Cards & Vaults

Regarding financial transactions, the security of cardholder data is of utmost importance. This guide will provide an overview of how MoneyHash addresses this critical concern.

Trust and compliance in financial transactions

At MoneyHash, the significance of trust and compliance in financial transactions is well understood. Therefore, protecting cardholder information is not just a priority, but a commitment. This document will explain the strategies for achieving the necessary PCI Compliance level while handling card information.

This section covers the safety measures used by MoneyHash to securely handle and store tokenized cards in its vault. Advanced tokenization techniques are used to protect sensitive card data. The security measures implemented maintain the essential PCI Compliance standard required in the financial industry.

MoneyHash's Vault

MoneyHash's Vault is a secure, PCI-compliant system specifically designed to safeguard sensitive card data while generating corresponding tokens and minimizing the risk of data breaches. The vault is accessible solely to MoneyHash, with a solitary, controlled route established for interaction during the tokenization process, ensuring the safety and privacy of sensitive payment information.

Vault security features

  • Isolation and Communication: To ensure maximum security, MoneyHash's vault operates independently, communicating solely with backend and frontend systems as needed. This isolation prevents unauthorized access, with communication specifically dedicated to tasks such as card tokenization and transmission.

  • Enhanced Security Measures:: When accessing the embed_url for entering card details, MoneyHash employs a secure process using an iframe. This iframe exclusively communicates with the PCI-compliant vault system, ensuring that sensitive card information is processed securely. The vault then returns a token, which undergoes further processing within MoneyHash's system to generate the accessible card token. This multi-step approach is designed to maintain a high level of data security throughout the process.

  • Access Control with an Access Token: The MoneyHash vault incorporates an additional layer of security through the use of an access_token. This time-limited MoneyHash signature expires after 300 seconds, and it must be included in all requests to the vault. After the expiration, a new initiation is required for any further actions with the current data. This mechanism enhances overall access control and security by limiting the lifespan of sensitive tokens.

The Vault Workflow

The MoneyHash only enters into play when a CARD is selected as the payment method. In this scenario, MoneyHash collects card data, securely stores it in the vault, and provides the resulting token for future usage. MoneyHash takes all steps related to this process described below.

This step-by-step is just an explanation of how our vault works:

  1. The vault becomes active when the chosen payment method is CARD.
  2. The vault provides your front-end webpage with a form to be rendered within an iframe.
  3. The customer enters the required data and submits the form.
  4. The form exclusively communicates with the vault, transmitting the collected data for secure storage.
  5. The vault responds to the form with a JSON response.
  6. The form transfers this information to your front-end webpage.
  7. Your front-end webpage forwards the data to Moneyhash's back-end.
  8. MoneyHash's back-end utilizes the card_token, which is exclusively usable by MoneyHash, to create the final card_token that is stored within the customer entity.

In essence, tokenization occurs within the vault, and the tokens generated are exclusive to MoneyHash. MoneyHash further processes these tokens to create the accessible card_token you'll use for transactions.