How is credit card processing handled in BATS

How is credit card processing handled in BATS

BATS CRM is fully PCI compliant.  This article explains how credit card processing is performed in BATS CRM system and how the sensitive credit card information is handled.

General information:
  1. BATS CRM does not store any sensitive cardholder information on our internal systems
  2. All cardholder data is captured on an encrypted website and is saved to Authorize.net CIM via an encrypted TLS encrypted connection to Authorize.net API
  3. BATS CRM stores the Customer Profile ID and Customer Payment ID so that credit card charges can be processed at a later time, also via an encrypted TLS encrypted connection to Authorize.net API

Credit card information is collected on a website https://sport.batscrm.com/
Here is a sample page from the website:


When user clicks "Save" the request is then sent to the Authorize.net API via an encrypted link, requesting that Authorize.net stores the credit card information in the CIM.  If successful, the API returns the Customer ID and the Payment ID, which are saved in BATS CRM system and associated with the customer's account.

Once the credit card is ready to be charged, the user of BATS CRM system navigates to an Order that is associated with the customer and clicks on "Charge Card" button and enters the amount to be charged on a page like this one:


When user clicks OK, BATS CRM makes a call via an TLS encrypted connection to the Authorize.net API and sends the Customer ID and Payment ID, along with API authentication information and the amount to be charged.  If card was successfully charged, the API responds with the transaction ID which is stored in BATS CRM system for future reference.