Tag Archives: Credit Card Transactions

*** Important Notice *** – Windows XP and Windows Server 2003 No Longer Supported

*** Important Notice ***

Windows XP and Windows Server 2003
No Longer Supported by Cayan (Merchant Warehouse)

If you have any computers still using Windows XP or a server running Windows Server 2003, as of May 18th, 2015 you won’t be able to get credit card approvals unless you either upgrade the operating systems or apply patches to those operating systems making them more secure.

If you do not understand what you are about to read below, please contact your IT professional (not flowerSoft) to help you upgrade your obsolete computer system(s).

You should have received an email from Cayan (Merchant Warehouse) stating:

Cayan is dedicated to maintaining a high level of security and protecting all communications with our partners and merchants. On May 18, Cayan will be taking steps to further protect the privacy and security of our partners’, merchants’ and cardholders’ data. First, Cayan will no longer support the use of the RC4 cipher used to encrypt data. This cipher is considered weak and are susceptible to attack, and is disallowed by PCI. Cayan supports the more secure DES and AES ciphers. Second, Cayan will begin using stronger digital certificates, issued by DigiCert. These changes increases the certificate’s strength to use 2048 bits and uses the more secure SHA-2 hash algorithm instead of MD5, which is considered weak and is susceptible to attack.

To prevent our systems from being exposed to these threats, Cayan will be making changes to its security protocols on May 18.

What systems are affected?

Any system that makes an encrypted connection to Cayan and only uses the RC4 cipher. Any system that does not have the DigiCert Global Root CA certificate in its certificate store. Any system that makes an encrypted connection to Cayan using only the MD5 hashing algorithm. This includes web browsers, points of sale, and terminals.

Please click on the link below after you read this if you think you may be affected by this change:

How do I know if I am affected? Is there a way for me to check my terminal or point of sale?

Most modern operating systems will not be affected by this change. Some older operating systems (such as Windows XP, Windows POSReady 2009, and Windows Server 2003) will work, but require certain patches to be applied, described below. Other older operating systems (such as Windows 2000) do not support these modern security protocols and are no longer receiving updates from their respective vendors. Because of this, these systems are not PCI compliant and will not be supported by Cayan beyond May 18. Please consult your IT department for the specific ciphers your systems support.

If you are able to visit this test page from a web browser on your point of sale without seeing any warnings or errors, you are likely unaffected by these changes.

What will happen if I am affected?

If you fall into one of the above categories and you do not take corrective action by May 18th, you will not be able to process transactions as Cayan will no longer support these insecure security protocols.

I believe that I will be affected by this change. What corrective actions should I take?

In accordance with PCI standards, Cayan always recommends using operating systems that are being actively supported and updated by their vendors. Operating systems such as Windows Server 2000 and Windows XP have fallen out of support with Microsoft. Additionally, Microsoft will no longer support Windows Server 2003 beyond July 14, 2015. These out of date systems may presently work with Cayan’s payment gateway, but they do not use up to date security standards, may be susceptible to attack, and cannot be certified as PCI compliant, as they are no longer receiving updates from Microsoft. Because of their age, it is unlikely that Cayan will be able to support these systems much further into the future.

Before May 18:

Please ensure that you have installed the latest service packs and updates from your operating system vendors and point of sale vendors. For Windows XP, this means that you must be updated to Service Pack #3. Windows POSReady 2009 is based on Windows XP Service Pack #3, and should not require any additional updates. For Windows 2003, this means that you must be updated to Service Pack #2. Windows 2003 users must also install the following hotfix from Microsoft to enable SHA-2 based encryption. On Windows XP, Windows 2003, and Windows POSReady 2009, Cayan strongly recommends upgrading your browser to Internet Explorer 8, which is the latest version of that browser supported on those platforms. Windows 2000, Millennium, and earlier are not supported by Cayan.

Older operating systems such as Windows XP and POSReady 2009 require that you download the DigiCert Global Root CA certificate and install it into your point of sale’s trusted key store. On a Windows system, you can do this by double clicking the certificate once you have downloaded it and then following the prompts on screen.

To download the certificate from Digicert:

For enterprise deployments (e.g. supporting multiple points of sale, potentially across multiple physical locations/storefronts), you may wish to use Windows Group Policy to install this certificate and these security patches onto multiple machines. Please consult your IT department for more details.

I took corrective action. How can I test that everything worked?

If you are able to visit this test page from a web browser on your point of sale without any warnings or errors, it is likely that your system will work after Cayan’s switchover on May 18th.

Cayan has also set up a test environment with these security settings already applied. This environment is reachable via its external IP of Please consult your IT department and/or POS vendor for instructions on how to validate your system against Cayan’s test environment.

For questions regarding this, please contact Cayan’s technical support team at 855-273-4203

Please click on the link below after you’ve read this if you think you may be affected by this change:

Identical Credit Card Transactions (Cont.)

Identical Credit Card Transactions (Cont.)

Here are a couple of report that you should run every day to make sure you are getting credit for all your credit card purchases.

As usual, these reports are found in the Manager’s menu.  Follow this path M > R > A > C > E





The total of this report is what should have been deposited to your account on 12/19/2013.

If it is not, some deduction for a duplicate transaction must have taken place.

This report can be run for any date period but I recommend running it for one day at a time to make it easier for you to check.

This report should be used in conjunction with the Identical Credit Card Transactions report posted previously.

You can get the report above by following this path: M > T > 2

Here it is again…


Hope this helps.

Duplicate Credit Card Transactions Report

Duplicate Credit Card Transactions Report

OK, here it is.

Go to the Manager’s menu and access the Troubleshooting option.

Select option #2 – Find Identical  Cred. Card Sales


flowerSoft will tell you how many duplicate credit card sales it has found.


Print the report.


Please note that the earliest possible date is February 28th, 2013 as that is when we first put the Merchant Warehouse interface into production.
You will be able to change that first date in case you run that report at the end of each month and don’t want to include transactions previously checked.

Only orders with a “credit card” method of payment are checked.
Transactions without a token number are not checked as you may have gotten an approval before switching to Merchant Warehouse.
Multiple orders are also not checked since you should have gotten one approval at the end of all the multiple order entry.
Voided orders as well as orders without an account number or name are not checked.

Also be aware that you may have gotten paid for all the transactions.  At this point we don’t know if it is happening to everyone or only one flowerSoft customer, but you should check to make sure you have gotten paid.
More than likely, you would have gotten paid for at the first of the duplicate transactions, it is the second, third or fourth you may not have gotten paid for.
The report provides you with the approval and the token numbers so that you can check your records with Merchant Warehouse.
The token number is a unique number provided by Merchant Warehouse and it is never duplicated.
You should use this number to check with Merchant Warehouse to see if you have gotten paid.