GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing

GPUG Summit 2011– Las Vegas Presenter  Giuseppe Ianni  Director of Sales & Marketing at Azox  6 Years channel management experience  8 years of ecommerce and payment processing experience

GPUG Summit 2011– Las Vegas Session Objective  Inform, train and present options for solving/ automating electronic payment processing needs using Dynamics GP or a website  Understand the impact of PCI compliance mandates and cardholder security requirement for companies

GPUG Summit 2011– Las Vegas Agenda  PCI Compliance: Security issues facing merchants  Processing payments within Dynamics GP and online  Live Solution Tutorial  Questions?

GPUG Summit 2011– Las Vegas Win a $50 Gift Card  First person to write their credit card information and pass it forward will win.  Don’t worry, your credit card information will not be used.  Don’t ever write down your credit card information! CARDHOLDER Jeff Smith CC # CVV2 123

GPUG Summit 2011– Las Vegas Security Issues Facing Merchants  Payment card info is sensitive so why would anyone freely pass around their information  PCI compliance mandates were created to protect cardholder data from being compromised.  Merchants must use PA-DSS validated software to adhere to PCI-DSS requirements or face: – Losing the ability to process credit card payments – Being fined – Being audited

GPUG Summit 2011– Las Vegas PCI Compliance: Security Issues Facing Merchants  Refers to the Payment Card Industry Data Security Standard (PCI DSS)  Formed to help prevent organizations that process credit cards from credit card data breaches  PA-DSS (Payment Application Data Security Standard) refers to the payment applications themselves (Azox Credit Card Extension) that store, process or transmit cardholder data.

GPUG Summit 2011– Las Vegas 12 Steps to PCI Compliance

GPUG Summit 2011– Las Vegas 12 Requirements Build and Maintain a Secure Network 1.Install and Maintain a firewall configuration to protect cardholder data. 2.Do not use vendor-supplied defaults for system passwords & other security parameters. Protect Cardholder Data 3.Protect stored cardholder data 4.Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5.Use and regularly update anti-virus software 6.Develop and maintain secure systems and applications Implement Strong Access Control Measures 7.Restrict access to cardholder data by business need-to-know 8.Assign a unique ID to each person with computer access 9.Restrict physical access to cardholder data Regularly Monitor and Test Networks 10.Track and monitor all access to network resources and cardholder data 11.Regularly test security systems and processes Maintain an Information Security Policy 12.Maintain a policy that addresses information security

GPUG Summit 2011– Las Vegas Processing Credit Cards  Available in Sales Order Processing & Receivable Management modules.  Users can lookup and select multiple credit cards/customer  Transaction Types: authorization, post- authorization, sale, void/credit, or return

GPUG Summit 2011– Las Vegas Managing Credit Card Info  Customer credit card information is stored encrypted in the Customer Credit Card Maintenance Window

GPUG Summit 2011– Las Vegas Tokenization  Allows companies to store sensitive customer credit card data off site.  Reduces the scope of PCI Compliance for companies.

GPUG Summit 2011– Las Vegas Live Solution Tutorial  Authorize a credit card in Dynamics GP  Charge a credit card in Dynamics GP  Batch Process credit card transactions in Dynamics GP  Show online payment processing and payment date pushed back securely into Dynamics GP.

GPUG Summit 2011– Las Vegas Q&A

GPUG Summit 2011– Las Vegas Contact Giuseppe Ianni Director of Sales Office: Mobile: Fax: Azox, Inc Helm St. Plymouth, MI