Category Archives: Annoucements

Final Warning!


Final Warning!

This is the notice we received from Cayan today.

Cayan Notice_03

This is the email you should have received from Cayan today…

Cayan_04

If your systems are running TLS 1.0 you may see service disruptions starting as early as this Friday.

Some of you experienced service disruptions as early as May 11th, right in the middle of the Mother’s Day crunch.  We got Cayan to roll back the change at that time but no longer.  This is from an email I received from Cayan today:

Hi George,

Our release schedule puts this change around Friday of this week. I do not believe we can delay rolling this out any past that. Do you believe everyone will be updated by then? “

Here is what I answered:

Hi Evan,
I have updated as many customers as I could but I am afraid some will still not be updated by Friday.
The flowerSoft customers that have not been updated have either not given us access to their systems or they have computers running Windows Server 2003 and/or Windows XP.
As you know, the TLS 1.2 version will not run on Windows Server or Windows XP systems, so unless those customers upgrade their computers we won’t be able to help them.
There isn’t much more I can do at this point, although I am still trying to gain access to some systems.
So go ahead with your change on Friday if you must and those customer affected will need to clear their credit cards through their Cayan portal or through their credit card terminals.
Thank you for rolling back the change you guys made before Mother’s Day, it was a great help to our customers.

So if you are one of few flowerSoft customers that have not allowed us access to your system or are still running either Windows Server 2003 or Windows XP, be aware that you may not be able to clear your credit cards through flowerSoft as early as this Friday and definitely by July 1st of this year.

You still have a little bit of time, but not much.

 

*** Important Notice *** – Windows XP and Windows Server 2003 No Longer Supported


*** Important Notice ***

Windows XP and Windows Server 2003
No Longer Supported by Cayan (Merchant Warehouse)

If you have any computers still using Windows XP or a server running Windows Server 2003, as of May 18th, 2015 you won’t be able to get credit card approvals unless you either upgrade the operating systems or apply patches to those operating systems making them more secure.

If you do not understand what you are about to read below, please contact your IT professional (not flowerSoft) to help you upgrade your obsolete computer system(s).

You should have received an email from Cayan (Merchant Warehouse) stating:

Cayan is dedicated to maintaining a high level of security and protecting all communications with our partners and merchants. On May 18, Cayan will be taking steps to further protect the privacy and security of our partners’, merchants’ and cardholders’ data. First, Cayan will no longer support the use of the RC4 cipher used to encrypt data. This cipher is considered weak and are susceptible to attack, and is disallowed by PCI. Cayan supports the more secure DES and AES ciphers. Second, Cayan will begin using stronger digital certificates, issued by DigiCert. These changes increases the certificate’s strength to use 2048 bits and uses the more secure SHA-2 hash algorithm instead of MD5, which is considered weak and is susceptible to attack.

To prevent our systems from being exposed to these threats, Cayan will be making changes to its security protocols on May 18.

What systems are affected?

Any system that makes an encrypted connection to Cayan and only uses the RC4 cipher. Any system that does not have the DigiCert Global Root CA certificate in its certificate store. Any system that makes an encrypted connection to Cayan using only the MD5 hashing algorithm. This includes web browsers, points of sale, and terminals.


Please click on the link below after you read this if you think you may be affected by this change:
https://cayan.com/ssl


How do I know if I am affected? Is there a way for me to check my terminal or point of sale?

Most modern operating systems will not be affected by this change. Some older operating systems (such as Windows XP, Windows POSReady 2009, and Windows Server 2003) will work, but require certain patches to be applied, described below. Other older operating systems (such as Windows 2000) do not support these modern security protocols and are no longer receiving updates from their respective vendors. Because of this, these systems are not PCI compliant and will not be supported by Cayan beyond May 18. Please consult your IT department for the specific ciphers your systems support.

If you are able to visit this test page from a web browser on your point of sale without seeing any warnings or errors, you are likely unaffected by these changes.

What will happen if I am affected?

If you fall into one of the above categories and you do not take corrective action by May 18th, you will not be able to process transactions as Cayan will no longer support these insecure security protocols.

I believe that I will be affected by this change. What corrective actions should I take?

In accordance with PCI standards, Cayan always recommends using operating systems that are being actively supported and updated by their vendors. Operating systems such as Windows Server 2000 and Windows XP have fallen out of support with Microsoft. Additionally, Microsoft will no longer support Windows Server 2003 beyond July 14, 2015. These out of date systems may presently work with Cayan’s payment gateway, but they do not use up to date security standards, may be susceptible to attack, and cannot be certified as PCI compliant, as they are no longer receiving updates from Microsoft. Because of their age, it is unlikely that Cayan will be able to support these systems much further into the future.

Before May 18:

Please ensure that you have installed the latest service packs and updates from your operating system vendors and point of sale vendors. For Windows XP, this means that you must be updated to Service Pack #3. Windows POSReady 2009 is based on Windows XP Service Pack #3, and should not require any additional updates. For Windows 2003, this means that you must be updated to Service Pack #2. Windows 2003 users must also install the following hotfix from Microsoft to enable SHA-2 based encryption. On Windows XP, Windows 2003, and Windows POSReady 2009, Cayan strongly recommends upgrading your browser to Internet Explorer 8, which is the latest version of that browser supported on those platforms. Windows 2000, Millennium, and earlier are not supported by Cayan.

Older operating systems such as Windows XP and POSReady 2009 require that you download the DigiCert Global Root CA certificate and install it into your point of sale’s trusted key store. On a Windows system, you can do this by double clicking the certificate once you have downloaded it and then following the prompts on screen.


To download the certificate from Digicert:
http://cacerts.digicert.com/DigiCertGlobalRootCA.crt


For enterprise deployments (e.g. supporting multiple points of sale, potentially across multiple physical locations/storefronts), you may wish to use Windows Group Policy to install this certificate and these security patches onto multiple machines. Please consult your IT department for more details.

I took corrective action. How can I test that everything worked?

If you are able to visit this test page from a web browser on your point of sale without any warnings or errors, it is likely that your system will work after Cayan’s switchover on May 18th.

Cayan has also set up a test environment with these security settings already applied. This environment is reachable via its external IP of 63.128.13.166. Please consult your IT department and/or POS vendor for instructions on how to validate your system against Cayan’s test environment.

For questions regarding this, please contact Cayan’s technical support team at 855-273-4203


Please click on the link below after you’ve read this if you think you may be affected by this change:
https://cayan.com/ssl


Virus Warning!


Virus Warning!

It has come to my attention that a nasty virus is circulating masquerading as an e-mail from Logmein.  I got this e-mail late last night from a flowerSoft user.
This is from a VERY computer savvy flowerSoft user.  So if she fell for it, you might also.

George,

So I need to admit to allowing the Win32/zbot virus onto the server. It came in a phishing email supposedly from logmein.

It was bad. Microsoft Security Essentials found it but couldn’t delete it. We finally had success with Kapersky tsdkiller.

All systems seem to be running fine now.

Since all your florists are using logmein you might want to post a warning on the blog. I opened the email on Wednesday but didn’t see problems until today. Hopefully no one else was a sucker like me. I am so embarrassed, I can usually spot those……

Since a lot of you use Logmein, you might think this is a legitimate e-mail.

Here are the details:

Subject: Your LogMeIn digital certificate has expired!

 Dear LogMeIn customer,

This notification has been emailed to you because your LogMeIn.com SSL certificate has expired. To continue using the LogMeIn services, you are required to update your digital certificate. A new certificate has been generated for you.

The new LogMeIn SSL certificate can be downloaded from :

https ://secure.logmein.com/download.asp&cert_id=039 20092&userid=849501&type=SSL_Cert

According to our Terms and Conditions, failing to renew the SSL certificate will result in account suspension or cancelation: https://secure.logmein.com/policies/termsandconditions.aspx

Thank you for using LogMeIn Software

Copyright © 2003-2014 LogMeIn, Inc. All rights reserved.

 

If you get this e-mail DO NOT click on the link shown above.

Simply DELETE the e-mail as soon as possible.

So please, if you get this e-mail, delete it as soon as possible.

Thank you!

New Method of Payment – CC-PRE-AUTH


New Method of Payment
CC-Pre-Auth

Some of you have asked for a way to save a customer’s credit card for future use but not charge the account at that time.  Something like a pre-authorization that hotels used.

To accommodate this request, I’ve come up with the CC-PRE-AUTH method of payment.

ccpa01

What this method of payment will do is get an approval on the order for just 1 penny.  The credit card number will be saved in Merchant Warehouse’s vault for future use and when you decide to charge for the balance of the order, the card # will be available.

ccpa02

Enter “Y” to get the authorization for $0.01

ccpa03

Then, later on when you need to charge the balance, simply bring the order up in Edit/View and hit the letter “A” and select #5 to get the authorization.

ccpa04

ccpa05

I still have a couple of things to work out, but it should be available very soon.

Identical Credit Card Transactions (Cont.)


Identical Credit Card Transactions (Cont.)

Here are a couple of report that you should run every day to make sure you are getting credit for all your credit card purchases.

As usual, these reports are found in the Manager’s menu.  Follow this path M > R > A > C > E

ccrep01

ccrep02

ccrep03

ccrep05

The total of this report is what should have been deposited to your account on 12/19/2013.

If it is not, some deduction for a duplicate transaction must have taken place.

This report can be run for any date period but I recommend running it for one day at a time to make it easier for you to check.

This report should be used in conjunction with the Identical Credit Card Transactions report posted previously.

You can get the report above by following this path: M > T > 2

Here it is again…

ccrep06

Hope this helps.

Identical Credit Card Transactions


Identical Credit Card Transactions

OK folks, the problem is real and it has definitely affected you.

The problem is not with Merchant Warehouse’s program but with First Data, the clearing house.  They are seeing those identical transactions as duplicates and not paying you for them.

How?  They are deducting the money from what they consider to be duplicate transactions from the next day’s money they deposit in your bank, so it might be hard to see if you do not check that deposit every day.

I don’t know when this problem will be fixed, but until it is you should check your batch deposit every day.

To get paid for the transactions they did not credit you for, you have to go the your Merchant Warehouse Portal and create “Forced Sales” for each of the transactions you did not get paid for.

portal01

The problem here is getting the credit card number from Merchant Warehouse if you cannot get it from the customer.  Merchant Warehouse will not give you the credit card number unless you have the approval number.  The problem is that approval numbers go away after 30 days, so if they do not have the approval number they cannot help you.  That is why it is imperative that you check these deposits every day.

You should print the report of identical credit card transactions and call Merchant Warehouse with the information provided in the report so that they can provide you with the credit card number used if at all possible.

Otherwise your only other recourse is to call the customer and try to get the information from them and then enter a new order for the same amount.

Duplicate Credit Card Transactions


Duplicate Credit Card Transactions

It has come to my attention that a problem might exist with identical credit card sales made to the same customer on the same day.

The problem reported is that if a sale is made using the same credit card on the same day for the same amount, one sale will be considered a duplicate and will not be paid.

We mark all submissions to Merchant Warehouse with a flag indicating that duplicate transactions should be allowed but it might be that it is being ignored by their program.

I am working on a report to help you identify these sales, if any, so that you can check your Merchant Report records and verify you have gotten paid for each of these sales.

If you want this report when is ready, probably by tomorrow, let me know and I’ll upload to your system.

Announcement


Announcement

From this moment on, all features and improvements shown will be part of flowerSoft Silver 2014 and can only be obtained by upgrading to that version.  New features and improvements to version 2013 are no longer possible.  That version is now closed.

So, if you want some of the new features and improvements shown here, you will need to let us know that you want to upgrade to version 2014.

As usual, this version is free of charge to flowerSoft users in good standing.  In other words, up-to-date with their support fees.