account number itself. The following are stored by iPayment:

i. The token that represents the primary account number. As explained abovethis cannot be reversed to the actual Credit Card number.

ii. Expiry data of the Credit Card iii. Credit Card type iv. A masked version of the primary account number provided by the gateway.

This cannot be unmasked and you cannot get access to the full primaryaccount number. iPayment cannot unmask the primary account number and itwill show like on a paper receipt from a store - XXXX0027.

v. The information on the Credit Card like Firstname, Lastname, city, country etc.for fraud checking.

b. iPayment does NOT store the following: i. Security Code (CVV, CAV2, CVC2, CVV2, CID) ii. Primary account number2. How/where are the Credit Card data stored?

a. The token and the connected data is stored in a User Defined Table in the database([@BOY_E0_CREDITCAEX]). You as a customer should maintain strict security rules anduse best practice for storing sensitive data as following the guidelines by the PCI-DSSscope. Tokenization does not remove the requirement but it help prevent leakingprimary account number if a breach happens.

3. How long do the tokens lasta. Until the deleted from the system or the Credit Card expires.

4. Is there a way that the customer can enter their Credit Card info without an employee seeingthe info?

a. If you use Secure Trading as the gateway then yes. With Secure Trading as thegateway we have the option to send out a link created by Secure Trading that allowsthe customer to enter the Credit Card information in a secure environment providedby Secure Trading. After entering the Credit Card information the token will beconnected to the Business Partner in SAP where the link was generated from and canthen be used to process payments without any employee or iPayment having accessto the full Credit Card data.We do not have this option for the other gateways as Secure Trading are the only oneto offer this solution right now.

Gateway requirements

18



3 Gateway requirements

Please carefully read and understand the documentation provided by the gateway. Acquiringbanks and gateways may have special rules around authorization length, fraud check and refundsthat will affect your overall fee level. Additional fees or fines may be imposed if you fail toadhere to the rules.For full terms and conditions, please contact your gateway or acquiring bank.

The server component should be installed on the server after installing and running the add-on ineach database that should be used.Please see the separate “B1 iPayment server component installation guide.pdf” file.

3.1 Secure Trading

Please carefully read the requirements below.

· Merchant account with Secure Tradingo Share site security key with Secure Trading support

1. See configuration for more information on thiso Have Secure Trading support enable CFT (Cardholder Funds Transfer) on the site

(For doing refunds without a linked transaction)o Have enhanced POST enabled for your site reference (Write to

[email protected])

3.2 Authorize.NET


· Account with Authorize.NETo The Transaction Details API must be enabled.o To enable the Transaction Details API:

1. Log on to the Merchant Interface at https://account.authorize.net .2. Select Settings under Account in the main menu on the left.3. Click the Transaction Details API link in the Security Settings section. The

Transaction Details API screen opens.4. If you have not already enabled the Transaction Details API, enter the

answer to your Secret Question, then click Enable Transaction Details API.5. When you have successfully enabled the Transaction Details API, the

Settings page displays.o Have Extended Credit Capabilities (ECC) enabled (For doing refunds without a

linked transaction). More info on how to activate here: http://www.authorize.net/content/dam/authorize/documents/ecc.pdf

o Have the account created in the correct currency. The Authorize.NET API does nothave support for currencies. The Authorize.NET account needs to be setup in thecurrency that you will be using.

· If you want to test please get a sandbox account from http://developer.authorize.net/

mailto:[email protected]

http://www.authorize.net/content/dam/authorize/documents/ecc.pdf

http://www.authorize.net/content/dam/authorize/documents/ecc.pdf

http://developer.authorize.net/

19



o A standard Authorize.NET account can only be used in “Live” mode asAuthorize.NET does not allow normal accounts to login to the sandbox.

3.3 CyberSource


· Please carefully read the CyberSource documentation for the processor that you haveopted to use.

o Below you will find functionality requirements that the processor needs to support.

· The selected processor should have support for automatic preauthorizations + automaticPreauthorization Reversal (See cybersource documentation for a list of processors thatsupport this: http://apps.cybersource.com/library/documentation/dev_guides/Payment_Tokenization/UBC/Payment_Tokenization_UBC.pdf)

o Note: Contact your merchant account provider to determine whether you will becharged a fee for a preauthorization.

· Automatic Preauthorization Reversal should be enabled on your account.

· Subscription/Tokenization should be enabled on your account.

· The processor should support “Card verification number”

· The processor should support “Full Authorization Reversal”

· The processor should support “Automatic Preauthorization Reversal”

· If you want to test please get a sandbox account from http://www.cybersource.com/register/

o A standard CyberSource account can only be used in “Live” mode as CyberSourcedoes not allow normal accounts to login to the sandbox.

3.3.1 Cybersource and interaction with Add credit card website [Mandatory]

To comply with PA-DSS requirements iPayment is not allowed to transfer credit card details fromSAP Client to gateway. For that reason it need to be done on a website controlled by CyberSourcethat you open from within the SAP Client.

Setup needed for this to work

· Login to Cybersource gateway as administratoro Navigate to Tools & Settings > Secure Acceptance > Profileso Press Create new profileo Input name (example iPayment CreditCard)o Select Itegration method ‘Web/Mobile’o Input Company Nameo Enable ‘Payment Tokenization’ under added value services

http://apps.cybersource.com/library/documentation/dev_guides/Payment_Tokenization/UBC/Payment_Tokenization_UBC.pdf

http://apps.cybersource.com/library/documentation/dev_guides/Payment_Tokenization/UBC/Payment_Tokenization_UBC.pdf

20



o

o Press Create (you will be navigate to the new profile)

· On the profile page press “Notifications”o Enable ‘Merchant POST URL’ and write https://ipayment.boyum-it.com/

CyberSource/ProcessNotification in the fieldo Enable ‘Merchant POST Email’ and write your e-mail to notifications on (once

everything is working you can optionally disable this again)

o

o Save and return to the Profile overview

· On the profile page press “Payment Settings”o Here you need to setup the payment method available on the add credit card

webpage and save.

· On the profile page press “Security”o Press the ‘Create new key button’o Give the key a name and press ‘Generate Key’o Save the Access key and Secret Key as they need to be inserted into the iPayment

configurationo Return to profile home

21



· On the profile page press “Payment Form”o Select the “Single Page Form” optiono Enable “Billing information” under “Checkout steps”

§ Enable the following fields and set them as display, edit and require:

· First Name

· Last Name

· Street Address 1

· City

· State

· Postal Code

· Country

· Email Address

·

§ The fields are made mandatory by CyberSource and it will not work if theyare not marked as mandatory

§ Press “Save”

· Add profile id to the iPayment configuration:o At the top of the profile home page there is a Profile ID. This is the last piece of

information you need to add to the iPayment configuration along with the Accesskey and Secret Key found under security.

o

· Promote the configuration to “Active” using the “Promote to Active” button on theprofile home page

22



· If you are running on a live environment, you will need to contact CyberSource supportto have the profile published to the live servers.

· After having the profile published you can now add a Credit Card in iPayment.

3.3.2 Cybersource and interaction with Add credit card [How does it work]

After completing, the setup as explained above you should now be able to add Credit Cards tocustomers using a webpage. This works in the following way:

1. iPayment contacts CyberSource and asks for a URL2. A webpage is launched in your browser3. You enter the customers details in a secure website provided by CyberSource4. CyberSource makes a callback to the URL specified in the “Merchant POST URL” and the

token for the Credit Card is saved5. iPayment contacts the URL specified in the “Merchant POST URL” and saves the token for

later use.

As CyberSource requires a callback server to exist, we have opted to provide a server(ipayment.boyum-it.com) that allows for easy setup of the system.The following fields are saved when the callback happens from CyberSource:

· Credit Card token

· Profile ID

· iPayment reference

· Timestamp

· AVS/CVV fraud check result codes

The data is deleted when iPayment requests the token from ipayment.boyum-it.com. The data isalso anonymous as Boyum It cannot identify the origin of the data as only you know the profile ID.The token is unusable for anyone but you as it is linked directly to your CyberSource account.

The ipayment.boyum-it.com website is hosted on Microsoft Azure but we do not guaranteeuptime or availability of the service.

3.4 Eway


· Account with Ewayo Ensure that the account you’re using with iPayment has the ‘RapidAPIUser’ roleo Ensure that the ‘RapidAPIUser’ role has permissions to do ‘Rapid API Refunds’

3.5 Moneris


· Account with Moneris

23



o Hosted Tokenization must be set up in your Moneris account - this allows you toobtain a Hosted Tokenization Id, that is required to configure iPayment.

3.6 Cayan


· Account with Cayan

3.7 ProPay


· Account with ProPay

· Account must be configured to allow Direct Refunds (refunds not tied to previoustransactions)

General must read notes on gateways

26



4 General must read notes on gateways

4.1 Secure Trading

CVV codesThe CVV codes are send in on the first Credit Card add request and as it is not stored by iPaymentthe gateway. The CVV code will only be validated once when adding the card. It is not legal tostore the CVV code so any additional request will not have the CVV code checked.

Pre-Authorisations and Final Authorisations MasterCard Europe MandatePlease carefully read the 11.1 topic in the file: http://www.securetrading.com/files/documentation/STPP-XML-Specification.pdf.

You will need to decide if you want to use PRE or FINAL authorization for MasterCard and youneed to consider the implications of doing so. Failing to do so may result in a fine fromMasterCard.

4.2 Authorize.NET

CVV codesThe CVV codes are send in on the first Credit Card add request and as it is not stored by iPaymentor the gateway. The CVV code will only be validated once when adding the card. It is not legal tostore the CVV code so any additional request will not have the CVV code checked.

4.3 CyberSource


TestingWhile testing with CyberSource please note that the amount is required to be specific values. Ifthe amount is not the correct value the test api will reject the transaction.For an overview of amounts please see: http://www.cybersource.com/developers/getting_started/test_and_manage/simple_order_api/HTML/Paymentech/soapi_ptech_err.html

and http://www.cybersource.com/developers/getting_started/test_and_manage/legacy_scmp_api/

Amount values that will be accepted: 164, 2100, 2101, 2102, 2103, 2014, 2015, 2106, 2107, 2108,2109, 2110, 2111.Any values outside of the above will return a general error: “General decline of the card. No otherinformation provided by the issuing bank.”

http://www.cybersource.com/developers/getting_started/test_and_manage/simple_order_api/HTML/Paymentech/soapi_ptech_err.html

http://www.cybersource.com/developers/getting_started/test_and_manage/simple_order_api/HTML/Paymentech/soapi_ptech_err.html

http://www.cybersource.com/developers/getting_started/test_and_manage/legacy_scmp_api/

http://www.cybersource.com/developers/getting_started/test_and_manage/legacy_scmp_api/

27



4.4 Eway


Pre-authPre-auth is currently only available to Australian, Singapore, Malaysian & Hong Kong merchants

Batch refunds and outgoing paymentsPlease note that Eway does NOT support batch refunds and outgoing payments not tied to atransaction previously made using the gateway.

This is due to the fact that Eway can only handle refunds for previous transactions made throughthem, thus they do not support refunding a specified amount to a customer with no relation to atransaction.

4.5 Moneris


4.6 Cayan


4.7 ProPay


Setup

30


Setup

5 Setup

5.1 License

Once the add-on is installed and started go to Administration -> Add-Ons -> B1 iPayment ->License Administration and assign the users that needs to use the add-on functionality.

5.2 Database Information

Click Database Information then type in a user that has read/write access to the database. Use“Test connection” button to review if the information is correct.

31


Setup

5.3 Configuration

Click the Configuration menu item and select the gateway that you would like to use.

Fill out the details for the gateway or enable demo mode for testing.

Customers needs to have a specific currency set. You cannot use the "Multi-currency" customer.

5.3.1 Secure trading

Site reference Enter the Secure Trading site reference

32


Setup

User Enter the Secure Trading user (this user needs to beconfigured on the site with role “Webservices”)

Password Enter the Secure Trading password associated with theuser

Site security Enter a shared site security key (this key must be send toSecure Trading support along with the site reference) The email to Secure Trading support should contain thefollowing: I would like to update the sitesecurity for my account.

Parameters are:1. currency2. mainamount3. sitereference4. orderreference5. PASSWORD Password: The password you have entered into the sitesecurity field

Demo mode If you enable this option you will use a test account withSecure Trading. All transactions will be in test mode andyou will be able to test the product without having aSecure Trading account. You can do settlements, refundetc. in a secure demo environment.To test credit cards please use the following details:Card type: VISACard number: 4111111111111111Expiry date: 01/2034Security code: 413 To test the account check feature please use the followingdetails:

Valid account check info:House name/no: 789Postcode: TE45 6ST Invalid account check info:House name/no: 123Postcode: TE12 3ST

33


Setup

5.3.2 Authorize.NET

API Login Enter the Authorize.NET API login

Transaction key Enter the Authorize.NET Transaction key

Live transactions Check to connect to the live API. If this is not checked youwill connect to the sandbox API.

Demo mode If you enable this option you will use a test account withAuthorize.NET. All transactions will be in test mode andyou will be able to test the product without having anAuthorize.NET account. You can do settlements, refundsetc. in a secure demo environment.

To test credit cards please use the following details:The expiration date must be set to the present date orlater. Use 123 for the CCV code.

American Express 370000000000002

Discover 6011000000000012

Visa 4007000000027

JCB 3088000000000017

5.3.3 CyberSource

34


Setup

Merchant id Enter the merchant id of your CyberSource account

Certificate CyberSource use a Certificate system to validate that identity. Pleaseselect the Certificate generated using the “…” button. The Certificate willbe saved in the database in encrypted form so that you do not have tocopy it to each machine that uses the add-on.Please see the CyberSource documentation on how to generate anddownload the Certificate: http://apps.cybersource.com/library/documentationdev_guides/security_keys/creating_and_using_security_keys.pdf See section: “Generating Transaction keys”

Reporting username To determine the status of the transactions iPayment needs access to thereporting functionality.Please create a reporting user using the CyberSource Business Center.Account management -> User administration -> Add User

After creating the user please input the username.Reporting password Reporting user password

Profile ID, Access Key,Secret Key

These information is needed from the gateway in order to add CreditCards. See Cybersource requirements at the beginning of this manual formore information.

Live transactions Check to connect to the live API. If this is not checked you will connect tothe sandbox API.

Demo mode If you enable this option you will use a test account with CyberSource. Alltransactions will be in test mode and you will be able to test the productwithout having a CyberSource account. You can do settlements, refundetc. in a secure demo environment. To test the credit card please use the following details:

First name John

Last name Doe

Email [email protected]

Street 1295 Charleston Road

City Mountain View

State CA

Postal Code 94043

Country US

Card type Visa

35


Setup

First name John

Card number 4111111111111111

Expiry month 07

Expiry year 2032

Security code 123

5.3.4 Eway

API Key Enter the Eway API Key (My Account à API Key)

API Password Enter the Eway API Password (My Account à API Key)

Demo mode If you enable this option you will use a test account withEway. All transactions will be in test mode and you will beable to test the product without having an Eway account.You can do settlements, refunds etc. in a secure demoenvironment.

To test credit cards please use the following details:The expiration date must be set to the present date orlater. Use any 3 digits for the CCV code.Use 4 digits for the CCV code on American Express


Mastercard 5105105105105100

Visa 4444333322221111

Diners 38520000023237

36


Setup

5.3.5 Moneris

StoreId StoreId provided by Moneris when you sign up for anaccount.

API Key API Key is provided by Moneris when you sign up for anaccount - or generated by logging in to your Monerisaccount.

Hosted Token ID This is obtained by logging in to the Merchant ResourceCenter, navigating to Admin --> Hosted Card Tokenizationand creating a new Hosted Token Profile. The Profile Id is the Hosted Token Id.

Demo mode If you enable this option you will use a test account withMoneris. All transactions will be in test mode and you willbe able to test the product without having a Monerisaccount. You can do settlements, refund etc. in a securedemo environment.To test credit cards please use the following details:Card type: VISACard number: 4242424242424242Expiry date: 01/2034Security code: 413

Card type: Mastercard

Card number: 5454545454545454Expiry date: 11/2032Security code: 142

37


Setup

5.3.6 Cayan

Merchant Name MerchantName provided by Cayan when you sign up foran account.

Merchant Site Id Merchant Site Id is provided by Cayan when you sign upfor an account.

Merchant Key Merchant Key is provided by Cayan when you sign up foran account.

38


Setup

5.3.7 ProPay

Auth token Auth Token provided by ProPay when you sign up for anaccount.

Biller Account Id Biller Account Id is provided by ProPay when you sign upfor an account.

Merchant Profile Id Merchant Profile Id is provided by ProPay when you signup for an account.

39


Setup

5.3.8 General

Portal integration Save Credit Card toBusiness Partnerrecord whenimporting transactions

If this option is enabled iPayment will save the Credit Card details on theBusiness Partner record connected to the document imported from theOne-time Credit Card integration table. This means that the token createdfor the Credit Card will be saved to the Business Partner and can then beused to process future transactions.

Authorize.NETintegration

Currency Authorize.NET only:The currency selected needs to match the currency that yourAuthorize.NET account was created in. Authorize.NET does not supportchanging currencies through the API so it is important that you get theaccount created in the correct currency. Note: The demo mode runs in USD.Customers needs to have a specific currency set. You cannot use the"Multi-currency" customer.

Data integration Authorize.NET only:None:This level is the default, which sends only the information required tocomplete a transaction successfully.

40


Setup

Level II data: This level includes additional information about shipping and tax rates ifthese are available – providing these data may result in lower transactionfees with your provider when working with P-Cards customers.

Other Process credit notesnot linked to asettlement

Select this option if refunds should be possible without being linked to abase document/settlement Secure tradingRequires CFT (Cardholder Funds Transfer) to be enabled

Authorize.NETRequires ECC (Extended Credit Capabilities) to be enabled

Automatically queryfor new credit cards

Toggles whether the Server Component will automatically query theprovider for new credit cards.

Note:You should only enable this if you use Secure Trading "Send Add creditcard link" functionality, or add credit cards directly on the providerwebsite.

Require CVV/CVV2(Security code)

Enabling this option makes the Security Code (CVV) field on the “AddCredit Card” form mandatory.

CIM: Do Authorizationon credit card add(fraud check)

Authorize.NET only:If you turn this off Authorize.NET will not do an automated 0.00$Authorization check when adding credit-cards via the webpage.

Use internal browser If enabled adding new Credit Cards will be done using a browser windowinside SAP

B1P&D should handleone-time Credit Cardlinks

Secure Trading only:Enabling this option will hide some functionality surrounding copyinglinks for one-time Credit Card documents. iPayment will assume thatB1P&D will handle the delivery of the links using email.

Please see the B1P&D manual for information on how to setup thisfeature.

Note: Enabling this option will not automatically make B1P&D send outemail links. You will need to configure B1P&D and use the iPaymentspecific keywords.

Warning: Remember to setup B1P&D before enabling this option!Use 'card on file'declaration whensending requests

Secure Trading only:Enabling this option will send along a 'credentials on file' field in theinitial request when storing a card.For Visa cards it will also send along an 'initiation reason' field, containinginformation on why the merchant has initiated the transaction.

Including these fields will decrease the likelihood of declines caused bymissing CVV codes when using cards on file.

41


Setup

You can learn more about this in the Secure Trading documentation insection 1.4 - Credentials on File (CoF):https://www.securetrading.com//files/documentation/STPP-Payment-Pages-Setup-Guide-V2.pdf

ECI/Crypt Level Moneris only:This option controls which Moneris ECI/Crypt Level transactions areprocessed with.

Please be aware that this setting applies to ALL processed transactions.Some processors might have special rules and requirements thattransactions must fulfill to fit in a specific ECI/Crypt level. It is your own responsibility to familiarize yourself with these rules, andmake sure you choose the right ECI/Crypt level for your scenario.

If you're unsure, please contact Moneris support, who should be able tohelp you determine requirements for your processor.

5.3.9 Authorization

Authorization

https://www.securetrading.com//files/documentation/STPP-Payment-Pages-Setup-Guide-V2.pdf

https://www.securetrading.com//files/documentation/STPP-Payment-Pages-Setup-Guide-V2.pdf

42


Setup

Sales Order Select which authorization type you want to use.If you uncheck the checkbox the authorization options willnot be available for this document.

Delivery Select which authorization type you want to use.If you uncheck the checkbox the authorization options willnot be available for this document.

A/R Down Payment Invoice Select which authorization type you want to use.If you uncheck the checkbox the authorization options willnot be available for this document.

A/R Invoice Select which authorization type you want to use.If you uncheck the checkbox the authorization options willnot be available for this document.

A/R Reserve Invoice Select which authorization type you want to use.If you uncheck the checkbox the authorization options willnot be available for this document.

Additional authorization options

Payment Terms Level BP Level: Uses the Payment Terms on the Business Partner todetermine which Payment Terms Configuration to use.

Document Level:Uses the Payment Terms on the Document to determinewhich Payment Terms Configuration to use.

Control sales order approval If this option is enabled iPayment will set “Approved” asfalse on “Sales Orders” that uses Credit Cards. It willupdate the “Approved” field to true when anauthorization has been completed.If you void the “Authorization” then “Approved” flag willbe set back to false.

The dropdown next to the checkbox controls wheniPayment should switch the Approval flag to true.Always: The Approval flag is set on any successfulauthorization regardless of amount.Only when fully authorized: iPayment will only set theApproval flag when the total authorized amount for thedocument exceeds the open document total.

Automatic Reauthorization Setting this flag tells the Server Component toautomatically reauthorize any authorizations that haveexpired.

This service runs when the Server Component is firststarted, and every 12 hours afterwards.

Authorization markup The purpose of the markup is to allow for authorizing ahigher start amount if you expect additional costs to beapplied at a later stage in the sales process e.g. Freight,VAT.

43


Setup

When doing a settlement only the open document totalwill be settled. Note: This is not related to Credit Card fees and cannot beused to apply additional fees to the order. Only thedocument total will be settled.

Authorization markup type Select the appropriate markup type (None, Amount orPercent)

Authorization markup value Enter the markup value and select the currency

Allow edit of markup at authorization Select this option if the user should be able to edit themarkup type and value in the authorization window

Authorization expire days This should be set to the value that the payment processorhas for when authorizations expire. The default value iswhat the gateway has indicated as the normal expiry time.

The field should not be changed unless the processor has adifferent expiry period than the default.

Note: You cannot control how long an authorization lastusing this field as this is fully controlled by the processorand the bank.Changing the field impacts when iPayment will mark theauthorizations as expired but does not affect the actualexpiry date of the authorization.

44


Setup

5.3.10 Settlement and refund

Automatic settlement

A/R Down Payment Invoice Enable this option if you want the system to automaticallysettle when adding the document.All authorization logic will be disabled on the document ifthis is enabled.

Note: The document will always be fully settled whenusing the option. If you want to do partial payments youshould not use this option.

A/R Invoice Enable this option if you want the system to automaticallysettle when adding the document.All authorization logic will be disabled on the document ifthis is enabled. Note: The document will always be fully settled whenusing the option. If you want to do partial payments youshould not use this option.

A/R Reserve Invoice Enable this option if you want the system to automaticallysettle when adding the document.

45


Setup

All authorization logic will be disabled on the document ifthis is enabled. Note: The document will always be fully settled whenusing the option. If you want to do partial payments youshould not use this option.

Settlement - other

Allow settling more than opendocument amount

Enable this option if you want to disable all checks thatprevent settling a higher amount than what is currentlyopen on the document.This will impact the batch settlement and right-click ->settle now screens. No checks will be performed and settlements can be doneon any amount.

Note: We do not recommend enabling this option.Batch settle only authorized amount Enabling this will cause iPayment to only settle authorized

amounts when using the Batch Settlement Wizard.

This means the user won't have to manually edit each linewhen batch settling.

Reauthorize when performing partialsettlements

Enabling this option will tell iPayment to reauthorize theremainder of the existing authorization when doing partialsettlements.

Create incoming payments whiledoing settlements

Enable this option to create incoming payments when thesettlement is created.Note: If you enable this option you need to use the “CreditCard Mapping” button below!

Outgoing payments

Create outgoing payment on batchrefund

If enabled iPayment will create outgoing payment whenbatch refunding Credit Notes.

Outgoing payments account Enter/select the account to be used for the outgoingpayment.

Ramtool

Payment account Secure trading only:Enter/select the account to be used for the incomingpayment that will be created during the settlementprocess/when importing files from Ramtool

Fee account Secure trading only:Enter/select the account to be used when posting SecureTrading/Credit Card fee. The fee will be taken from thepayment account and moved to the fee account using ajournal entry.

Ramtool folder Secure trading only:If you want to use Ramtool for reconciliation you need toselect a folder where you download the files to. You canread more about this feature in the “Ramtool” section.

46


Setup

5.3.11 Credit Card mapping

In the Credit Card mapping window you need to map the gateway Credit Cards to the SAP CreditCards. This is required if you use the incoming payment functionality.You can specify a default card that will be used if no other matches are found.Note: If this is not setup correctly iPayment will not be able to create incoming payments.

47


Setup

5.3.12 Permissions

Permissions

Right-click refund users (Empty = ALL) This controls what users should have access to the right-click refund option on the A/R invoice documents. If thefield is empty, all users can access the right-click options.

5.3.13 Alerts

Here you can setup users that should receive an internal message if something happens whileworking with the gateway.

48


Setup

Example:Settlement could not be completedAuthorization could not be completedMissing default credit card in combination with automatic settlement

5.3.14 Payment terms

You have the option to overwrite some of the configuration on the payment terms window. Thisis optional and if nothing is setup on the payment term the default values from the configurationwill be used.

49


Setup

If you toggle the 'Exclude from Batch Wizards' option, documents using the configured paymentterms will not be included in any of the batch filter screens.

You can remove the configuration by using the “Remove” button (Will only show after theconfiguration is added).

The payment terms level can be configured on the configuration screen. Please refer toSettlement and Refund page of the configuration screen.

5.4 Secure Trading

5.4.1 Secure Trading - Customizing the “Add credit card” page

To customize the Secure Trading “Add credit card” page to look like a signup page instead of a“Pay now” page we have included a .css file and a .js file. To use the files please do the following.

Locate the files in the iPayment install folder (Normally: C:\Program Files (x86)\SAP\SAP BusinessOne\AddOns\BOY\B1 iPayment\ResourceFolder).

The files are named: customchild.css and customchild.js.

Login to Secure Trading using https://myst.securetrading.net/login.Open the “File manager” and upload the two files to Secure Trading.

50


Setup

You can change the Javascript and css to include your company logo and change titles/text stringsby modifying the files.

Note: Please consult the Secure Trading documentation for information on how to do this.

Important: Boyum IT A/S does not offer support on customizing the pages. Please contact theSecure Trading support for help.

5.4.2 Secure Trading - Currencies

Secure Trading support various currencies – see all here http://webapp.securetrading.net/currencycodes.html

Depending on the currencies, they need to be setup/mapped in SAP Business One. This can bedone in Administration -> Setup -> Financials -> Currencies

http://webapp.securetrading.net/currencycodes.html

http://webapp.securetrading.net/currencycodes.html

51


Setup

Here the International Code column needs to match a Secure Trading currency code provided inthe link above.

5.5 Special scenarios

5.5.1 Handling large authorizations and split shipments

When working with large authorizations and split shipments it is very important to consider howthis is handled.If the proper work-flow is not used you may end up reserving more funds than the customer haveavailable leading to transactions getting rejected.

Scenario:1. A order is created for 4000 EUR with an authorization on 4000 EUR2. This order is copied into multiple delivers during a short period of time3. Each delivery is after having been created copied into an invoice document4. The invoice document is settled using iPayment as you want to pull the money for the partial

shipment when the delivery is made

The issue arrives as iPayment will use the initial authorization on the order to settle the firstinvoice (can only be used once). This will mark the authorization as settled even if you only settle a small amount of the initialauthorization.

Example:Sales order is 4000 EURInvoice is 1000 EUR iPayment will settle the first invoice using the 4000EUR authorization (but will off cause only draw1000 EUR).The next time you create a delivery and invoice you settle an additional 1000 EUR. This will createa new settlement without a reference to the 4000EUR authorization as this has already been usedto settle the first invoice.

At some point in the future you create the last delivery for the remaining amount (2000 EUR) andinvoice this.

Flow:

52


Setup

The issue that might be is that the customer’s account does not have the funds needed tocomplete invoice 2 and 3 as the 4000EUR is still reserved by the original authorization (normally 7-10 days) despite that is has already been settled. Technically a authorization cannot be re-used when it has been settled and even after doing thesettlement some of the funds will still be held until the funding for the settlement completes.

Example from CyberSource"After the $25 settlement is processed against the original $100 authorization hold, the remainingfunds ($75) are still being held on the customer's card. Depending on the card type and paymentprocessor in use, CyberSource or your processor may initiate a partial authorization reversalrequest against the $75 remainder of the funding hold once the $25 settlement request has beenreceived and processed by the payment processor. If the customer's issuing bank approves of thepartial authorization reversal, the remaining funding hold will be returned back to the card beforethe $25 settlement funds completely; else,the remaining funds being held will be returned to the customer's card once the funding for the $25

settlement completes."[Link]

Due to the above we do not recommend authorizing large amounts at the Sales Order level if youare going to use split shipments as you may then start getting your transactions rejected whenprocessing the invoice.Please see the child chapter to identify the alternative work-flow suitable for your business.

Gateway specific functionalitySecure Trading have some very specific functionality to handle the above scenario. However thiscomes with certain limitations.

· Only certain acquiring banks support split shipments

· Only VISA/Master Card can be used

With the above limitations in mind we have decided to not implement gateway specific logic asthe main merchant bank (Secure Trading Financial Services) does not support this and it would belimited to specific card types.Other gateways (Authorize.NET/CyberSource etc.) does not have any specific logic for handling

split shipments and instead recommend creating a suitable work-flow [Link].

53

https://support.cybersource.com/cybskb/index?page=content&id=C1108&actp=LIST

https://support.cybersource.com/cybskb/index?page=content&id=C1108&actp=LIST

53


Setup

5.5.1.1 Alternatives to creating large authorizations on Sales Orders

Alternative 1 - Authorization at DeliveryTo get around the issue with the large authorizations on the Sales Order one alternative is toauthorize at the Delivery instead of the Sales Order.You would still add the one-time Credit Card/Business Partner Credit Card at the Sales Order asthis will create an (0.01) authorization to validate the Credit Card. This way you can still do thefraud check without authorizing the full amount on the Sales Order. The benefit of doing the authorization when creating the delivery is that you get the splitshipment authorized but you only authorize the amount that you are going to settle. When the delivery is then copied to an A/R Invoice you settle the full authorization and you onlyhold the money that you are going to settle on the customers Credit Card.

An alternative is to only authorize the amount expected in the first shipment on the Sales Order.This way you will get some security without reserving more funds than required to process thefirst delivery. This is a manual process and the person creating the sales order need to know whatthe expected first shipment amount will be.

Note: It is important that the A/R Invoice amount is the same or less than the Delivery asotherwise iPayment will need to create a new settlement as the authorization cannot be used.This would lead to the same issues as outlined in the "Handling large authorizations and splitshipments" chapter.

Alternative 2 - One A/R InvoiceOne alternative is to always settle using one A/R Invoice instead of multiple A/R Invoices.

54


Setup

This way you will use the authorization from the Sales Order to settle the A/R Invoice leading toonly settling one transaction instead of multiple.This can be achieved using the Copy from functionality in SAP where you settle all the Deliveriesthat is created from the Sales Order.It is important that the A/R Invoice amount is the same or less than the Sales Order as otherwiseiPayment will need to create a new settlement as the authorization cannot be used. This wouldlead to the same issues as outlined in the "Handling large authorizations and split shipments"chapter.

Alternative 3 - Only ship every 10 daysAn authorization normally expires after 10 days so only shipping every 10 days would allow forthe settled authorization to expire before the next settlement is done. You can get the specific expiration time for the authorization by contacting the gateway.

Alternative 4 - A/R Reserve InvoiceWhen creating the A/R Reserve Invoice document you can settle it using iPayment for the fullamount. You can then close the A/R Reserve Invoice using one or more Delivery documents when thedelivery has been made.

55


Setup

5.6 Credit Card Payment Methods

In the Credit Card Payment Methods you have the option to specify "Payments" as a column.We do not support any options other than "No". iPayment does not support installmentpayments.

Go-live checklist

58


Go-live checklist

6 Go-live checklist

6.1 Go-live

Before go-live please make sure that you have read and completed all the steps below.We recommend printing this page and keeping it for reference after go-live.Skipping any of the steps outlined below may lead to errors and delayed support cases.

1) General

· We recommend always using a sandbox database for testing of iPayment

· Note: Once you switch from Demo-mode to Live-Mode, all iPayment tables will be cleared, andthe action can't be reversed.

· Read "General must read notes on gateways" for the gateway you are implementing

· Read "Handling large authorizations and split shipments" and decided if this applies to thecustomer or not

· Read "Known limitations in iPayment"

· Read "iPayment and Payment Card Industry Data Security Standard (PCI-DSS)" + "iPaymentand Payment Application Data Security Standard (PA-DSS)"

· Read "Data theft"

2) Configure your Payment gatewayMake sure that all the required features are enabled at the gateway and that you insert all therequired credentials into the iPayment gateway configuration window.Note: Not getting all gateway features enabled (example CFT) may not give errors immediatelybut it will give issues later on when doing a refund. Customers needs to have a specific currency set. You cannot use the "Multi-currency" customer.

3) Provide gateway access to your accounting teamThe accounting team should have access the to gateway backend system so that they mayreconcile and verify the transactions.All error handling in regards to rejected transactions are manual and the accounting team shouldbe instructed on how to handle this.Additionally you may want to setup automatic e-mail notification on rejected settlement if this issupported by the gateway.

4) Instruct your sales team in the new work-flowThe users that are going to use iPayment should receive appropriate training and should all knowwhere to obtain the iPayment manual.They should be instructed in how to handle Credit Card details securely and in compliance withPCI-DSS.

5) TestingWe test each iPayment version released with a number of automated and manual test cases but itis your responsibility to test that the product behaves as expected before go-live.We recommend that you to run a few small value test transactions with real cards before startingto accept customer orders.

51

11

8

10

11

114

59


Go-live checklist

· Test your work-flow and create a new order and test authorizations

· Create invoice documents and settle the invoice

· Issue a partial refund

· Issue a full refund

· Test the incoming/outgoing payment functionality

Check using the gateway backend that all transactions are processed as expected and have thecorrect amounts

6) Make sure to show and instruct the super-users in how the "Action log" window worksThe action log is a very important tool as it contains a log of everything done with iPayment andwho did it. This tool is both an audit and a support tool to show you what has happened in the system.When requesting support we may ask for information from the action log to be included in theticket.

Post go-liveAfter go-live it is important that new versions released of iPayment are checked for bugs relatingto functionality that the customer are using and that new versions are installed if any correctionshave been made.You can find the version history at: https://ipayment.boyum-it.com

1) Requesting supportBefore requesting support please read this article on what information should be included

62

https://ipayment.boyum-it.com

http://www.boyum-it.com/Link/iPaymentSupport/

General use

62


General use

7 General use

After the add-on has been successfully installed, configured and started the users can start toassign credit cards to customer, create, authorize and settle documents and so on.

7.1 Action log

The iPayment action log allows you to view all user and system actions done in iPayment.The log can be accessed from Administration -> Add-ons -> B1 iPayment -> iPayment action log

It contains different columns that can help in identifying the user, amount, action done etc.You have the option to filter the data and lookup data for a specific user or action.

7.2 Assign credit cards to customers

Find a relevant customer in the system and go to the “Payment Terms” tab, click the button

“Credit Cards“ and a new window will open showing all credit cards assigned to the customer.

If you want Credit Card payments to be enabled for the customer please check the checkbox “Use

Credit Card as payment option for this business partner”.

63


General use

Note: The first credit card that is added will always be marked as default.

Default column The default Credit Card will be used and suggested automatically inwindows and automatic actions.

Card name columnThe card name column is an information only column. You are free tochange the name to something different. The card name will be shown inthe Authorization window and other windows in the system.

Contact Personcolumn

You have the option to link the Credit Card to a specific contact person. If aContact Person is selected the Credit Card for that Contact Person will beused when doing automatic actions on documents where the ContactPerson is selected.

Max. amount pr.trans.

Here you can define the maximum amount that can be authorized/settledpr. transaction for a card.This will influence the authorizations and the settlements. If a doc total foran invoice is higher than the maximum amount it will only settle what itcan.

Clicking button “Add” on the right side of this window will, depending on the configuration,either open a browser or a window in SAP.

When adding a card to a business partner using the Internal Browser option, you can right-clickand choose 'iPayment - Fill BP details', iPayment will then try to fill in the Business Partner detailsfrom the currently selected business partner.

64


General use

You have the option to remove a card if you no longer want it to be visible in the system.

Test Credit Cards

Secure Trading To test credit cards please use the following details:Card type: VISACard number: 4111111111111111Expiry date: 01/2034Security code: 413 To test the account check feature please use the followingdetails:

Valid account check info:House name/no: 789Postcode: TE45 6ST Invalid account check info:House name/no: 123Postcode: TE12 3ST

Authorize.NET To test credit cards please use the following details:The expiration date must be set to the present date orlater. Use 123 for the CCV code.


Discover 6011000000000012

Visa 4007000000027

JCB 3088000000000017

CyberSource To test the credit card please use the following details:

65


General use

First name John

Last name Doe

Email [email protected]

Street 1295 Charleston Road

City Mountain View

State CA

Zip 94043

Country US

Card type Visa

Card number 4111111111111111

Expiry month 07

Expiry year 2032

Security code 123

7.3 One-time Credit Cards/Customers

You have the option to use One-time Credit Cards. This works by associating the Credit Card witha specific document/incoming payment instead of associating it with a specific Business Partner.The One-time Credit Card feature is enabled on Business Partner level. If you enable a customeras a One-time customer all documents created will be a one-time document. All authorizationand settlement actions will expect a Credit Card connected directly to the document and will nottake into account the Credit Cards stored on the Business Partner. This means that you will not beable to use the Credit Cards from the Business Partner on the document.You are still able to store Credit Cards on the One-time customer to allow for creating incomingand outgoing payments on account instead of having to always provide a one-time Credit Card.This allows for easy settlement of outgoing and incoming payments where the customer wants topay/refund without a document.

To set a customer as a One-time customer please set the UDF iPayment – One time customer to“Yes”.

66


General use

After setting the UDF to “Yes” the customer is now considered a one-time customer.

The rest of the flow in iPayment is more or less the same as when not using a one-time customer.The main difference is that you will be prompted to enter Credit Card details when addingdocuments (depending on your settings) and when doing authorization/settlements.Here a document with authorization set as automatic and a one-time customer is added:

You are then prompted to add “One-time Credit Card” details to continue with the authorization.

After entering the details in the browser iPayment will continue with the authorization (can takeup to 30 sec). The same will happen for settlement and if you try to open the authorizationwindow without any Credit Card details on the document.

67


General use

The rest of the system works in the same way. You can refund settlements and you can make/voidauthorizations.

Note: iPayment does not support splitting the authorization/settlement on multiple cards whenusing a one-time Credit Card.

7.3.1 Send one-time Credit Card link (Secure Trading only)

You have the option to send a link to the customer allowing them to associate their Credit Cardwith a specific document in SAP. This way the customer can enter the Credit Card details in asecure environment without any employees seeing the Credit Card details. When adding thedocument you get prompted to choose how to add the one-time Credit Card.

If you select the “Send link” option a link will get copied to the clipboard that you can then sendto the customer.When the customer saves the Credit Card details the Credit Card will be associated with thedocument and the user that requested the link will get notified. Note: If the document is setup to automatically authorize this will be done and the approved flagwill be set if “Control sales order approval” is enabled.

68


General use

7.4 Converting a one-time credit card to a BP credit card

For all gateways except Authorize.NET, it is possible to convert a one-time credit card into aregular credit card, which is added to a business partner.

To do this, access the credit card form of a business partner, here you will find the "Convert one-time card" button.

69


General use

When you open the conversion screen, you will see a list of documents with one-time creditcards available to convert. You then have the option of selecting the card you want to convert,and confirming the choice by clicking OK. iPayment will then try to convert the one-time creditcard into a business partner card and attach it to the customer.

Please note: This feature is not available for Authorize.NET.

7.5 Mass link generator (Secure Trading Only)

The “Mass link generator” tool allows you to export a list in CSV format of Business Partners,emails and links that can be used to add a Credit Card to a Business Partner.

70


General use

First you select the filters that you want to use. You can use the BP Group filter or you can createyour own filter using SQL. Next you select the customers that you want to export.After selecting the customers you can press the “Export” button to start the export.

After selecting yes to start the export you have the option to get notified when Credit Cards areadded for a customer. If you select yes you will get an internal message when a customer addsthe Credit Card.

After selecting where the file should be saved the system will create a CSV file in the location youhave selected and you can then send out the links in your preferred way.

71


General use

7.6 B1 iPayment tab on documents

After enabling authorization on a document you will see a new tab on the document.

On this tab you can overwrite the “Use credit card as payment” and the “Authorization action”before adding the document.You can also see a log that shows information about what iPayment has done on this and parent/child documents.

"Use credit card as payment"This field controls if iPayment should look at the document or not. The following values areavailable:“Yes” if this value is selected iPayment will depending on the setup try to authorize/settle the

72


General use

document and control the sales order approval. This also makes the right-click options availableon the document and makes it show in the batch windows. You can still process the document asa no credit card document (if for example the customer does not have a Credit Card). You are notforced to complete the document flow by Credit Card if this is yes but iPayment will look at thedocument when it is processed. You can always void all authorizations on the document toprevent iPayment from settling it.

Once you have selected “Yes” and saved the document you cannot undo the selection. This isrequired as the document many now have open authorizations/settlements and iPayment doesnot allow you to change this as it would prevent iPayment from looking at the document goingforward.

“No” if this value is selected iPayment will not do anything with the document. Right-clickoptions are not available and the document will not be processed by iPayment. You can changefrom “No” to “Yes” or “As business partner” later.

“As business partner” if this value is selected (This is the default value) iPayment will look at thebusiness partner to determine if it should do something. This value is directly related to the field“Use Credit Card as payment method for this business partner”. If the field on the businesspartner is checked the document will be treated as the option “Yes”. If the field is unchecked thedocument will be treated as the option “No”,

Note: It is not recommended to change the “Use credit card as payment” option when using the“Copy To” system in SAP. This might lead to having authorizations that will never be completed.

"Authorization action"

This option determines how iPayment should handle the Authorization when the document isadded to the system. The following values are available:

73


General use

As configuration If this value is selected (This is the default value) theconfiguration determines what iPayment should dowhen the document is added.

Do nothing If this value is selected iPayment will not do anythingwhen the document is added.

Show authorization popup If this value is selected iPayment will show theauthorization popup that allow to authorize thedocument with multiple Credit Cards and differentamounts (See the authorization chapter).

Automatic authorization If this value is selected iPayment will do an automaticauthorization where the document is added on thedefault Credit Card on the business partner.

"One-time Credit Card"Here you define if the document should use a one-time credit card instead of a card defined onthe business partner.

Note: If you on Business Partner have defined it to be one-time CC this will always be treated as‘yes’ (even if the value says otherwise [can occur if document was created while iPayment wasnot running or in background])

7.7 Automatic fraud check on authorization/settlement

When doing an authorization or settlement without any previous authorization iPayment willautomatically check the fraud data returned by the gateway.

Secure Trading:

· AVS checking result will be checked.

Authorize.NET

· AVS and CAVV result will be checked.

CyberSource:

· AVS result will be checked

Eway:

· Nothing is checked

If one or more of the checks is returned as failed by the gateway iPayment will show a warningmessage. It will be up to the user to respond to the message returned by the gateway and takethe appropriate actions.

You can see the result of the checks in iPayment tab on the documents:

74


General use

Testing the fraud features:Secure Trading please visit: http://www.securetrading.com/files/documentation/STPP-AVS-and-CVV2.pdfAuthorize.NET please visit: http://developer.authorize.net/hello_world/testing_guide/

7.8 Authorization

The following conditions must be fulfilled before an authorization for a document can be done:

· Document Pay with Credit Card must be set to “Yes” or “As business partner”

· Field on the document related customer “Use credit card as default payment” must be setto “Yes”

· An active and default credit card exists on customer or the customer is a one-timecustomer

Based on the configuration the Credit Card Authorization window will automatically pop-up aftercreating a document or manual activation using right click on the document in OK mode andselecting Authorization.

If the customer related to the document is setup to be consolidated to another customer then thecredit cards from the consolidated customer will be shown.

If the configuration allows it the markup value can be edited by the user to whatever is needed.Note on markup: The markup should not be entered as part of the amount on the lines. Themarkup is always applied to the last credit card selected.

The user can also see if an amount has already been authorized for the current document or basedocuments that this document is created from.

Base documents example: If a delivery is authorized and have a markup value of 10 USD then theInvoice will not be able to change the markup as the markup is already authorized. If an invoice

75


General use

consists of multiple deliveries then it is the total sum of all the base documents that will beshown as the markup value.

Clicking the button “Authorize” will contact the gateway with the credit card details and theamount and submit an authorization request. A response will be sent and saved related to thedocument.

Tip: You can add a new credit card by using the option in the dropdown.

Note: Not possible with a one-time customer.

Example where an invoice was made using the “Copy from” system.

76


General use

At any given time the user can see the log on the iPayment tab on the document.

7.8.1 Void authorization

You have the option to void the authorization using the “Void Authorizations” button

This will void/cancel all authorizations and you will then be able to start the authorization processagain.

7.8.2 Automatic re-authorization

It is possible to have the iPayment Server Component automatically try to re-authorizeauthorizations when they have expired.To enable this, you need to configure it in the configuration screen.

77


General use

This will make the Server Component try to make a new authorization instead of marking theexisting authorization as expired.The Server Component checks authorizations and performs this action once every 12 hours.

7.9 Settlement window

The following conditions must be fulfilled before a settlement for a document can be done:

· Document Pay with Credit Card must be set to “Yes” or “As business partner”


· An active and default credit card exists on the customer or the customer is a one-timecustomer

You can activate the window manually using right click on the document in OK mode or selectingedit on a batch settlement line.

78


General use

When the window opens, it will by default suggest the best possible settlement option based onexisting authorizations and active Credit Cards. You have the option to change how thesettlement should be done.You can split it on multiple Credit Cards or you can choose to settle a lower amount than thecurrent document total.

If you have an existing authorization on the document this will also be shown if the authorizationcan cover the settlement and it has not expired.

The authorized amount column will now show the authorization and the Credit Card selection willbe read only as you cannot change the Credit Card on an existing authorization.If you do not want to use the authorization you can right-click on the rows-header of the lines andunlock it:

79


General use

This will void the authorization during the settlement process (When you press OK) and you arenow free to choose another Credit Card to perform the settlement on.

Clicking the button “OK” will either settle document or save the changes to the batch settlementwindow.

7.10 "Pay now" links

You have the option to create a "Pay now" link on invoice type documents.This will allow you to send a link to the customer where they will be able to pay the amount thatwas open on the document when the link was generated.To access the functionality do a right-click on the document that you want to generate a link for:

A link will be copied to your clipboard that you can then send by email to the customer.

Important: When the link is generated it is not possible to revoke/cancel the link.

When the customer pays the invoice using the link this will be picked up by iPayment and theincoming payment document will be created if this is enabled in the settings.You will also get notified in SAP that the link has been paid.

80


General use

Note: If the document amount changes between you sending the link and the link getting paidthe incoming payment will still be posted.If the document is closed between you sending the link and the link getting paid the incomingpayment will be made as "on account".

7.11 "Add Credit Card" links

Rather than entering a customers credit card options for him, you have the option of sendingthem an "Add credit card" link.Once they visit the link, they will be taken to a hosted gateway page where they can enter theircredit card details.

Once they've done so, the iPayment Server Component will query the gateway to retrieve thecredit card token, and import it into iPayment, associated with the correct business partner.

You generate a link by going to the desired BP's credit card window and selecting the "copy toclipboard" option as shown below.

81


General use

When the credit card has been successfully imported, you will receive an internal systemmessage to inform you that the card was added.

7.12 Document refund

You have the option to refund a document that was settled using iPayment.The option can be found as a right-click menu item.

82


General use

The system will void/refund the entire settlement and will cancel any incoming payment that hasbeen created by iPayment.

After the refund is done it will ask if you want to create a credit note.If you press this option it will open the A/R Credit Memo window which can then be added to thesystem.

Note: For A/R Down Payments you need to refund any invoice document before you can refundthe A/R Down Payment.

7.13 Document refund – partial

To do a partial refund on a document please follow the steps below.

1. Find the invoice document that you want to refund.2. Right-click and press “Partial refund”

a.

3. Read the message and press “OK”

83


General use

a.

4. The credit note will now open and you can add the lines that you want to refund:

a.

b. You need to manually add the amount and lines that you want to refund5. Press add to save the Credit Note and refund the customer.

a.

b. IMPORTANT: When adding the Credit Note iPayment will refund it. This willtransfer the money to the customer.

84


General use

6. The Credit Note has now been refunded to the customer

7.14 Credit Memo refund

This functionality will refund without any base transaction. This is the same as sending money tothe customer directly as no existing transaction is voided or refunded.You have the option to refund a Credit Memo using one or more Credit Cards.The following conditions must be fulfilled before a refund for a Credit Memo can be done:

· Document Pay with Credit Card must be set to “Yes” or “As business partner”. Thedocument cannot be linked to any other documents.


· An active and default credit card exists on the customer

· The gateway supports CFT/ECC (Credit founds transfer/Expanded Credit Capabilities) andthat it is enabled in the configuration

· Note: One-time customers are not supported

To use this feature create the Credit Memo and then do a right-click "iPayment - Refund now".

85


General use

In the window that opens you can choose the amount to refund and what Credit Cards should berefunded:

86


General use

After pressing "OK" the refund will be done and an outgoing payment will be created in thisfeature is enabled in the configuration.

7.15 Incoming payment

You have the option to settle an incoming payment using Credit Card.To use this feature open the incoming payment and select the customer and the documents youwant to settle using Credit Card.

87


General use

You can then open the payment means window and select the “Credit card” tab

Here you can press the “Select Credit Card”/”One time Credit Card” button to select/add a creditcard you want to settle on.After selecting/adding the Credit Card the screen will be filled out with some data:

You can change the “Amount Due” column and add a second voucher to settle on multiple CreditCards or just do a partial settlement.

Note: It is important that you do not change any of the values other than the “Amount due” set bythe system as this may lead to the settlement not being done. It is also important that you nowadd the payment to the system without including additional documents as the data for thesettlement has already been prepared.

Technical: The actual settlement is done when the payment has been added successfully to thedatabase. Should anything go wrong during the settlement a message will be shown (and an alertwill be sent if setup). The user then needs to correct the issue and cancel the incoming paymentand manually make it again. There is no automatic handling of settlements that are notcompleted correctly with the gateway.

88


General use

7.16 Incoming payment – refund

You have the option to refund payments created using the payments means system. To refundthe payment right-click and select “Refund now”

You will be asked to confirm that you want to refund the payment. If you confirm it will cancel thepayment and refund the transaction.

7.17 Outgoing payment – refund (Send money to customer)

You have the option to refund an outgoing payment using Credit Card for a customer.To use this feature open the outgoing payment and select the customer and the credit note youwant to refund using Credit Card.

89


General use

You can then open the payment means window and select the “Credit card” tab

Here you can press the “Select Credit Card” button to select a credit card you want to refund on.After selecting the Credit Card the screen will be filled out with data by iPayment. You can changethe “Amount Due” column and add a second voucher to refund on multiple Credit Cards or just doa partial refund.

Note: It is important that you do not change any of the values other than the “Amount due” set bythe system as this may lead to the refund not being done. It is also important that you now add

90


General use

the payment to the system without including additional documents as the data for the refund hasalready been prepared.

Note: Using this feature is basically the same as sending money to the customer and it mayrequire special permissions at gateway level depending on the gateway. Please make sure thatyour gateway account has the correct permissions.

Technical: The actual refund is done when the payment has been added successfully to thedatabase. Should anything go wrong during the refund a message will be shown (and an alert willbe sent if setup). The user then needs to correct the issue and cancel the payment and manuallymake it again.There is no automatic handling of settlements that are not completed correctly with the gateway.

7.18 Deposit on Order

iPayment supports using both business partner and one-time credit cards to handle deposits onorders.

To do this, use the right-click menu "Payment Meants" on a Sales Order that is configured to usecredit cards.Here you will have the option of selecting a credit card from the business partner or adding a one-time card directly.

91


General use

Doing this will automatically create an Incoming Payment linked to a Down Payment and settle itagainst the gateway.The Down Payment will be referred in the Remarks field on the Sales Order.

7.19 Cancel of Sales Order/Delivery

When doing a "Cancel" of a Sales Order/Delivery document that have one or more openauthorizations you will get a prompt:If you choose "Yes" all open authorizations will be voided (including base/target documents).If you choose "No" nothing is done by iPayment and you can cancel the document and keep theauthorizations.

92


General use

7.20 Batch Processing

iPayment includes a batch processing wizard, which allows you to search for various documenttypes based on relevant parameters.The batch processing wizard replaces the Batch Refund, Batch Settlement and Batch Authorizationforms.

93


General use

When you open up the batch processing window, you have several search options available toyou. These can be seen in the screenshot below.

It is also possible to filter on Business Partner properties by clicking the properties button in thefilter screen. This will take you to the BP Properties window.

94


General use

If you are familiar with SQL syntax and want a more customized search, it is also possible to applyyour own SQL statements for filtering, ordering the output or selecting additional columns. This is done using the Advanced window, which you can access by clicking the advanced button onthe filter form.

95


General use

If you decide to add additional columns in the Advanced form, you have the option of formattingthe title of the column shown in the output. This is done by accessing the Advanced Format form.

After you have applied all the filters, you have the option of saving the filter template for futureuse. This is done by clicking 'Save as template'. You will then have to name the template.Templates are saved on a per-process basis. You can save different templates for Refunds,Settlements and Authorizations.

NOTE: Template names are unique.

96


General use

Once the template is saved, several options will appear. These will allow you to Update, Deleteor set the template as the default template to be used when you open the form.

When you've input the desired search options, you can click the Next button to see the results.The three result forms will be discussed one by one on the following pages.They are very similar, but depending on the type of processing the output columns will varyslightly.

7.20.1 Batch refund

Refund can be done from Banking -> Credit Card Processing -> Batch Refund.Note: The batch refund screen requires that the gateway supports CFT/ECC (Credit foundstransfer/Expanded Credit Capabilities) and that it is enabled in the configuration

97


General use

Here the user can select individual lines to refund or select all/none using the buttons to theright.

Clicking “Refund” will process all selected lines one by one.

You have the option to change the amount to refund by editing the “Amount to refund” column.

Note: All lines shown in red are lines that cannot be processed at the moment due to an invalidsetup.

Note: The batch refund screen only shows credit notes that are not linked to any document (to doa refund on an invoice document please use the right-click option on the document)

7.20.2 Batch settlement

Settlement can be done from Banking -> Credit Card Processing -> Batch Settlement.

Note: You do not need to authorize to settle. If no authorizations are made the settlement will bemade directly.

98


General use

· Select the document type at the top to process.o You can select individual lines to settle or select all/none using the buttons to the

right.

· You have the option to edit how the settlement should be done by marking a line andpress “Edit”.

o

§ Please see the section “Settlement window” for information on how thewindow works

99


General use

· Clicking “Settle” will process all selected lines one by one.o The document and payment will always be settled on today’s date.

7.20.3 Batch authorization

Multiple authorizations can be executed from Banking -> Credit Card Processing -> BatchAuthorization.

Here the user can select individual lines to authorize or select all/none using the buttons to theright.

Clicking “Authorize” will process all selected lines one by one.

Note: All lines shown in red are lines that cannot be processed at the moment due to an invalidsetup.

7.21 Scheduled Processing

The iPayment ServerComponent has the capability to do automatic authorization and settlementof documents based on parameters you have specified.Scheduling actions requires the BP to have a default credit card defined.

You'll find the menu item under Add-Ons-->B1 iPayment -->Scheduled Actions - once you click it,you'll see the window shown below.

100


General use

The window allows you to configure the following parameters:

Name A given name for the action to help you identifyit.

Type Determines what type of documents this actionwill be performed on.

Action Determines what action to perform on thedocuments that match the WHERE condition. It'spossible to authorize or settle documents usingthe scheduled actions.

Where Condition The WHERE condition used to select thedocuments on which the action is performed.Seeing how actions are recurring, you will mostlikely want to include some sort of time-component in the WHERE condition.

As an example, you might want to authorizedocuments 5 days before their DueDate, inwhich case you'd include the DueDate as part ofyour WHERE condition.

Active Determines whether the action is currentlyactive. Disabling this options means that theServerComponent will skip this action duringprocessing.

NOTE: Since you'll be writing the WHERE condition of an SQL statement, please make sure thatthe condition only selects the documents you intend to do authorization or settlement on!

NOTE: Scheduled Actions do not support mark-up amounts.

7.22 Settlement Report

iPayment also includes a settlment report, which allows filtering and searching for settlementactivities.

101


General use

This report is useful for getting an overview of payments that have already been settled. Belowyou see an example of a settled transaction, shown in the report.

The report requires you to specify a from and to date, to limit the search result, and prevent thequerying from taking too long.

7.23 Re-authorization of Sales Orders

Re-authorization of expired sales order authorizations can be done from: Sales – A/R -> iPayment– Re-authorization.

To proceed with the re-authorization you selected the documents that you would like to re-authorize. The re-authorization will be done on the same amount as the existing authorizationand it will mark the existing authorization as void.

102


General use

Note: When doing re-authorization it expects the existing authorization to have expired. Thismeans that it will not void the authorization against the gateway but will just mark it as void inthe database.

Expert: If you need to change the default expiry value for the gateway you can do this in the UserDefined Table called BOY_E0_CONFIG. Locate the fields “ST – Reauth (Secure Trading)” or “AU –Reauth (Authorize.NET)” to change the default expiry days. Please only change the defaultvalues if you are sure that this is needed. Changing the value may lead to getting overlappingauthorizations as iPayment does not void the existing authorization as explained above. Defaultfor Secure Trading is 7 days. Default for Authorize.NET is 30 days.

7.24 Result window

After using the batch or re-authorization functionality a result window will show.Lines in green are lines that was processed successfully and lines in red are lines that could not beprocessed due to an error.The error can either originate from iPayment or from the gateway depending on what the issue is.

7.25 Credit Card Expiration

In order to keep credit cards up to date a report can be extracted using dates and customer asfilter. The report can be found under Banking -> Credit Card Processing -> Credit Card Expiration.

If a customer’s credit cards is about to expire the customer should be notified so new credit carddetails can be added to the system.

103


General use

Note: This option is not available for Authorize.NET if the option “Use Credit Card form instead ofwebpage” is disabled.

Common use cases

106


Common use cases

8 Common use cases

8.1 How do I handle prepayments?

To handle prepayments in SAP you can create an A/R Down Payment Invoice based on the A/RSales Order.

First create the Sales Order and do the authorization either automatic or manually.

Now copy the sales order to the A/R Down Payment Invoice and add it.

107


Common use cases

Depending on the setup it will either automatically settle the down payment or you can settle itmanually using the batch settlement screen. You now have the money booked in SAP and you canthen close the sales order using a delivery document.

8.2 How do I handle partial payments?

You have three options. You can use the iPayment “Batch settlement”, the right-click settlementoption on the document or you can use the incoming payment screen.

Batch settlement: After adding the document open the “Batch settlement” window and find thedocument and change the settlement using the “Edit” button.Should the customer want to settle the entire transaction at a point in the future you can use theincoming payment to accept the remaining amount.

108


Common use cases

Right-click settlement option: Please see the section “Settlement window”.

Incoming payment screen: After adding the document open the incoming payment window andfind the document. Change the “Total payment” column to reflect the payment to settle andproceed as explained in the chapter “Incoming payment”.

Note: you cannot use the option “Automatic settlement” if you want to do partial payments.“Automatic settlement” will always settle the full amount.

109


Common use cases

8.3 How do I settle on multiple Credit Cards?

You have the option to use the “Settle now” option on the invoice document to specify how tosettle the document. Please see the chapter “Settlement window”.

Alternatively you can use the incoming payment to settle the document using two vouchers:

8.4 How do I refund everything?

To refund an entire document use the right-click option “iPayment - Refund now”. Please see thechapter “Document refund”.

8.5 How do I create a partial refund (Credit Card saved on BusinessPartner)?

To do a partial refund please create a standalone “A/R Credit Note”. This credit note cannot belinked to a document. After creating the credit note you can either refund it using the “BatchRefund” window or using an outgoing payment.

Right-click refund on the Credit MemoPlease see the topic "Credit memo refund"

Batch refund:

84

110


Common use cases

Here you can change the “Amount to refund” column to refund the Credit Note and it will bedone on the default Credit Card on the business partner.

Outgoing payment:You can refund money using the outgoing payment. You can refund to one or multiple CreditCards.Steps to make:

1. Create the Credit Note and add it to the system2. Open the Outgoing Payments window and mark you Credit Note3. Open the Payment Means window and select the “Credit Card” tab

a.

4. Press the “Select Credit Card” button and mark or double click on the Credit Card youwant to use:

111


Common use cases

a.

5. Now the “Payment means” window will populate:

a.

6. Press “OK” and then add the outgoing payment.7. The payment will now have been refunded by iPayment

112


Common use cases

8.

8.6 How do I create a partial refund for a one-time document?

Note: This functionality is not available for Eway

To do a partial refund on a one-time document please follow the steps below.

7. Find the invoice document that you want to refund.8. Right-click and press “Partial refund”

a.

9. Read the message and press “OK”

113


Common use cases

a.

10. The credit note will now open and you can add the lines that you want to refund:

a.

b. You need to manually add the amount and lines that you want to refund11. Press add to save the Credit Note and refund the customer.

a.

b. IMPORTANT: When adding the Credit Note iPayment will refund it. This willtransfer the money to the customer.

12. The Credit Note has now been refunded to the customer

114


Common use cases

a.

8.7 Transactions rejected after settlement (Manual process)

When iPayment asks the gateway to settle a transaction the actually settlement is not processeduntil in the night for most gateways. While the gateway does make certain checks to ensure thatthe money can be pulled it is not known until later if the Credit Card will ultimately be rejected.iPayment does not know the status when the transaction is finally processed and in case theCredit Card is rejected later the users’ needs to manually control and handle this scenario.iPayment does not have any automatic notification system as most gateways offer an emailnotification system instead that will warn if transactions that are expected to pass are rejected. Itis important that the users receive the gateway warnings and proceed accordingly.This is a manual process and should be done individually for the transactions that fail.

8.8 Reconciliation

To reconcile your bank account and move the money from the clearing account please use thedeposit feature in SAP. The deposit feature can be found under Banking -> Deposits -> Deposit.

115


Common use cases

The Credit Card tab will show all incoming payments created using a Credit Card. If the paymentwas created by iPayment the voucher no. will be populated with the transaction referencecreated by the payment gateway you are using. The transaction reference should allow you toreconcile the payments when the money has been transferred to your bank account.

Troubleshooting

118


Troubleshooting

9 Troubleshooting

9.1 I get the error “-10 – Payment method not defined” wheniPayment does the settlement

Please make sure that you have defined what Payment Methods should be used for the CreditCard payments in SAP.

SQL Queries

120


SQL Queries

10 SQL Queries

This topic contains MSSQL queries that can be used together with iPayment.

10.1 All open sales orders without a Credit Card record

The SQL below will show all open orders without any Credit Card connected where either thecustomer or the document is marked as "Use Credit Card".

SELECTT0.DocEntry 'Document entry',T0.DocNum AS 'Document number',T1.CardCode AS 'Customer code',T1.CardName AS 'Customer name',CASE WHEN T0.DocTotalFC <> 0 THEN T0.DocTotalFC ELSE T0.DocTotal END AS 'Open Doc.Total',T0.DocCur AS 'Currency'FROM ORDR T0LEFT JOIN OCRD T1 ON T1.CardCode = CASE WHEN (ISNULL(T0.FatherCard, '') <> '' ANDT0.FatherType = 'P') THEN T0.FatherCard ELSE T0.CardCode ENDLEFT JOIN [@BOY_E0_BPEXT] T3 ON T3.U_CardCode = CASE WHEN (ISNULL(T0.FatherCard, '')<> '' AND T0.FatherType = 'P') THEN T0.FatherCard ELSE T0.CardCode ENDLEFT JOIN [@BOY_E0_OTCC] T4 ON T4.U_DOCENTRY = T0.DocEntry AND T4.U_OBJECTTYPE = 17WHERE( T0.U_BOY_E0_CCPAYEX = 'Y' OR ISNULL(T1.U_BOY_E0_OTCC, 'N') = 'Y' OR (T0.U_BOY_E0_CCPAYEX = 'B' AND T1.U_BOY_E0_CCPAY = 'Y'))AND ISNULL(T4.U_TRANSREF, ISNULL(T3.U_DefaultCard, '')) = ''AND T0.DocStatus = 'O'

B1P&D integration

122


B1P&D integration

11 B1P&D integration

B1P&D have the option to integrate with B1 iPayment allowing for sending out one-time CreditCard links automatically.Please see the B1P&D manual for information on how to setup the integration.

The links generated by B1P&D will be treated in the same way as the links generated byiPayment. Please see the topic "Send one-time Credit Card link" for more information.

Appendix 1 - iPayment Gateway and servercomponent flows

124


Appendix 1 - iPayment Gateway and server component flows

12 Appendix 1 - iPayment Gateway and server component flows

125



126



Appendix 2 - Authorization flow explanation

128


Appendix 2 - Authorization flow explanation

13 Appendix 2 - Authorization flow explanation

iPayment only starts the authorization/settle process after the document has been added. Thisway we can be sure the data is in the database and that we authorize on the correct documentand that nothing else is blocking the sales order from getting added (Like a stored procedure). Wedo it this way to avoid the scenario where the authorization is added to the gateway, the salesorder add is blocked by the transaction notification/another add-on and the user then decides tonot add the sales order. In this scenario we would end up with an authorization that would not belinked to any document.

129


Index

- A -Action log 62

Alerts 47

All open sales orders without a Credit Card record 120

Appendix 1 – iPayment Gateway and server componentflows 124

Assign credit cards to customers 62

Authorization 41, 74

Authorization flow explanation 128

Authorize.NET 18, 26, 27, 27, 33

Automatic fraud check on authorization/settlement 73

- B -B1 iPayment 8

Batch authorization 99

Batch refund 96

Batch settlement 97

- C -Card store/CIM system and Credit Card details(Tokenization) 14

Configuration 31

Credit Card Expiration 102

Credit Card mapping 46

CyberSource 19, 26, 33

Cybersource and interaction with Add credit card [Howdoes it work] 22

Cybersource and interaction with Add credit card website[Mandatory] 19

- D -Data theft 11

Database Information 30

Document refund 81

Document refund – partial 82

- E -Eway 22, 22, 23, 27, 35

- G -Gateway requirements 18

General 39

General use 62

- H -How do I create a partial refund (Credit Card saved onBusiness Partner)? 109

How do I create a partial refund for a one-timedocument? 112

How do I handle partial payments? 107

How do I handle prepayments? 106

How do I refund everything? 109

How do I settle on multiple Credit Cards? 109

- I -I get the error “-10 – Payment method not defined” wheniPayment does the settlement 118

Incoming payment 86

Incoming payment – refund 88

iPayment and Payment Application Data SecurityStandard (PA-DSS) 10

iPayment and Payment Card Industry Data SecurityStandard (PCI-DSS) 8

iPayment tab on documents 71

- K -Known limitations in iPayment 11

- L -License 30

- M -Mass l ink generator (Secure Trading Only) 69

- O -One-time Credit Cards/Customers 65

Outgoing payment – refund (Send money to customer) 88

130


Index

- P -Payment terms 48

Permissions 47

PII/PCI 11

- R -Re-authorization of Sales Orders 101

Reconciliation 114

Result window 102

- S -Secure trading 18, 26, 31, 36, 37

Secure Trading - Currencies 50

Secure Trading - Customizing the “Add credit card” page 49

Send one-time Credit Card l ink (Secure Trading only) 67

Settlement and refund 44

Settlement window 77

SQL Queries 120

- T -Transactions rejected after settlement (Manual process) 114

- V -Void authorization 76

- W -What is Credit Card Tokenization and why is itimportant? 14

Documents

B1 iPayment - Boyum IT · PDF fileDoes B1- iPayment transmit PII or PCI data from/to the ERP host system? Only non-sensitive PII data like first name, last name, street, city, state,