Sage 100

Holy crap, what the hell am I missing? How have I not had to address this previously? Client just upgraded from 4.40 to v2014. When they enter credit card Sales Orders, they simply just specify the credit card info and that's it; they don't pre-auth or charge the card or anything at that time; that's done at time of S/O Invoicing when they hit the card for the full order/invoice amount. So therefore they're unable to appropriately enter the CVV2 (validation code) during S/O Entry at the same time they enter the credit card info, which means they won't have it during Invoicing. In 4.40 you could enter the CVV2 during S/O Entry even if you're not performing an actual credit card transaction. I know the code can be stored in some other field, but that defeats part of the whole PCI Compliance.

Good points Brett. I would like to see some best practices others employ for this when the time between pre-auth and shipment (invoicing) is lengthy and credit cards are in use. Storing the code is definitely frowned upon.

Storing the CVV2 is frowned upon... however I see most clients use that ""code"" as the Card ID.

@MadelineStefanou - Interesting....

And it will get even more interesting if they have a data breach...

Agree @PhilMcIntosh. If they are using the CVV as the card ID, they didn't get that idea from us!

So what is it that Sage expects folks to do in this situation? As far as I can tell, the only option is to basically go against PCI Compliance and store the validation code somewhere. Same 'ol Sage I guess. 1 step forward by introducing/integrating Sage Exchange Vault re: PCI Compliance, but 2 steps back by taking away the ability to enter the validation code during S/O Entry (unless of course you actually process a cc trans from S/O Entry).

So basically I found out that you can simply no longer store the CVV2 in Sage 100 like you used to be able to in S/O Entry. Doing so goes against PCI Compliance. If however you pre-authorize a credit card during S/O Entry, you'll be prompted to specify the CVV2 within Sage Exchange. Therefore I'm suggesting the client reach out to SPS to make sure they understand if and how their credit card processing rate/fees might change if they begin pre-authorizing. I'm also encouraging them to inquire as to the impact of whether the CVV2 is present or not during S/O Invoice Entry credit card processing.

Ok so based on What @BrettZimmerman is saying does anyone know how APS deals with this?

American Psychological Society, @DianeRuth?

American Payment Solutions .

@DianeRuth, I don't think it matters whether it's SPS or APS or whomever, because the CVV2 field is just no longer present in Sage 100 S/O Entry.

Well I am pretty sure that APS has a feature in their gateway - not in MAS - that tells the system to remember the cvv code in the vault or gateway and not require it any longer. Ask for Melanie at APS.