Wiki

New Case Case Status
Log In

Wiki

 
Mexico Auto Insurance»Credit Card Guide
  • RSS Feed

Last modified on 3/5/2015 9:23 AM by User.

Tags:

Credit Card Guide

Sending Credit Card Data to IIG Directly

IIG's systems will not accept credit card numbers via the API.  The API will only accept the payment nonce generated by Braintree.  This is a requirement for our PCI compliance, and exceptions cannot be made.  If your agency cannot work with the Braintree requirement, we suggest you use the Agent Issue functionality.

Extra Steps?

Issuing policies using a Credit Card is a difficult propisition, given the security requirements of PCI.

Credit Card Nonce

The Credit Card workflow adds extra steps in order to obtain a client_key used for encrypting and transmitting the credit card data to Braintree, IIG's payment card processor.  The new workflow looks like this (errors withstanding):

  1. Send Quote data to the API.
    • Receive back rating data.
  2. Send Coverage data to the API.
    • Requires the same data as fully issuing a policy except for the
    • Receive back:
      • Rating data for the selected coverage.
      • A payment client_key specific to this client, quote, and coverage.
        • Will appear in the response under payment.client_key.
  3. Collect payment information via AJAX from Braintree's Javascript API.
    • Braintree will return a nonce (one time use identifier) for the client's credit card information.
  4. Send Policy data to the API, including the nonce.
  5. Receive links to policy documents.

Braintree Javascript API

The Braintree Javascript API (click for documentation) is very straight forward, and is used to encrypt the client's credit card data, to avoid having a cardholder data environment.  This drastically reduces the impact of PCI compliance on systems using this payment method.

Example

We have a non-working example (missing the client_key), to guide your implementation.