Q: Why are these changes being made?
A: Data security standards and risks are constantly changing for internet-based software systems. To keep pace with these risks, internet software providers are periodically required to implement additional safeguards. The current changes will provide your account and data with state of the art password protection. In addition, clients with additional safeguard requirements, such as HIPAA or payment processing, can continue to meet their obligations. |
| |
Q: What changes are being made to the password process?
A: Password-related changes will include:
- Hiding staff and customer passwords in My Receptionist accounts (currently optional)
- Enforcing strong passwords, including forced change to strong password (currently optional)
- New password retrieval system
|
Q: Do the password changes apply to staff and end-users/customers?
A: Yes. The password changes apply to any password in the system. |
|
|
Q: Will all existing passwords need to be changed?
A: Yes, if they do not meet the requirements below. All staff and customer passwords must be "strong" passwords. The rules for strong passwords are:
- At least 8 characters, but not longer than 20 characters
- At least one upper case letter
- At least one lower case letter
- At least one number
- Cannot contain your name
- Cannot be the same as your user name or contain your user name
- Cannot be a rearrangement of the letters in your username
- Must be a unique password each time you reset it. Password cannot be one you have already used.
A new link with these strong password rules will appear wherever staff and customer password creation appears. |
| |
Q: Do I have to manually change any passwords or let customers know?
A: No. After September 18, 2010 (Changed from August 2, 2010), the system will automatically prompt staff and customers to update their passwords if they do not already meet the new "strong" password rules. |
| |
Q: What if one of my staff forgets their password?
A: There will be an "I forgot my password" link on the login page that will allow them to change their password. They will no longer be able to retrieve an existing password. |
| |
Q: What if one of my customers forgets their password?
A: There will be an "I forgot my password" link on the login page that will allow them to change their password. Customers will no longer be able to retrieve an existing password. |
| |
Q: We have a standard format for our passwords. What if it is not a "strong" password format?
A: The system will no longer accept passwords that do not pass the "strong" password criteria. For existing users (both staff and customers) without "strong" passwords, the system will automatically prompt them to change their password upon login after September 18, 2010 (Changed from August 2, 2010). |
| |
Q: Will these changes apply to user names/logins also?
A: No, these requirements only apply to passwords. |
| |
Q: Will I be able to create/reset passwords for my staff?
A: If you are designated as a Headquarters or Location Administrator, you will be able to create and reset passwords for your staff. However, once a password is created, it is no longer visible to anyone through the system. |
| |
Q: What if I need to log in as if I was a particular end-user/customer to troubleshoot?
A: You will have three options: (1) Your customer will need to provide you the password to allow you to access, (2) You will have to reset their password to access, or (3) You will need to contact our support group. You will not have access to end-user/customer passwords. |
| |
Q: If I forget my account password, can I call into Support or open a support ticket to retrieve it?
A: My Receptionist Support staff will not have access to client passwords. You would use the "I forgot my password" link on the login page to reset your password. Therefore, please be sure that your staff user emails are up to date. |
| |
PAYMENT PROCESSING (CREDIT CARDS): FAQs
|
Q: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that companies that process (capture), store or transmit credit card information maintain a secure environment. PCI is a broad term that focuses on improving credit card data security throughout the transaction process. PCI is also a more generally used term for the related oversight organization that is run by Visa, MasterCard, Amex and Discover. |
| |
Q: Are you PCI compliant?
A: As of September 18, 2010 (Changed from August 2, 2010), the entire My Receptionist system will be PCI-exempt. PCI-exempt requires an even higher level of credit card security. To be PCI-exempt, you cannot capture, transmit or store credit card information. Fortunately, the technology exists to continue to allow My Receptionist to offer payment processing while meeting these requirements. |
| |
Q: Can I still process credit card transactions through My Receptionist?
A: Yes, but you may need to change your credit card gateway. Note that you will not have direct access to credit card numbers. See table below (if you do not know which of these applies to your account.)
|
| If you use.. |
What you have to do.. |
| Credit Card Capture Only |
This applies to users who enable the credit card fields without a credit card gateway (do not prompt). You will be required to make changes because the credit card capture process will be changing. Click here for complete details on how to update your credit card capture only process. |
| Prompt but don't Process |
You will be required to make changes, no matter which gateway you are using. Click here for complete details on how to update your prompt but don't process settings. |
| MerchantWare |
You do not need to switch. There are no additional charges. There is no action required. |
| Authorize.Net |
You may continue to use Authorize.net, but you will be required to enter a customer's credit card number for every transaction. If this is not an issue, you may remain with Authorize.net. If this is going to cause a problem in your business, you will need to switch to MerchantWare. Click here for specific information related to Authorize.net. |
MerchantWare and Authorize.net are the only two gateways you will be able to use with your My Receptionist system |
| |
| For US-based clients who need to change gateways, we are suggesting MerchantWare because MerchantWare is currently the only provider that offers the necessary functionality to maintain a PCI-exempt environment. Click here to get more information on MerchantWare. |
| |
Q: If I currently use "prompt but don't process" to have my customers enter a credit card number to hold an appointment, what are my options?
A: You will be required to make changes, no matter which gateway you are using. |
| |
Q: What happens to all of the credit card information I currently have on file for customers?
A: You will no longer have access to any customer credit card information after September 18, 2010 (Changed from August 2, 2010). We have several options available for clients facing this issue. Please contact us at support@myreceptionist.com for more information. |
| |
Q: Will I be able to see the last four digits of the credit card numbers for my customers?
A: If you are using MerchantWare as your gateway, you will be able to see the last four digits of your customers' credit card numbers. If you are not using MerchantWare, you will not be able to see this information. |
| |
Q: We currently copy the customer credit card number from My Receptionist and run it through our credit card terminal. Can we still do this?
A: No. You won't have access to the customer credit card numbers. An option is to use our "prompt but don't process" feature (discussed above) and then process credit card transactions directly through the My Receptionist POS module |
