One of our clients emailed:
Is there any way that you can tell if someone has remoted into the system or if there is a virus in the computer system? I was just looking at the sales today for the show that went on sale. There are a total of 8 sales today that were charged and then immediately refunded. Then there is also 4 sales where they were charged however no tickets were held for them (fortunately those people called and we got them seats but now I have to refund them online).
You are correct in being concerned about any activities involving money. Yes, there are records kept of any activity in the server and in the database. Some of it is not obvious.
- Check your Wintix daily sales reports in order to reconcile your cash drawer. Compare them with the sales reports from Authorize.net. Do they balance?
- Prepare the deposit slip.
- If you find a sale that does not seem correct, edit that sale. Click on Other information and click on the Audit trail button. Print the report that comes up. You will see all the activity that is connected with a particular sale. You will see who did it, when they did it, and what computer they were using.
Print your reports, staple them together, and put them away in a file drawer until you need them.
If you can do that, you are covered for 90% of any problems.
- Depending on the motivation of the suspicious person and their skill set, there are other things that can happen. The data can be accessed from outside Wintix. Because the underlying database is so universally used, there are many programs that are able to modify Wintix data. This can be tracked by turning on the logging.
Your web server also has logging built in. Your web server is current and has all the security patches applied.*
- If you have reason to believe that your server is infected with a virus, let us know. We can put your data and web site on our servers. You would still be in business while your server is worked on.
*There are many logs available. The most useful one is the MySQL general log. This needs to be turned on though. We are the only ones who can do it on our servers. StackOverflow has the most useful instructions.
The web server has several logs. For our work, these are rarely used. If you really think you need access, you will need to let us know which log file to retrieve. We will get it for you.