Global security establishes settings for system wide security. Each option is explained below.
Data
The data tab contains settings related to keeping data in the system safe:
The fields on this tab are defined as follows:
| Field Name | Description |
|---|---|
| Number of Days After Event End Date to Retain Credit Card Details |
Credit card details must be purged periodically. This setting determines the number of days after which credit cards will be purged. |
Password Policies
The Password Policies tab allows an administrator to establish rules related to password creation and maintenance. Unique settings are available for Boomer Admin and the storefront:
The following configuration options are available:
| Field Name | Description |
|---|---|
| Minimum Password Length | The number of characters required for the password. |
| Maximum days to password reset | The number of days the password can be used before requiring the user to create a new one. |
| Prevent password reuse (number of times) | How many times the user must wait before using the same password used previously. |
|
Maximum login failures (number of times) |
How many failed login attempts are allowed by users. |
| Lockout period upon login failure (in minutes) |
How much time (in minutes) the user is locked out from attempting to login again. |
| Require password change upon initial login | When the user logs in for the first time, is a new password required. |
| Password content requirements | Determines what the password must contain for character. |
Boomer is configured with the minimum password policies are required by PCI to remain compliant. Changing the default settings to more lax policies may cause you to lose your PCI compliancy.
During the setup and configuration of Boomer, Telling Stone requests an e-mail account through which outgoing e-mails will be sent. This account is not unlike the e-mail account you have set up to send your own customers e-mail. The information needed to configure this successfully includes:
| Field Name | Description |
|---|---|
| SMTP Server |
Name of the smtp mail server through which mail will go through. |
|
SMTP Port |
Port number of the SMTP server. |
|
SMTP Username |
Username for access to the SMTP server. |
|
SMTP Password |
Password for the user to access the SMTP server. |
|
Enable SSL |
Determines whether the system is using SSL certificates. |
|
Use Authentication |
Your e-mail provider should be able to provide you with the information needed.
Change Encryption Key
As required by PA-DSS certification, the encryption key that protects sensitive data must be periodically changed. The option within Global Settings Security facilitates this:
Do Not Proceed. Do not change your encryption key unless instructed to do so by Telling Stone.
Restore Encryption Key
If for some reason an encryption key needs to be restored, this option facilitates this:
Do Not Proceed. Do not change your encryption key unless instructed to do so by Telling Stone.
Application Log
Boomer keeps track of all errors and exceptions that take place in the system. The application log helps Telling Stone Customer Support identify and troubleshoot those errors:
The user must enter criteria at the top of the log and click the "Search" button before any rows will be displayed.
Audit Log
There are many elements that require logging as part of PA-DSS certification. These include:
- User login actions, including password resets, lock outs, and security role changes.
- Payment actions including payments processed, refunds, and additions, edits and deletions to payments on file.
- Changes to any security-related settings in the system.
The Audit Log looks like this: