Sage 100

A couple of SPS questions: 1) Are customers charged for pre-authorizations? 2) How long do pre-auths remain before expiring?

The answer to 1 is no, the get charged when the charge is processed, and I can't remember what the answer is to 2.

#2 - 7 days before expiration.

There is a field called Pre-Authorization Term in Payment Type Maintenance.

No matter what the field in MAS 90/200 says, I was told the term is still 7 days through SPS.

That's what I thought the answers were - thanks for confirming!

I thought the Pre-auth expiration depended on the bank. Some banks leave it on longer than others.

The pre-authorization depends on the processor, not the customer's bank. SPS sets it at 7 days (from my last information).

Cool, thanks Dawn!

#blog Good info

According to Rich Englhard from Sage, the authorization expires after 7 days (meaning the funds are no longer being held) but the authorization *number* actually remains in effect for 30 days meaning you could still process it as long as funds are available... I found out one other thing about PCI compliance. A customer had someone hack into their SPS account and enter ~$10k worth of credits to their card. Since the customer hadn't done the PCI compliance routine, they are stuck with the cost and are paying it back to SPS. Very expensive lesson!

Ouch!!!!

Can you elaborate on ""the PCI routine"" - is this documented somewhere?

I believe it was through Trustwave for SPS. See http://www.sagesoftwareonline.com/sw_attach/kdb.asp?isresolutionconceptid=523962

I might add, ""See it while you can.

I'm going to ask Sage to expand on this because it seems like important information that we would want to pass along to all of our customers. Was there some overriding issue like the customer had the password taped to the computer or there was no password security on the network logins, etc. If you come across anonymized details we can get a more formal reply from Sage - probably from the SPS folks and maybe Erika J who I understand is quarterbacking much of this integration.

I am under the impression that the ""only"" thing that we are losing is order entry capabilities.

@WayneSchulz A little more info on the customer who was hacked and the PCI compliance piece... This customer had a location that was using a Hypercom terminal. Each terminal has a V number that should be secured (it is not on the terminal itself). Apparently, this customer's V number was somehow obtained and used by the hacker. I asked how being PCI Compliant would have eliminated this and my SPS contact said it wouldn't completely but since this customer was never certified as PCI compliant, they are 100% on the hook. Being PCI compliant protects you ""to a certain extent"" although they do have investigators for every claim. The Trustwave piece analyzes the network for firewalls, etc. but it can't protect idiots from disclosing confidential information. Hope that helps! I am meeting with this SPS contact next week. If I get more information, I will share it with you.

I'm a bit confused - is SPS's assertion that every customer has to go through a PCI compliance audit in order to avoid liability?

Well, they don't have to but anyone - whether they are using SPS or not - is subject to liability in the event of fraud. I believe the PCI compliance thing was instituted by the credit card companies themselves. I'm just relaying what happened to this specific customer. Here is a link to the PCI Security Standards Council for more info than you probably want: https://www.pcisecuritystandards.org/