PCI-DSS Compliance and CIS Solution - CASH

Learn about CASH - a secure payment system.

CASH is an innovative and secure payment interface integrated by CIS.

Customers can use the CASH (Credit Card and ACH Secure Handling) interface to make payment using Credit/Debit card.

CASH changes the way CIS collects, stores and processes credit card and ACH payment information. Instead of storing credit card information in the databases, when a user enters payment information, CASH immediately send the credit card / ACH data over to the Supplier's payment vendor (also called a Payment Gateway). The payment gateway in return sends a token that represents a profile of the Customer and their payment information for that vendor. This token is stored in CIS and can be used for future payments with that vendor.

Note: CIS only stores the token and not the actual payment information.

For Customers who do not choose to save the card information, no token is generated by the Payment Gateway and the Customer’s payment card data is securely stored in our databases according to PCI-DSS guidelines for a record of the transaction.  This information is not re-used in any manner after the one-payment and the Customer needs to enter their information again for future transactions.

For further reading on PCI-DSS guidelines, see https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard.

CASH Payment Process Flow

The payment sequence or process flow when CASH is enabled is as follows:

  1. User makes a payment on internal or external web page or through the IVR system.
  2.  The WCF Service receives a request for the Payment Form.
  3. The service then passes the client, Customer, and application data to the controller to retrieve the fields required for payment.
  4. This information is then passed to the HTML engine that transforms the data into an html form string.
  5. The response is sent back to the WCF service and then the calling application as a response string.
  6. The WCF Service receives a request to process a payment. The request contains the field and value entered on the payment form.
  7. The data is used to create a payment request. This request is passed to the controller.
  8. The controller creates the appropriate payment processor and calls the payment gateway for the appropriate vendor.
  9. The response is processed by the controller and sent to the HTML generator to get the html response for the payment response.
  10. The WCF Service receives the response and passes it back to the client as a response string.