PII/PCI

Does B1- iPayment transmit PII or PCI data from/to the ERP host system?

Only non-sensitive PII data like first name, last name, street, city, state, country, email and postal code are transmitted. Only non-sensitive PCI data is transmitted like masked Credit Card number, expiry data and Credit Card type.

What is the transmission method and is the data encrypted?

The transmission is done using a HTTPS call to the gateway API. PCI sensitive data like full Credit Card Number and Security Code are never transmitted or stored in the database.

CyberSource specific

The transmission is done using a HTTPS call to the CyberSource gateway API. Besides being transferred using HTTPS the data is also encrypted using a private certificate that is created by CyberSource (https://www.cybersource.com/developers/getting_started/test_and_manage/update_keys_and_certificates/) and the certificate is then used by CyberSource to verify that sender.