CivicPlus is not involved in the transmission, storage, or capture of cardholder data. CP Pay’s methodology for implementing payments into CivicPlus products is to serve as a facilitator to redirect customers to the payment gateway, so that cardholder data is entered directly into the gateway’s system. In the case of card-present transactions, the payment card is entered onto a PIN-pad device, which communicates through a tray application directly to the gateway. In both cases, card-present and card-not-present transactions, cardholder data is never exposed to CivicPlus.
e-Commerce transactions are also known as card-not-present transactions. This means that the payment details were not collected from the physical card in person.
In a card-not-present transaction, CP Pay is the intermediary that connects CivicPlus products to payment gateways by acting as a switch board. When you implement CP Pay, you will configure your gateway for taking payments and typically will generate API credentials. The credentials are stored securely in CP Pay.
When a user goes to checkout, CP Pay will look up which gateway is in use and the API credentials. CP Pay then generates the session and connects the user to the gateway. The user is then re-directed away from CivicPlus systems and lands on a page hosted by the gateway.
The user then enters their payment details into this page. The gateway tells CP Pay whether the transaction was successful. CP Pay then re-directs the user back to where they started.
In this example, CivicRec is used to demonstrate the concept. However, this diagram is true for all CivicPlus products.
Retail transactions are known as card-present transactions. These types of transactions occur when a payment is taken in person using a payment terminal, such as a PIN-pad or EMV device.
In the flow of a card-present transaction, a transaction is initiated by asking CP Pay to start a transaction. CP Pay then communications to a tray application. A tray application sits between the PIN-pad/EMV device and the gateway. It is a listener application that is installed on your computer. Sometimes a gateway has their own tray application. In other instances, you will need to use the CP Pay Tray Application.
Once the tray application has been notified to start the transaction, it communicates to the PIN-pad device. Often, it prompts the user to insert, swipe, or tap their card. Once the user is done entering their payment, the device notifies the tray application which will then send the payment information to the gateway.
Once the gateway has processed the payment (both successful and decline payments) the result is returned back to the tray application which then notifies CP Pay.