Sage 100

The URL at the time of checkout should be set to use HTTPS. When it does that encrypts from the Client's browser to the IIS server that is hosting the site. Depending on the settings for the masapi.ini, the connection from IIS to the web engine may or may not be using a cert to encrypt. It will require a PEM certificate on the webengine to be configured for the port that it is communicating on. IIS displays images and the html from the web engine. The web engine does all the work to get the data and apply it to a template layout in HTML and it is presented to IIS to manage displaying to the client.

The page that the client is entering in credit card information is using the page presented by IIS that was created by the webengine. Data is not stored there but it is not Paya's website displaying the fields to enter the CC info. When submitted, the values go back to the webengine and is used as a variable to tokenize the payment information with Paya. That Token is saved and used in Sage from that point on. The CC is never stored in a table in Sage, and it is cleared from the variables when completed. 

The API to Paya is Encrypted to their server.

Thank you Todd

The URL at the time of checkout should be set to use HTTPS. When it does that encrypts from the Client's browser to the IIS server that is hosting the site. Depending on the settings for the masapi.ini, the connection from IIS to the web engine may or may not be using a cert to encrypt. It will require a PEM certificate on the webengine to be configured for the port that it is communicating on. IIS displays images and the html from the web engine. The web engine does all the work to get the data and apply it to a template layout in HTML and it is presented to IIS to manage displaying to the client.

The page that the client is entering in credit card information is using the page presented by IIS that was created by the webengine. Data is not stored there but it is not Paya's website displaying the fields to enter the CC info. When submitted, the values go back to the webengine and is used as a variable to tokenize the payment information with Paya. That Token is saved and used in Sage from that point on. The CC is never stored in a table in Sage, and it is cleared from the variables when completed. 

The API to Paya is Encrypted to their server.

I have been asked a follow up question to this if anyone knows the answer to this.   Does eBusiness Manager use TLS to send credit card information from the Web Site Store to eBM and if so what version of TLS?

Thank you Todd

The URL at the time of checkout should be set to use HTTPS. When it does that encrypts from the Client's browser to the IIS server that is hosting the site. Depending on the settings for the masapi.ini, the connection from IIS to the web engine may or may not be using a cert to encrypt. It will require a PEM certificate on the webengine to be configured for the port that it is communicating on. IIS displays images and the html from the web engine. The web engine does all the work to get the data and apply it to a template layout in HTML and it is presented to IIS to manage displaying to the client.

The page that the client is entering in credit card information is using the page presented by IIS that was created by the webengine. Data is not stored there but it is not Paya's website displaying the fields to enter the CC info. When submitted, the values go back to the webengine and is used as a variable to tokenize the payment information with Paya. That Token is saved and used in Sage from that point on. The CC is never stored in a table in Sage, and it is cleared from the variables when completed. 

The API to Paya is Encrypted to their server.