Applet v5.1 (Install and Info)

Summary

BFC is introducing a new Applet system (version 5.1). This new applet tool allow almost any browser on any platform to connect to a Windows Service that will then communicate to the hardware in the merchant’s environment/computer.  The rest of this document describes the new system and how it works as compared to the old Applet system (helpful for support staff and customers preparing to upgrade).

Install video instructions found at https://bfc-usa.com/knowledge-base/ingenico-ipp320-setup/

Overview

With the new applet, the installer places a Windows™ service application in an automatic startup and binds the program to port 3068 linked to an SSL Certificate that is created during the setup process.  With the Windows service running, any browser can connect via the WebSocket tool to the application.  BFC has written JavaScript code that connects the web browser to the WebSocket service referred to a BFCSignaIRBridge.

New Installer (install steps)

With the new applet, a new installer has been made to install the application onto the computer.  BFC will continue to improve the application and may require merchants to install a newer Bridge Service as we improve the application.  BFC has integrated a version number check into the web page software to allow for future notifications to the merchant.

The new Applet BridgeSignalR Service requires the following (the installer will do as much as possible):

• .NET 4.6.1 (installer will download if not already installed on the computer)
• A self-generated 3-year SSL Certificate assigned to Port 3068 (installer will create the necessary files in the default install directory and assign the certificate to the port accordingly)
• Card Swipe hardware (optional for EMV): MagTek SureSwipe, IDTech MagSwipe, UIC Swiper (all in HID mode).
• EMV Hardware
  • Ingenico IPP320v3 or v4 and IPP350 with RBA 23.1.2(V3 or V4) via USB COM port or IP-based communications)
  • Ingenico Tetra Platform with UPP v 7.x or above installed via USB or IP-based communication (Includes Lane/3000, Lane/7000, Lane/8000, Link/2500)
• Printer with “Receipt” in its name

Download the Appletv5.1.exe from the BFC site and open the application. When the new Appletv5.1 installer is started, it will look for the .NET 4.6.1 run time and if not found, it will install before showing the next screen:

Agree to the terms and click “Install.”  The system will start a “sub” installer that will do install the new pieces.   

The new installer will look for the installed browsers.  It is not required to have the browsers installed but if they are installed, the installation program will add a command to trust the certificate created without the merchant’s interaction.  BFC provides links to download each browser.  The installer will not continue if Postalmate is detected and Internet Explorer is less than version 11.

Next, the installer will look to see if the Ingenico hardware is connected and, if connected, if the Ingenico Drivers are installed.  This screen is informational in purpose.  If the yellow “?” is present, the software did not detect the hardware.  If the value is a red “X,” it means the wrong driver version is installed.  A green check mark indicates the correct driver is installed and EMV should be functional after installing this software. 

Click Next and the installer will start. Once completed, the system should show the Completed Window

Once the installer is completed, the Finish button will take you back the parent installation program. 

If there was any errors, a link to the installer log will be present (files can be found by navigating to “%temp%” (without quotes) in Windows Explorer).  This install log will assist the development staff to assist in the debugging of the installation. 

Once completed, you can find the service running in the Windows Services as “BFCSignalRBridge” and it should be configured as “Automatic” start-up and already be running. 

Installer Failed after the first “Next”

If the installer failed to install the applet, there are logs generated. The link to the log provided on the failed to install screen is the “wrapper” installer that may not include all the details we need to determine what happened. Start a Windows Explorer window (or click start) and type “%temp%” in the address bar. You will now see two log files that start with “Applet.” One is the one you saw from the failure message screen but the other is the internal installer that does all the work and checks the computer. Open this one. We have attempted to make it robust for browser detection but we have recently had a new error displayed when detecting the Ingenico Hardware and Driver on the computer. Here is an excerpt of the log file with an error in it:

MSI (c) (58!EC) [10:22:46:617]: PROPERTY CHANGE: Modifying ChromeVersion property. Its current value is '0.0.0'. Its new value: '99.0.4844.84'.
MSI (c) (58!EC) [10:22:46:617]: PROPERTY CHANGE: Modifying ChromeStatusImage property. Its current value is 'ErrorImage'. Its new value: 'CheckImage'.
MSI (c) (58!EC) [10:22:46:617]: PROPERTY CHANGE: Modifying IEVersion property. Its current value is '0.0.0'. Its new value: '11.00.22000.1 (WinBuild.160101.0800)'.
MSI (c) (58!EC) [10:22:46:617]: PROPERTY CHANGE: Modifying IEStatusImage property. Its current value is 'ErrorImage'. Its new value: 'CheckImage'.
Checking IE version and cashmate presence
MSI (c) (58!EC) [10:22:46:618]: PROPERTY CHANGE: Modifying CanProceedBrowser property. Its current value is '0'. Its new value: '1'.
Action ended 10:22:46: CA_BrowserCompatability. Return value 1.
MSI (c) (58:F4) [10:22:46:624]: Doing action: CA_IngenicoCompatability
Action 10:22:46: CA_IngenicoCompatability.
Action start 10:22:46: CA_IngenicoCompatability.
MSI (c) (58:24) [10:22:46:674]: Invoking remote custom action. DLL: C:\Users\jbeihl\AppData\Local\Temp\MSIEA9C.tmp, Entrypoint: IngenicoAction
SFXCA: Extracting custom action to temporary directory: C:\Users\jbeihl\AppData\Local\Temp\MSIEA9C.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action BFCCustomAction!BFCCustomAction.BFCCustomAction.IngenicoAction
Begin IngenicoAction
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Management.ManagementException: Invalid class
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at BFCCustomAction.BFCCustomAction.IngenicoAction(Session session)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction CA_IngenicoCompatability returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 10:22:46: CA_IngenicoCompatability. Return value 3.
MSI (c) (58:F4) [10:22:46:809]: Doing action: FatalError
Action 10:22:46: FatalError.
Action start 10:22:46: FatalError.

In the highlighted section of the log above, the failure is connected to the Windows Management Interface (WMI). While we were not able to fix the computer’s WMI repository as described in the article found here, we created an installer that specifically by-passed the use of this WMI interface. You can download it from https://admin.bfc-usa.com/file/Appletv5InstallerNoIngenicoCheck.msi (5/4/2021 version) if you need it due to this error.

Installer Problem – Windows Service fails to start and it ends install

One of the more common problems is when the installer attempts to re-install the Applet and the installer tries to start the BFC SignalR Bridge service. When it tries and fails, it rolls back the install and tell the user the install failed.

The problem is related to mis-matched dependency files and the new BFC SignalR Bridge service trying to run in the services. To correct this, attempt to uninstall the “Applet v5 Installer” from the Programs and Features (if it does not work or fails to uninstall, that is ok).

Next, navigate to the C:\Program Files (x86)\Brinkman Financial Company, L.P\ directory and delete the “BFC Applet v5” directory. A restart can clear out any other remaining remnants. Next, run the Applet v5.1 installer again.

Validating the Install – Certificate

The Certificate can be checked by starting the Microsoft Management Console (“mmc” from a run prompt) and selecting “Certificates” for the Local Computer and add Current User to the view:

Press Ctrl-M to pop-up the Snap-in options. Next, select the Certificates option in the left-hand list and then select “Certificates (Local Computer).”

Expanding the Local Computer-> Personal -> Certificates list, you should find an entry with “localhost” and an expiration date 3 years in the future to the current install date:

SSL Certificate Associated with port 3068?

To check to see if the SSL has been associated with the 3068 port, start an administrator-command prompt and type:

netsh http show sslcert
ipport=0.0.0.0:3068

You should see that the Certificate Hash matches the certificate in the certificate store (double click on Localhost in the certificate store with the expiration date 3-years from today):

Compare the Thumbprint to the value shown as the certificate hash.  If they do not match, please run the installer again (or run the GenerateSSL.cmd as Administrator from the C:\Program Files (x86)\Brinkman Financial L.P\BFC Applet v5\ directory).

Windows Service

The Windows Service should be left with its defaults – Automatic Start and Log On As set to Local Service.  The installer also configures the Recovery options to restart the service if it crashes. 

Browser Connections

With WebSockets and SignalR technology, browsers from many different devices can connect to this Bridge service.  BFC has limited the design to have the browser on the merchant’s computer to connect only with the computer the browser is running from to reduce the possibility of security concerns from external entities.  Browsers as low as Internet Explorer 9.x can connect to this technology but with PCI requiring TLS 1.1 security and above, browsers less than Internet Explorer 11 will not be able to continue to submit to BFC’s Gateway system for much longer. 

Access the BFCSignalR service by navigating to https://localhost:3068/signalr/hubs

Virtual Terminal

BFC has added some visual cues to identify if the BFC SignalR Service is running in the background, if EMV hardware has been identified, Card Swiper detected or a Printer with “Receipt” in its name. A green check mark identifies the system has found the hardware, a red X identifies if the page could not find the hardware as configured.

New Features:

• The arrow to the left of the icons show will expand a log information box. 

• The “Test Printer” button will generate a quick print against the printer labeled with “Receipt” in its name. 
• When the user is being redirected to the Beta version of the page, the “BETA Version” label is displayed in the upper right of the page. 
• If the Bridge Service is not running, a Red X will be displayed on the screen.

EMV Processing

To start an EMV transaction, provide an amount and click the “Submit” (or Authorize) button. The system will display different messages to the merchant as the transaction is processing:

Once the transaction complete, the success message and a printed receipt will show.

Card Swipe Processing

For merchants with an existing card swipe tool, once the page loads, swipe the card and enter the payment amount.  Swiping the card will automatically populate the card details on the page:

Manual Keyed-entry

The page continues to support manual keyed-entered credit card numbers. 

See Also

• Ingenico Driver setup procedure (click to the link)