1. WHAT YOU WILL NEED

A. Your SFTP Site, SFTP Login ID, SFTP Password, SFTP Key, GPG Key, and the location to upload the files that was emailed to you after signing up with BadCustomer.

B. A GPG with a user interface.

Encryption information
As an enhanced security precaution to protect you and your customers, BadCustomer.com requires encryption of all files containing Card Number Hashes and customer information. Once those files are received by BadCustomer.com, they are kept safe on our secure servers.

The BadCustomer.com GPG key for encryption will be provided to you via email. Please save this key to your computer in an easily accessible directory, such as your Documents folder. GPG encryption is compatible with PGP 5 or higher.

GPG For Windows
Download GPG with a user interface here:
Additional information may be found at GPG.org

GPG For MAC X or Higher
GPG download is located in the “Files” section here
Additional information may be found at GPG.org

C. An SFTP Client

Always choose the SFTP (SSH File Transfer Protocol) option when adding BadCustomer.com as a new connection or server type. This helps to ensure security of credit card information. All data files must be encrypted before uploading to the Bad Customer SFTP.

After signing up as a data provider on BadCustomer.com, you will receive a Private Authentication Key via email. Please save the document to your computer.

SFTP For Windows
BadCustomer.com recommends the Bitkinex SFTP client

SFTP For Mac
BadCustomer.com recommends the Cyberduck SFTP client

2. FORMATTING AND ENCRYPTING YOUR FILES

A. Review and format your files according to the BadCustomer Database File Format Instructions

Files must be named in the following format: COMPANYNAME_YYYYMMDD.csv
Do NOT use parenthesis () in the file name! Example: YOURCOMPANYNAME_20090621.csv
All data must be in Comma Separated Variable (CSV) format. All data fields must be surrounded by double quotes.
Create Country field in the flat file for phone number verification. Specify "United States" if U.S.A.
The following symbols are allowed in Card Holder Name: () & . , - ' /
Phone Number format can be "(xxx)xxx-xxxx" OR "xxx-xxx-xxxx" OR "xxx xxx xxxx"
Date format can be "20090605" OR "2009/06/05" OR "2009-06-05" ONLY (NOT June 5th, 2009).
NO fields should contain quotation marks " " or the addition symbol +
Cardholder Name should be exactly as it appears on credit card.
Cardholder Name should NOT have digits, accent marks, or symbols.
Phone Numbers, Chargeback Dates and Amounts should NOT have letters.
If no Card Number Hashes or Phone Numbers are provided, please label the field "NULL".
Do NOT label the Card Number Hash or Phone Number field "NONE", dashes "----", or "0000".
If Country is not provided, we assume "United States" as the location.

The following is a sample line using the Data File Format:

"John Q. Public", "199613052ab839c788802a1d6f849038", "20090518", "29.99", "310-555-9999", "johnq@public.com", "JohnQ", "123.44.55.66", "6 Pack Abs 4u", "John", "Public", "12345 N 6th Street", "Agua Linda", "AZ", "85640", "United States", "public.com"

Download the BadCustomer Database File Format here (PDF).

B. Encrypt your files using a GPG

GPG For Windows
Download GPG with a user interface here:

Choose the download option “As a complete package with all language files” located in the middle of the page.

Once you have downloaded and installed the program, you will need to follow these instructions once (per terminal) to import Bad Customer’s Public Key.

1. Right-click on the key icon in the systems tray > Key Manager > Key Menu > Import > (select file GPG_Key) > Open > Import

2. Now that you have imported Bad Customer’s Public Key, you will be able to encrypt your data file for SFTP upload to Bad Customer. Right-click on the key icon in the systems tray > File Manager

3. Drag the data file into the window, then right-click on the file to select Encrypt or choose Encrypt from the File Menu.

4. You will then be prompted to select the Bad Customer key by clicking a checkbox to the left of the key name.

5. In the Warning dialogbox, you will be asked to skip the Bad Customer key, select NO.

6. The File Manager will then display the location of the encrypted file with Operation: SUCCESS

Additional information may be found at GPG.org

GPG For MAC X or Higher
GPG download is located in the “Files” section here

Once you have downloaded and installed the program, you will need to follow these instructions once (per terminal) to import Bad Customer’s Public Key.

1. Save the file name GPG_Key that was emailed to you in your Documents folder.

2. Finder > Applications > Utilities > Terminal

3. In the terminal window, type: cd Documents to access your Documents directory where you stored the file GPG_Key.
(If you stored the key in a sub-folder of Documents, type: cd [FOLDERNAME] in order to access that directory)

4. Once you are in the correct file directory where GPG_Key is stored, type: gpg --import GPG_Key to import the Public Key. You will receive a notification that the public key was imported successfully.

5. Now that you have imported Bad Customer’s Public Key, you will be able to encrypt your data file. After the "encrypt" command, type the name of the data file that you would like to encrypt. “FILENAME.csv.gpg” (output) is the encrypted file, and should be named "COMPANYNAME_YEARMMDD.csv.gpg". This is the new file name for your encrypted data that you will now need to upload to the SFTP site. In all file names, be sure to use underscores instead of spaces. Do not use parenthesis in file names.

type gpg -o COMPANY_YEARMMDD.csv.gpg -e ORIGINALFILE.csv

6. If you have more than one key in your system, you will need to specify Bad Customer's email as the recipient of the file in order to encrypt using our key:

gpg -o COMPANY_YEARMMDD.csv. gpg -r provider_support@badcustomer.com -e ORIGINALFILE.csv

7. The following prompt will appear until you sign the Bad Customer key:
It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y

8. Optional:
To sign the key so that you no longer see this prompt, enter the following:
gpg --edit-key A049807F
Command> sign
Really sign? (y/N) y
Enter the passphrase you created for your original key when setting up GPG
Command> trust
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
Command> quit
Save changes? (y/N) y

Though documentation and instructions are not yet complete, a GPG download with a user interface is available for MAC X 10.4 or higher here

3. UPLOADING YOUR ENCRYPTED FILES

Use your SFTP Client to upload your encrypted file to the location provided in the email you received after signing up with BadCustomer.

SFTP For Windows
BadCustomer.com recommends the Bitkinex SFTP client
1. Select “Data Source” tab in the menu, in the pulldown menu select “New” then “SFTP/SSH”
2. Name the new connection (ex: Bad_Customer), then highlight the name of the new connection
3. Select “Data Source” tab in the menu, in the pulldown menu select “Properties”
4. Enter the Server Address provided in your email from Bad Customer
5. In the Authentication “Method” pulldown menu change the default Password selection to “Private Key”
6. Enter the Username provided in your email from Bad Customer
7. In the “Private Key” section click on the folder icon, in the “Files of Type” pulldown menu select “All Files”
8. In the directory choose the “SFTP_Key” file that was emailed to you, select “Open”
9. Enter the Password that was provided in your email from Bad Customer, click “Ok”
10. Double-click the Bad_Customer connection name in the directory and select “Always Trust This Server”
11. Double-click the upload file folder icon to open, then drag your encrypted data file of chargeback customers into the folder

SFTP For Mac
BadCustomer.com recommends the Cyberduck SFTP client
1. Select “Open Connection” icon, then select “SFTP (SSH File Transfer Protocol)” in the pulldown menu
2. Enter the Server Address and Username provided in your email from Bad Customer, it is not necessary to enter your Password in this section
3. Select the “More Options” arrow, then select the ”Use Public Key Authentication” checkbox
4. In the directory, choose the “SFTP_Key” file that was emailed to you, select “Open”
5. In the “Unknown Host Key” pop-up choose “Always”
6. Enter Password that was provided in your email from BadCustomer.com, then select “Login” and the upload file folder will appear
7. Double-click the upload file folder icon to open, then drag your encrypted data file of chargeback customers into the folder

Should you have any questions or concerns, please contact BadCustomer.com for help:
provider_support@badcustomer.com

4. NEW DATA INTEGRATION

BadCustomer.com integrates new data uploads into the database nightly (midnight PST). New data submitted to BadCustomer before that time will be available for query the next business day.