Cards & Vaults
Regarding financial transactions, the security of cardholder data is of utmost importance. This guide will provide an overview of how MoneyHash addresses this critical concern.
Trust and compliance in financial transactions
At MoneyHash, the significance of trust and compliance in financial transactions is well understood. Therefore, protecting cardholder information is not just a priority, but a commitment. This document will explain the strategies for achieving the necessary PCI Compliance level while handling card information.
This section covers the safety measures used by MoneyHash to securely handle and store tokenized cards in its vault. Advanced tokenization techniques are used to protect sensitive card data. The security measures implemented maintain the essential PCI Compliance standard required in the financial industry.
MoneyHash's Vault
MoneyHash's Vault is a secure, PCI-compliant system specifically designed to safeguard sensitive card data while generating corresponding tokens and minimizing the risk of data breaches. The vault is accessible solely to MoneyHash, with a solitary, controlled route established for interaction during the tokenization process, ensuring the safety and privacy of sensitive payment information.
Vault security features
-
Isolation and Communication: To ensure maximum security, MoneyHash's vault operates independently, communicating solely with backend and frontend systems as needed. This isolation prevents unauthorized access, with communication specifically dedicated to tasks such as card tokenization and transmission.
-
Enhanced Security Measures:: When accessing the
embed_urlfor entering card details, MoneyHash employs a secure process using an iframe. This iframe exclusively communicates with the PCI-compliant vault system, ensuring that sensitive card information is processed securely. The vault then returns a token, which undergoes further processing within MoneyHash's system to generate the accessible card token. This multi-step approach is designed to maintain a high level of data security throughout the process. -
Access Control with an Access Token: The MoneyHash vault incorporates an additional layer of security through the use of an
access_token. This time-limited MoneyHash signature expires after 300 seconds, and it must be included in all requests to the vault. After the expiration, a new initiation is required for any further actions with the current data. This mechanism enhances overall access control and security by limiting the lifespan of sensitive tokens.
The Vault Workflow
The MoneyHash only enters into play when a CARD is selected as the payment method. In this scenario, MoneyHash collects card data, securely stores it in the vault, and provides the resulting token for future usage. MoneyHash takes all steps related to this process described below.
This step-by-step is just an explanation of how our vault works:
- The vault becomes active when the chosen payment method is
CARD. - The vault provides your front-end webpage with a form to be rendered within an
iframe. - The customer enters the required data and submits the form.
- The form exclusively communicates with the vault, transmitting the collected data for secure storage.
- The vault responds to the form with a JSON response.
- The form transfers this information to your front-end webpage.
- Your front-end webpage forwards the data to Moneyhash's back-end.
- MoneyHash's back-end utilizes the
card_token, which is exclusively usable by MoneyHash, to create the finalcard_tokenthat is stored within the customer entity.
In essence, tokenization occurs within the vault, and the tokens generated are exclusive to MoneyHash. MoneyHash further processes these tokens to create the accessible card_token you'll use for transactions.
Testing Cards
Explore our test cards - a set of predefined scenarios to efficiently validate and test our system in your environment.
For Expiry Date add any future date and for CVV add any 3 digits
| Card Number | Status |
|---|---|
| 1111000000000000 | Success |
| 0000222222222222 | Success - 3DS |
| 4242 4242 4242 4242 | Success |
| 3456 7890 1234 564 | Success |
| 5436 0310 3060 6378 | Success |
| 4658 5840 9000 0001 | Success |
| 0000111111111111 | Failure |
Updated 8 months ago