Security Settings

Account Settings

These Account Settings security options apply only to users in the account who do not have permission to view full credit card numbers. (PCI Compliance standards require users that have permission to view full credit card numbers to have a session timeout of 15 minutes, and password expiration of 90 days.)

Security Settings

If either Full CC Number Access option is selected at the account level (Account Settings > Implementation > Products),
and the user has both of those options off at the event level (Plan > Configure > Options),
then that user’s security settings are determined by these Account Settings.

If either Full CC Number Access option is selected at the account level (Account Settings > Implementation > Products),
and the user has either of those option on at the event level (Plan > Configure > Options),
then that user's security settings are determined by PCI Compliance standards.
The value of these options at the event level does not affect the user’s security settings (Account Settings > Administration > Users).

Best Practices

The session timeout and password expiration options required by PCI Compliance are very restrictive and will be cumbersome to most users.

Therefore, unless access to the Full CC Numbers is absolutely required, the account Administrator should turn off the Financial and/or Accommodation modules so these Account Setting options can be utilized.

Other Settings

NOTE: When you send email to registrants, the From and Reply To fields saved on the email template take precedence over the choice on this Security Settings page (and over the Event Contact information in the event).

CAUTION: If you select the second option, Use Event Registration Contact, there is a greater likelihood that email sent from Certain will be marked as spam, and not reach the intended recipient. Before selecting the second option, you should work with your IT department to ensure that Certain's mail servers have been added to your domain's SPF (Sender Policy Framework) records. The mail server name to be added is: "mail2.register123.com".

For more information on the Sender Policy Framework (SPF), click here.

To identify current SPF records for your domain, click here.


Envelope Any comments about this Help topic?

© 2020 Certain, Inc.