Virtual Terminal Solutions

Processing and managing transactions could not be easier with CityPay's Virtual Terminal (VT) options.

How does a Virtual Terminal benefit my business?

The virtual terminal allows a user to connect to a secure web form where manual transactions can be processed through a web browser, smart phone or tablet. The terminal can be used for standalone or multi user environments. Transaction are authorised and validated in real time with response messages received within seconds. Space and cost savings are assured as the VT replaces the need for physical terminals.

Key benefits are:

  • Available for web browsers, smart phones or tablets
  • Real time online authorisation
  • No need for dedicated terminal
  • No telephone line rental or call charges
  • No need to retain card details
  • Linkage with  Card Holder Accounts
  • Full multi-currency capabilities
  • Multiuser
  • Easily embedded into an existing application or a simple URL shortcut from the desktop

Corporate VT Solutions

CityPay offers a Microsoft Windows® terminal solution for merchants who require transactions to be easily called by a managed solution. With the requirement for payment card industry compliance, existing payment modules are required to be in line with the Payment Card Industry PCI-DSS and PA-DSS requirements including any that are built in house. 

CityPay provide a solution for merchants who wish to have an agent operated MOTO terminal on their payment systems which simplify their requirement for compliance by using a browser component to manage the payment process. The browser component loads a server side web page for payment handling. The payment therefore takes place on CityPay's compliant servers away from the localised billing system.

How Moto MT works

An Example in House Application

In a standard host application, the application is in PCI scope for assessment and requires PA-DSS compliance. Ordinarily, data entry and validation is performed by the internal application which is running on your desktop or server and an example workflow includes:

  1. A card holder contacts the service desk to pay for services or goods
  2. The agent looks up their account on the host application and confirms the amount required to be paid
  3. The agent clicks on card payment and requests card details from the customer
  4. To perform payment the agent either
    1. Is displayed a form on the host application and the agent enters details provided by the card holder
    2. A new payment is selected on a stand alone terminal and the agent manually enters payment details through
  5. The agent submits the transaction for authorisation
  6. The application creates a payment request by contacting a PSP which processes the request online
  7. A response is obtained from the bank and returned via the API to the host application
  8. The host application updates the accounts database with the result of the transaction
  9. The host application displays the response to the agent who feeds back the response to the card holder.

Due to the fact that Card Security Codes (CSC) and Primary Account Numbers (PAN) (card number) are handled by the application and are protected by the PCI requirements, the CSC value must never be stored, logged or hashed. Likewise, the PAN if stored must be strongly encrypted using key management procedures in line with the standard.

A Streamlined Solution

Moto MT provides an alternate approach to the boundaries of the PCI scope which offsets the entry of payment data to an online hosted form.

  1. A card holder contacts the service desk to pay for services or goods
  2. The agent looks up their account on the host application and confirms the amount required to be paid
  3. The agent clicks on card payment and requests card details from the customer
  4. A request is sent by the host application via an API that payment is required
  5. A window pops up displaying a card entry form
  6. The agent enters the data into the hosted form
  7. The agent submits the transaction for authorisation
  8. The result of the transaction is displayed
    1. If not authorised, the result is shown to the agent, the agent may cancel the transcation or proceed with different details
    2. If authorised, the window automatically closes and the host application is updated
  9. Optionally, a post request may be sent by the payment server to a hosted page on your network which can then updated your database with the result.
  10. The agent feeds back the result of the authorisation to the card holder.

Integration Requirements

This service is currently only available on Microsoft Windows operating systems.

The Moto Managed Terminal (MMT) operates as a modular option for your host application. The host application may be written in any development language however must be able to run a local system command.

CityPay provide an application which is installed on the local machine or on a network share. This application is called by the host application using a process command instructing the terminal to load using command line parameters. The terminal will forward a request to the CityPay online host to instigate a transaction. The server will forward an online terminal form which is displayed by the application. The program will return response data to the calling application using the standard output of the program.

Multiple format responses are available including XML, JSON, CSV or delimited parameters.