BFC is introducing a new Applet system (version 5.1). This new applet tool allow almost any browser on any platform to connect to a Windows Service that will then communicate to the hardware in the merchant’s environment/computer. The rest of this document describes the new system and how it works as compared to the old Applet system (helpful for support staff and customers preparing to upgrade).
Install video instructions found at https://bfc-usa.com/knowledge-base/ingenico-ipp320-setup/
New Installer (install steps)
With the new applet, a new installer has been made to install the application onto the computer. BFC will continue to improve the application and may require merchants to install a newer Bridge Service as we improve the application. BFC has integrated a version number check into the web page software to allow for future notifications to the merchant.
The new Applet BridgeSignalR Service requires the following (the installer will do as much as possible):
- .NET 4.6.1 (installer will download if not already installed on the computer)
- A self-generated 3-year SSL Certificate assigned to Port 3068 (installer will create the necessary files in the default install directory and assign the certificate to the port accordingly)
- Card Swipe hardware (optional for EMV): MagTek SureSwipe, IDTech MagSwipe, UIC Swiper (all in HID mode).
- EMV Hardware (currently supporting Ingenico IPP320V3 or V4 and IPP350 with RBA 15.0.6 or 23.1.2(V3 or V4) via USB COM port or IP-based communications)
- Printer with “Receipt” in its name
Download the Appletv5.1.exe from the BFC site and open the application. When the new Appletv5.1 installer is started, it will look for the .NET 4.6.1 run time and if not found, it will install before showing the next screen:
Agree to the terms and click “Install.” The system will start a “sub” installer that will do install the new pieces.
The new installer will look for the installed browsers. It is not required to have the browsers installed but if they are installed, the installation program will add a command to trust the certificate created without the merchant’s interaction. BFC provides links to download each browser. The installer will not continue if Postalmate is detected and Internet Explorer is less than version 11.
Next, the installer will look to see if the Ingenico iPP3xx hardware is connected and, if connected, if the Ingenico Drivers are installed. This screen is informational in purpose. If the yellow “?” is present, the software did not detect the hardware. If the value is a red “X,” it means the wrong driver version is installed. A green check mark indicates the correct driver is installed and EMV should be functional after installing this software.
Click Next and the installer will start. Once completed, the system should show the Completed Window
Once the installer is completed, the Finish button will take you back the parent installation program.
If there was any errors, a link to the installer log will be present (files can be found by navigating to “%temp%” (without quotes) in Windows Explorer). This install log will assist the development staff to assist in the debugging of the installation.
Once completed, you can find the service running in the Windows Services as “BFCSignalRBridge” and it should be configured as “Automatic” start-up and already be running.
Installer Problem – Windows Service fails to start and it ends install
One of the more common problems is when the installer attempts to re-install the Applet and the installer tries to start the BFC SignalR Bridge service. When it tries and fails, it rolls back the install and tell the user the install failed.
The problem is related to mis-matched dependency files and the new BFC SignalR Bridge service trying to run in the services. To correct this, attempt to uninstall the “Applet v5 Installer” from the Programs and Features (if it does not work or fails to uninstall, that is ok).
Next, navigate to the C:\Program Files (x86)\Brinkman Financial Company, L.P\ directory and delete the “BFC Applet v5” directory. A restart can clear out any other remaining remnants. Next, run the Applet v5.1 installer again.
Validating the Install – Certificate
The Certificate can be checked by starting the Microsoft Management Console (“mmc” from a run prompt) and selecting “Certificates” for the Local Computer and add Current User to the view:
Press Ctrl-M to pop-up the Snap-in options. Next, select the Certificates option in the left-hand list and then select “Certificates (Local Computer).”
Expanding the Local Computer-> Personal -> Certificates list, you should find an entry with “localhost” and an expiration date 3 years in the future to the current install date:
SSL Certificate Associated with port 3068?
To check to see if the SSL has been associated with the 3068 port, start an administrator-command prompt and type:
netsh http show sslcert ipport=0.0.0.0:3068
You should see that the Certificate Hash matches the certificate in the certificate store (double click on Localhost in the certificate store with the expiration date 3-years from today):
Compare the Thumbprint to the value shown as the certificate hash. If they do not match, please run the installer again (or run the GenerateSSL.cmd as Administrator from the C:\Program Files (x86)\Brinkman Financial L.P\BFC Applet v5\ directory).
The Windows Service should be left with its defaults – Automatic Start and Log On As set to Local Service. The installer also configures the Recovery options to restart the service if it crashes.
With WebSockets and SignalR technology, browsers from many different devices can connect to this Bridge service. BFC has limited the design to have the browser on the merchant’s computer to connect only with the computer the browser is running from to reduce the possibility of security concerns from external entities. Browsers as low as Internet Explorer 9.x can connect to this technology but with PCI requiring TLS 1.1 security and above, browsers less than Internet Explorer 11 will not be able to continue to submit to BFC’s Gateway system for much longer.
Access the BFCSignalR service by navigating to https://localhost:3068/signalr/hubs
BFC has added some visual cues to identify if the BFC SignalR Service is running in the background, if EMV hardware has been identified, Card Swiper detected or a Printer with “Receipt” in its name. A green check mark identifies the system has found the hardware, a red X identifies if the page could not find the hardware as configured.
- The arrow to the left of the icons show will expand a log information box.
- The “Test Printer” button will generate a quick print against the printer labeled with “Receipt” in its name.
- When the user is being redirected to the Beta version of the page, the “BETA Version” label is displayed in the upper right of the page.
- If the Bridge Service is not running, a Red X will be displayed on the screen.
To start an EMV transaction, provide an amount and click the “Submit” (or Authorize) button. The system will display different messages to the merchant as the transaction is processing:
Once the transaction complete, the success message and a printed receipt will show.
Card Swipe Processing
For merchants with an existing card swipe tool, once the page loads, swipe the card and enter the payment amount. Swiping the card will automatically populate the card details on the page:
The page continues to support manual keyed-entered credit card numbers.