Overview
This article reviews the general process for how credit card processing or ACH payments work on a CIMcloud website. (Note that ACH payments are currently only supported for invoice payments and not orders on the CIMCloud platform)
CIMCloud does not do any direct credit card processing and all processing is done using third party merchant gateways contracted with by the website owner (the CIMcloud client). This third party provider must have an existing CIMcloud integration to be able to process credit card and/or ACH transactions on the website. Additionally the same gateway account must be integrated with the ERP for CIMcloud to pass transaction information to the ERP for additional processing.
Please confirm your ERP is compatible with the gateway you select.
Supported Merchant Gateways
The current gateways that CIMcloud integrates with are:
- PAYA (formerly Sage Exchange/ Sage Payments)
- Century Business Solutions (eBizConnect)
- REPAY (formerly APS [American Payment Solutions])
- Authorize.netCIM – There is no standard integration with Sage for this gateway and transaction information is not passed to the ERP. Additionally CIMcloud does not currently support ACH transactions with Authorize.netCIM.
- Nodus PayFabric
- Fortis
Credit Card Information
CIMcloud does not store the full credit card information. CIMcloud passes the credit card or ACH information to the gateway provider and these are vaulted with the 3rd party payment processor and are associated with the particular gateway account. CIMcloud only stores the information to connect to that vaulted information and pass the transaction to the ERP. Credit card and ACH vaulting and transaction processing are handled through a special network that complies with PCI DSS 4.0 requirements.
Information on setting up your website for your account with one of the gateways noted above can be found here: Configure Payment Gateway
Types of Credit Card Processing
The CIMcloud platform for orders supports the following types of transaction processing and this is set when configuring the merchant gateway in the CIMcloud platform. Invoice payment always default to Authorize and Capture no matter what the setting on the merchant gateway account in CIMcloud.
Authorize Only – Using this setting will vault the card if not already vaulted and create a transaction for the order. The funds are pending until the transaction is processed to capture funds in the ERP (typically the shipping process) or the transaction is processed through the gateway specific portal interface. This allows for some changes to the transaction amount prior to funds being captured with in limits for the specific gateways and/or credit card provider. This is the most typical set-up.
Authorize and Capture – This fully processes the transaction and captures the funds when the transaction is processed on the website. No changes can be made to the transaction after the funds are captured.
Vault Only – The card is only vaulted and no transaction specific information is created or validated with the gateway. All transaction processing is done through the ERP.
The list of credit card types that can be used on the CIMcloud platform can be found here: Accepted Credit Cards
Customer PCI DSS Compliance
CIMcloud will provide information to customers upon request to help them meet their own PCI compliance including our Attestation of Compliance and Attestation of ASV Scan Compliance.
Credit card transaction processing is handled through a special network that complies with PCI DSS 4.0 requirements. In order to ensure accurate scoping of scans, customers should not conduct their own ASV scans of their CIMcloud website to attempt to meet their own compliance. Instead, CIMcloud can provide an Attestation of ASV Scan Compliance of the credit card processing environment.