The settings that control the operation of X-Payments in general can be found on the 'General settings' page (Settings -> General settings). After adjusting any settings on this page, be sure to click Save to save the changes.
- Current time and date: Specify the current time and date (This is needed so X-Payments can record the time and date of payments correctly).
- User account password lifetime (days): This setting applies to all X-Payments users except for the root administrator; it ensures that X-Payments users will regularly change their account passwords. Here you must enter the number of days that user account passwords will be valid for. Users will be supposed to change their account password before the period defined by this setting expires for their account; otherwise, the account will be locked, after which only the X-Payments root administrator will be able to unlock it. It is possible to enable email notifications for users whose account is about to be locked due to password expiration (See the 'Account is locked due to password expiration' setting in 'General settings/Email Notifications').
- Dangerous activity blocking period (minutes): Repeated failed login attempts by a user are identified by X-Payments as dangerous activity, which causes the user account to be temporarily locked. Here you must specify the period (in minutes) for which the user account locked for dangerous activity must remain in the locked status. X-Payments root admin can unlock the user at any time before the end of the dangerous activity blocking period.
- Show errors on the Dashboard page for the last X days: Specify the number of days for which you want transaction errors to be displayed on the Dashboard.
- Remove log files after X days: Specify how long X-Payments log files should be stored before removal. Note that according to PCI DSS requirements log files must be stored for at least 90 days.
This section contains settings pertaining to the payment process.
- Maximum allowed payment attempts: This setting is available in X-Payments versions 3.1.2 and later. It enables you to set a limit on the number of payment card information entry attempts that should be available to a user within a single payment session. This feature is aimed at preventing fraudsters from using other people's payment information by guessing it and making repetitive attempts to submit it as their own. The number specified in this field will be treated as the number of attempts a user should be given to submit their payment information to the payment gateway. For example, if you set this number to "1", users will be able to submit their payment information just once per payment session. If the payment attempt fails (for example, because the payment information being used is incorrect), the order will be declined. Or, for example, if this number is set to "3", and a user's first payment attempt is rejected by the payment gateway, the user will be able to update their payment information and try again two more times. After all the payment attempts - as allowed by this setting - have been used, the user's order will be declined.
- Display "Save card" option enabled by default: When a payment configuration with tokenization support is used for payment, a checkbox option to save the credit card ("I want to use this credit card for my future orders in this shop") is provided below the credit card entry form. The setting "Display "Save card" option enabled by default" enables you to set the default state of that checkbox.
The setting in this section controls the storage of cardholder data.
- Retention period (days): Specify the number of days that the collected cardholder data is to be retained. Removal of stored cardholder data occurs as a result of running the cron.php script. When this script is run, a check is conducted to determine whether it is already time to remove the stored cardholder data. Then all instances of cardholder data that have been stored for the number of days defined by the "Retention period (days)" setting or longer are removed. If the "Retention period (days)" setting is set to "0" (zero), the data is removed at the first run of cron.php after the data has been collected.
These settings control to whom and when event notifications are sent.
- User management notifications email: Enter the email address for notifications about events related to user accounts (like creation, modification and deletion of user profiles). Specific types of notifications that need to be sent to this address can be selected in the 'More event notifications' section below.
- Payment processing notifications email: Enter the email address for notifications about payment transactions.
- General notifications email: Enter the email address for notifications about various events that may happen during the operation of X-Payments (unauthorized access attempts, errors, etc).
Inform users about the following events:
- Account is locked due to password expiration: Select this option if you want non-root X-Payments users to be notified by email when their account password is about to expire (related to the 'User account password lifetime (days)' setting in the 'General settings' section). Specify how many days before password expiration the notification is to be sent.
- Account expires: Select this option if you want non-root X-Payments users to be notified by email when their account is about to expire (related to the 'Expiration date' setting in the user's account details). Specify how many days before account expiration the notification is to be sent.
- Account is locked due to user inactivity: Select this option if you want non-root X-Payments users to be notified by email when their account is about to be locked due to user inactivity (related to the 'Inactivity period' setting in the user's account details). Specify how many days before the account is locked the notification is to be sent.
More event notifications:
Click the 'More event notifications' link to open the detailed event notifications section. Here you can specify the types of email notifications that will be sent to X-Payments users and the owner of the User management notifications email address (typically, administrator).
Use the checkboxes in the 'User account email' column to select notifications for owners of X-Payments user accounts, the checkboxes in the 'User management email' column - notifications for owner of the User management notifications email address.
This section allows you to manage your proxy related settings.
- Enable Cloudflare support: If your store server uses Cloudflare, it may interfere with the work of X-Payments. You may want to enable this option to resolve the IP address related issues that may arise if using Cloudflare.