The settings that control the operation of X-Payments in general can be found on the 'General settings' page (Settings -> General settings). After adjusting any settings on this page, be sure to click Save to save the changes.
- User account password lifetime (days): This setting applies to all X-Payments users except for the root administrator; it ensures that X-Payments users will regularly change their account passwords. Here you must enter the number of days that user account passwords will be valid for. Users will be supposed to change their account password before the period defined by this setting expires for their account; otherwise the account will be locked, after which only the X-Payments root administrator will be able to unlock it. It is possible to enable email notifications for users whose account is about to be locked due to password expiration (See the 'Account is locked due to password expiration' setting in 'General settings/Email Notifications').
- Server timezone: Specify the difference between the time zone of the server and GMT.
- Dangerous activity blocking period (minutes): Repeated failed login attempts by a user are identified by X-Payments as dangerous activity, which causes the user account to be temporarily locked. Here you must specify the period (in minutes) for which the user account locked for dangerous activity must remain in the locked status. X-Payments root admin can unlock the user at any time before the end of the dangerous activity blocking period.
- Show errors on the Dashboard page for the last X days: Specify the number of days for which you want transaction errors to be displayed on the Dashboard.
The settings in this section control collection and storage of cardholder data.
Choose one of the following:
- Do not store cardholder data: This option prohibits storing cardholder data in X-Payments. When this option is enabled, cardholder data is retained only for the period necessary to perform transactions of the Auth and Sale types. After the transactions are completed, the data is securely deleted.
- Store cardholder data: This option allows storing cardholder data in X-Payments. When this option is enabled, cardholder data is stored in X-Payments for the period defined by the "Retention period" setting below.
- You are going to use 3D-Secure for payer authentication. For a transaction to be authenticated via 3D-Secure, the credit card data submitted by the buyer needs to be sent not only to the payment gateway, but also to the institution that can confirm the cardholder's identity. In order to send the cardholder data over to the party that will be providing 3D-Secure authentication, X-Payments needs to store the submitted cardholder data for a short period of time.
- You are going to use a payment module that requires cardholder data to perform certain types of transactions (typically, Capture and Refund). Currently we have only two such modules in X-Payments: Authorize.Net AIM and eWay Relatime Payments XML. Both of them require cardholder data to be stored for Refund transactions.
If you choose the Store cardholder data option, you will also need to adjust the following preferences:
- Retention period (days): Specify the number of days that the collected cardholder data is to be retained.
- When retention period is expired: Select, which you want to be done when the retention period has expired:
- notify the user in the dashboard and by email;
- automatically delete expired payment data.
- Notify by email X days prior to retention expiration: Enter a number denoting how many days prior to expiration of the retention period you want a notification to be sent.
These settings control to whom and when event notifications are sent.
- User management notifications email: Enter the email address for notifications about events related to user accounts (like creation, modification and deletion of user profiles). Specific types of notifications that need to be sent to this address can be selected in the 'More event notifications' section below.
- Payment processing notifications email: Enter the email address for notifications about payment transactions.
- General notifications email: Enter the email address for notifications about various events that may happen during the operation of X-Payments (unauthorized access attempts, errors, etc).
Inform users about the following events:
- Account is locked due to password expiration: Select this option if you want non-root X-Payments users to be notified by email when their account password is about to expire (related to the 'User account password lifetime (days)' setting in the 'General settings' section). Specify how many days before password expiration the notification is to be sent.
- Account expires: Select this option if you want non-root X-Payments users to be notified by email when their account is about to expire (related to the 'Expiration date' setting in the user's account details). Specify how many days before account expiration the notification is to be sent.
- Account is locked due to user inactivity: Select this option if you want non-root X-Payments users to be notified by email when their account is about to be locked due to user inactivity (related to the 'Inactivity period' setting in the user's account details). Specify how many days before the account is locked the notification is to be sent.
More event notifications:
Click the 'More event notifications' link to open the detailed event notifications section. Here you can specify the types of email notifications that will be sent to X-Payments users and the owner of the User management notifications email address (typically, administrator).
Use the check boxes in the 'User account email' column to select notifications for owners of X-Payments user accounts, the check boxes in the 'User management email' column - notifications for owner of the User management notifications email address.