Cyrious Credit Card Service (C3S)


Beginning January 1, 2017, the credit card module will no longer be able to process credit cards in SMS. You will still be able to save and view credit card information in SMS, but the processing will no longer function.


Installation And Setup

New Installation

SMS 8.9 pci and later requires the Cyrious Credit Card Service (C3S) program to run in order to store sensitive credit card information in the database using the PCI-DSS standards. CS3 requires that Microsoft .NET 3.5 Framework be installed on the machine it will run on. The C3S Host installer will automaticallly download and install the .NET framework if it detects that it does not exist.

The setup program installs to [ProgramFilesFolder]Cyrious\SSLIP\Utilities\C3S. The C3S Host application must be installed in the \Utilities\C3S\ subfolder of the folder where the SSLIP.exe is, in order for the SSLIP to automatically run and close it.

Automatic Installation

The SSLIP will check for the C3S Host on startup and if it does not detect that it is installed, the SSLIP will automatically run the MSI installation file.

Detecting the C3S Host
The SSLIP will check for the C3SHost.exe file in the \Utilities\C3S\ sub folder ( or the file name specified in C3SHostFileName option in SSLIP options). If the file does not exists, it will run the MSI installation file.

Automatic MSI Installation
If the C3S Host application is not installed, the SSLIP will run the MSI installation program if it is located in of these folders:
    • Components subfolder
    • Same folder as the SSLIP
If the SSLIP cannot find the MSI file in the Components subfolder of the SSLIP, it will look in its own directory next. Once the installation has started, the SSLIP will wait up to 20 seconds before continuing, checking every 3 seconds.

Installed / Required Files

  • Microsoft .NET 3.5 Framework
  • C3SBR.dll
  • C3SCommon.dll
  • C3SCommon.tlb
  • C3SDA.dll
  • CyriousDESDef.dll
  • C3SHost.exe
  • C3SHost.exe.config

Configuration


Configuration File

The C3SHost application requires its configuration file to be setup to connect to the database in order to run properly. There are many settings the C3SHost.exe.config file has preset in order for the application to run as a service. Only two of these settings may be customized for the customer's machine.

Setting Up The Database Connection String

In the configuration file, in the ConnectionStrings element, the C3SConnectionString node contains the default connection string to the Microsoft Access database that stores the credit card information. This is the SMSStoreData.mdb file.

  • When the SSLIP first runs the C3S Host, it will automatically update the connection string to look at the first active database it finds in Database Administration, if the UpdateC3SHostConfig option in SSLIP options is not turned off. View the Default Settings section below for more information on this option.

Setting Up The Service End Point

An EndPoint indicates a specific location for accessing a Web Service using a specific protocol and data format. The default endpoint for C3S is http://localhost:8731/Cyrious/Utilities/C3S/Public but can be changed by setting modifying the baseaddress element located under services. Configure any firewalls running to allow connections to this address along with the port offset used.

Default Settings

ConnectionString
The SSLIP will automatically create connection strings for all active databases in the system if the UpdateC3SHostConfig option is turned on

XML:
<add name="C3SConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=%SMSStoreDataFile% providerName="Microsoft.Jet.OLEDB.4.0"

* The%SMSStoreDataFile% is the file name and path of the SMSStoreData.mdb.
Ex: C:\Program Files\Cyrious\SMS\SMSStoreData.mdb.


EndPoint:
http://localhost:8731/Cyrious/Utilities/C3S/Public

* 8731 is the default port used.

Running The C3S Host Application

The SSLIP will automatically run and shutdown the C3SHost.exe, if it is installed in the \Utilities\C3S subfolder of the SSLIP.exe folder. This behavior can be modified using the SSLIP option file, discussed below in the SSLIP Options section.

Tray Icon

The C3SHost application runs in the background and adds a tray icon to the System Tray for access. Right-clicking the tray icon brings up a menu of options.

Tray Icon Menu

  • Restore - Restores the Windows form to view the status of the service.
  • Start Service - Starts the service for communication.
  • Stop Service - Stops the service.
  • Exit - Stops the service and exits the application.

Window

The C3SHost application initially runs in the background and choosing the Restore option or double-clicking the tray icon brings up the Windows form. The form shows the current status of the service, whether it's running or stopped and whether an error occurred while running.

SSLIP Options


Running the C3SHost.exe located in a different location

When the C3SHost.exe is installed in a different location from the default path or the exe has another name, setting the C3SHostFileName to the location will allow the SSLIP to locate it and run it automatically.
Ex: C3SHostFileName=C:\C3S\C3SHost.exe
Default Value: %SSLIP Folder%\Utilities\C3S\C3SHost.exe

Running and Shutting down the C3SHost.exe manually

To prevent the SSLIP from running and/or shutting down the service automatically, the RunC3SHost flag can be set to 0 (false).
Ex: RunC3SHost=0
Default Value: 1 (true)

Communicating with the C3SHost.exe

The SSLIP communicates with C3S using the C3S' endpoint. By default, the SSLIP uses http://localhost:8731/Cyrious/Utilities/C3S/Public. This can be modified in the SSLIP options file by creating/modifying the C3SServiceURL option
Ex: C3SServiceURL="http://192.168.0.0:8731/Cyrious/Utilities/C3S/Public/" />
Default Value: http://localhost:8731/Cyrious/Utilities/C3S/Public/

Turning On and Off Automatic Connection String Updates

The SSLIP will automatically add the necessary connection strings to connect to all the active databases in the system when the UpdateC3SHostConfig is turned on, the UpdateC3SHostConfigflag can be set to 0 (false). Before adding the connection strings, all current connection strings are cleared first.
Ex: UpdateC3SHostConfig=0
Default Value: 1 (true)

Running SMS 8.9 pci Application

Cyrious SMS 8.9 pci requires the C3S service to store credit card information using the PCI-DSS standards. As a result, SMS will verify that the service is running and properly setup prior to opening.

Upgrading From SMS 8.9 and Earlier

Prior to SMS 8.9 pci, sensitive credit card information was encrypted using a non PCI-DSS standard. As a result, when first running SMS 8.9 pci on a database, the stored information must be modified to meet this requirements.

See Upgrading to SMS 8.9 pci (PCI Requirements) for more information.

First Login

When first logging in, Cyrious queries the SSLIP to determine whether C3S has been set up. If the service has not been setup, Cyrious will prompt the user to enter a password that will be used to encrypt sensitive information. The prompt will only appear for administrator logins, other logins will be denied access to Cyrious and informed to allow an employee with Set-up privileges to login first and enter the password.

Backing Up the Database

Once the password has been entered, a dialog will appear stating that the database must be backed to continue using this version of Cyrious. If the backup is refused, Cyrious will shut down and deny access until the backup is performed. The backup is necessary due to the changes required in the database.

Updating Existing Contact Credit Card & Existing Payment Information

After backing up the database, a prompt appears stating the length of time it will take to update the database to the new requirements and whether the user wishes to continue or roll back the version and update at a later time. If the user continues, all stored customer credit card information and existing / historical credit card payments are updated in the database.

Updating NOVA / Elavon Credit Card Processor Configuration

The Elavon credit card process has been updated to take advantage of the new C3S Host application. Existing NOVA / Elavon configurations will be automatically updated to use the new processor.

Elavon Credit Card Configuration

The Elavon credit card process has been updated to take advantage of the new C3S Host application.

Viewing, Editing, and Saving Elavon Configuration Settings

The storage and retrieval of the configuration settings are handled by the C3S Host application. As a result, when viewing the configuration in Cyrious (Mgmt >> Setup >> Setup User Options >> Credit Card Options), a message appears on the screen stating that it must be clicked in order to view the settings. Clicking this message will force Cyrious to send a message to the C3S Host via the SSLIP to provide the configuration settings for display and editing. Editing and saving the settings will send a request to the C3S Host to update the settings in the database and if successful, the settings will be saved to the database.

Change Password

The C3S Host application uses a password supplied by an administrator as one of its keys in its encryption process. When a change of password is requested by the user, a prompt for the new password and a verification phrase will appear. If the phrase matches what is entered, the new password is taken and any encryption that occurs afterwards will use this new password for one of the keys.

WARNING: Changing the password will make all previously stored credit card information inaccessible.

Test

Clicking this button will cause Control to verify the configuration settings for Elavon are correct by posting a test transaction to the Elavon web service.

Default Payment Information for Contacts

Credit card numbers for default payment information on contacts are now handled by the C3S Host application. When saving the information, a request is sent to the C3S Host to store the information. When saved, a unique identifier is returned to Control to use for reference. The encryption, decryption, storage, and retrieval of the credit card numbers are now exclusively handled by C3S Host.

Posting Payments, Order Refund, and Customer Refunds

Credit card numbers for payments are now handled by the C3S Host application. When saving the credit card number for payment methods (both manually entered and processed online) are stored using the C3S Host. When processing a credit card payment using Elavon, the C3S Host will retrieve the information from its database if a unique identifier is passed with the transaction. If a unique identifier is not passed, the credit card information submitted is saved to the C3S database and an identifier is created and returned to Cyrious to use for future reference. If processing credit cards online is turned on but another processor other than Elavon is used, the credit card number is retrieved from the C3S Host if there is a unique identifier and passed to the processor before posting the payment.


See Also