Payment Terminal - Authorize.Net Integration

A secure VB.Net Windows Forms application for credit card processing with Authorize.Net integration. Features AES-256/TripleDES encryption, comprehensive transaction management, and audit logging. Includes key management system and database integration for enterprise payment processing.

Key Features:

• 🔒 Secure credit card processing via Authorize.Net
• 🛡️ Multi-layer encryption (AES-256 & TripleDES)
• ✅ Credit card validation with Luhn algorithm
• 🔑 Advanced key management and rotation
• 📊 Comprehensive transaction logging and audit trails
• 🗄️ SQL Server database integration
• 🖥️ Windows Forms user interface

Tech Stack: VB.Net, .NET Framework 4.6.1, SQL Server, Authorize.Net SDK

Use Cases: Point-of-sale systems, e-commerce backends, payment processing applications

Security: PCI DSS compliant design with encrypted data storage and secure key management

---

This is an anonymized version of a production payment processing system, with all sensitive credentials and company-specific information removed for educational and reference purposes.

⚠️ Important: Replace all placeholder values in configuration files before deployment. Ensure compliance with PCI DSS requirements when handling credit card data in production environments.

Overview

This is an anonymized and generalized version of a VB.Net Windows Forms application that integrates with Authorize.Net for credit card processing. The original application has been sanitized to remove company-specific information, credentials, and proprietary business logic while preserving the core functionality.

Features

• Credit Card Processing: Integration with Authorize.Net payment gateway
• Encryption Management: AES-256 and TripleDES encryption for sensitive data
• Transaction Management: Store and retrieve payment transactions
• Key Management: Secure key generation and management system
• Audit Logging: Comprehensive logging of all payment activities
• Database Integration: SQL Server database for transaction storage

Architecture

Main Components

1. Form1.vb - Main application form with payment processing functionality
2. Card.vb - Credit card validation using Luhn algorithm
3. KeyList.vb - Encryption key management interface
4. NewKey.vb - Key generation and creation
5. PwdBox.vb - Password input dialog
6. EncryptionHandlers.cs - External encryption service integration

Database Schema

The application uses the following main database tables:

• PAYMENT_QUEUE - Stores payment transactions
• KEY_LIST - Manages encryption keys
• KEY_USAGE - Tracks key usage for audit purposes
• PAYMENT_ACTIONS - Logs all payment-related actions

Configuration

Required Configuration

Before running the application, you must configure the following in app.config:

App Settings

<appSettings>
  <add key="AuthorizeNetLogin" value="YOUR_AUTHORIZE_NET_LOGIN_ID" />
  <add key="AuthorizeNetPassword" value="YOUR_AUTHORIZE_NET_TRANSACTION_KEY" />
  <add key="AuthorizeNetURL" value="https://secure2.authorize.net/gateway/transact.dll"/>
  <add key="GenerateKey" value="http://your-encryption-server.local/EncryptionService/service.asmx/GenerateKey"/>
  <add key="AESEncryption" value="http://your-encryption-server.local/EncryptionService/service.asmx/AESEncryption"/>
  <add key="AESDecryption" value="http://your-encryption-server.local/EncryptionService/service.asmx/AESDecryption"/>
</appSettings>

Connection Strings

<connectionStrings>
  <add name="PaymentDB" connectionString="server=YOUR_DATABASE_SERVER;uid=YOUR_DB_USER;pwd=YOUR_DB_PASSWORD;database=YOUR_DATABASE_NAME;Min Pool Size=6;Max Pool Size=10" providerName="System.Data.SqlClient" />
</connectionStrings>

Database Setup

Create the following database tables:

-- Payment Queue Table
CREATE TABLE PAYMENT_QUEUE (
    MS_IDENT INT IDENTITY(1,1) PRIMARY KEY,
    CARD_NUM NVARCHAR(50),
    AMOUNT DECIMAL(10,2),
    EXP_DATE DATETIME,
    TEST_MODE CHAR(1),
    TRAN_TYPE NVARCHAR(20),
    CARD_CODE NVARCHAR(10),
    INV_NUM NVARCHAR(50),
    RESPONSE_CODE NVARCHAR(10),
    REASON_CODE NVARCHAR(10),
    REASON_TEXT NVARCHAR(255),
    AUTH_CODE NVARCHAR(20),
    TRAN_ID NVARCHAR(50),
    AVS_CODE NVARCHAR(10),
    CREATED_BY NVARCHAR(50),
    ENC_CARD_NUM NVARCHAR(MAX),
    COMPLETED DATETIME,
    CUST_ID NVARCHAR(50),
    ENC_CARD_CODE NVARCHAR(MAX),
    AES_CARD_NUM NVARCHAR(MAX),
    AES_CARD_CODE NVARCHAR(MAX),
    KEY_ID INT,
    JOB_ID NVARCHAR(50)
);

-- Key List Table
CREATE TABLE KEY_LIST (
    MS_IDENT INT IDENTITY(1,1) PRIMARY KEY,
    CREATED DATETIME,
    CREATED_BY NVARCHAR(50),
    [CURRENT] CHAR(1)
);

-- Key Usage Table
CREATE TABLE KEY_USAGE (
    MS_IDENT INT IDENTITY(1,1) PRIMARY KEY,
    KEY_ID INT,
    [ACCESS] DATETIME,
    CREATED_BY NVARCHAR(50),
    MACHINE NVARCHAR(50),
    ACTION NVARCHAR(100)
);

-- Payment Actions Table
CREATE TABLE PAYMENT_ACTIONS (
    MS_IDENT INT IDENTITY(1,1) PRIMARY KEY,
    USER_NAME NVARCHAR(50),
    MACHINE_NAME NVARCHAR(50),
    TIMESTAMP DATETIME,
    ACTION NVARCHAR(50),
    DATA NVARCHAR(50),
    RESULT NVARCHAR(100)
);

Security Considerations

Encryption

The application uses multiple layers of encryption:

1. TripleDES: For legacy data encryption
2. AES-256: For modern encryption via web service
3. Key Management: Secure key generation and rotation

Data Protection

• Credit card numbers are encrypted before storage
• CVV codes are encrypted and masked in logs
• All sensitive operations are logged for audit purposes
• Database credentials should be stored securely

Dependencies

• .NET Framework 4.6.1
• AuthorizeNet SDK (version 2.0.1)
• SQL Server (for database)
• Custom EncryptionHandlers library

Setup Instructions

1. Configure Database: Set up SQL Server database with required tables
2. Update Configuration: Modify app.config with your specific settings
3. Set Up Encryption Service: Deploy encryption web service
4. Configure Authorize.Net: Set up Authorize.Net sandbox or production account
5. Build and Deploy: Compile the application and deploy to target environment

Usage

Processing Payments

1. Enter credit card information
2. Set transaction amount and type
3. Choose test or production mode
4. Click "Charge" to process payment
5. Review response codes and authorization details

Key Management

1. Access key management through the menu
2. Generate new encryption keys
3. Activate keys for use
4. Monitor key usage through audit logs

Transaction Lookup

1. Enter transaction ID or invoice number
2. Click "Lookup" to retrieve transaction details
3. Decrypt and view card information (with proper authorization)

Logging

The application creates detailed logs in:

• C:\Logs\CCT.log - Main application log
• C:\Logs\CCT_key.log - Key management log

Anonymization Notes

This version has been anonymized from the original by:

• Replacing company names (HCI → Your Company)
• Removing hardcoded credentials
• Generalizing database table names
• Anonymizing server URLs and endpoints
• Removing specific business logic references
• Replacing proprietary encryption keys with placeholders

Support

For questions about this anonymized version, please refer to the configuration documentation and ensure all placeholder values are properly replaced with your actual environment settings.

License

This anonymized version is provided for educational and reference purposes. Ensure compliance with PCI DSS requirements when handling credit card data in production environments.