Which Cayan products fit your needs?

Review the Cayan solution matrix, organized by card acceptance environment and vertical, below:

Home/Developers / Solution Matrix
 

Card Present Environments

  Traditional Mobile Telephone/Keyed
Retail Front Counter/Checkout Area
  • Genius Countertop
  • Genius Handheld
  • Genius Mini
Pay in the aisle
  • Genius Handheld
  • Genius Mini
Payment Station (in aisle)
  • Genius Countertop
  • Genius Handheld
  • Genius Mini
Capture on a payment terminal
  • Genius Countertop and Handheld
  • Encrypted Keypad
Capture within your POS
  • Cayan Checkout Plus
  • Transport hosted payment page
  • MWare Web Service API
Restaurant Front/Back Counter (quick service or full service)
  • Genius Countertop
  • Genius Handheld
  • Genius Mini
Pay at the table
  • Genius Handheld
  • Genius Mini
Capture on a payment terminal
  • Genius Countertop and Handheld
  • Encrypted Keypad
Capture within your POS
  • Cayan Checkout Plus
  • Transport hosted payment page
  • MWare Web Service API
Healthcare (FSA/HSA Support) Front Counter
  • Genius Countertop
  • Genius Handheld
Drive thru / Bedside / Delivery
  • Genius Handheld
  • Genius Mini
Capture on a payment terminal
  • Genius Countertop and Handheld
  • Encrypted Keypad
Capture within your POS
  • Cayan Checkout Plus
  • Transport hosted payment page
  • MWare Web Service API

E-commerce environments

Cayan offers a number of ways for a merchant or ISV to implement an E-commerce solution. Each of these solutions offers different benefits and has different security implications for the implementor. The PCI Security Standards Council has published an informational supplement on Best Practices for Securing E-commerce that we recommend merchants and ISVs consult to be better informed of their PCI scope and responsibilities. Merchants should consult with their acquirer (merchant bank) or with the payment brands directly to determine whether they are required to validate their PCI DSS compliance and which reporting method they should use.
 
Solution E-commerce method Use When PCI Scope Comments
Checkout Direct Post You need full control over your payment form’s look and feel SAQ A-EP The Direct Post Method for e-commerce payment is generally used by larger merchants that require more control over their payment form “look and feel” and are able to understand and implement the extra PCI DSS security controls that are required to protect their systems.
 
The Direct Post Method uses the merchant’s website to generate the shopping cart and payment web pages. The merchant’s payment form, loaded in the customer’s browser, sends the cardholder data directly to the PSP—not via the merchant’s website or systems—ensuring cardholder data is not stored, processed, or transmitted via the merchant systems. However, the payment form is provided by the merchant; therefore, the merchant’s systems are in scope for additional PCI DSS controls, which are necessary to protect the merchant website against malicious individuals changing the form and capturing cardholder data.
TransportWeb Redirect/iFrame You want an easy to use payment page/redirect/iframe solution, but need less UI look & feel customization than Checkout or MerchantWare would give you SAQ A In the URL redirection model, the cardholder is redirected from the merchant’s website to a third-party page. The cardholder then enters their account data into a payment page hosted by the third-party payment service provider (PSP). This may also be called a “punch out” since customers and application users are sent to a PSP’s web pages. This is generally noticeable to the customer as the merchant’s website URL—e.g., http://www.merchant.example.com—changes to that of the PSP—e.g.,
https://www.psp.example.com.

An iFrame (or Inline Frame) is a method of seamlessly embedding a web page within another web page—the iFrame becomes a frame for displaying another web page. The iFrame is unique. iFrame provides “sandboxing” to isolate content of the embedded frame from the parent web page, thus ensuring that information is not accessible or cannot be manipulated through various exploits by malicious individuals.
 
In e-commerce payments, the pages delivered during the checkout process would be supplied by the merchant's website, with an embedded iFrame supplied by the PSP within that process. The PSP’s iFrame receives all cardholder data entered by the customer.
Shopping Cart (eg. Magento or Demandware) Wholly Outsourced You want a full-fledged shopping cart solution SAQ A Many e-commerce solutions exist that provide most or the entire merchant’s online shopping functionality and experience. These solutions provide more than just transaction processing capability, often including customer-facing features such as product search, cart capability, checkout, and account management; and back-office features such as product management, customer relationship management, order management, and appearance customizations.
 
A hosted shopping cart is an e-commerce system that is hosted entirely on the service provider’s technological infrastructure. The e-commerce is not seamlessly integrated into the merchant’s website and the consumer is often directed off-site to select product and complete checkout.
 
The use of such a solution can alleviate many but not all of the merchant’s PCI DSS responsibilities. All merchants have a responsibility to implement policies and procedures that govern safe handling of cardholder data even if they never expect to encounter credit cards. Furthermore, it is the responsibility of the merchant to vet the service provider and monitor its compliance to PCI DSS. See SAQ A for more information on assessing compliance for merchants who use these solutions.
MerchantWare API You need complete control over the payments acceptance process SAQ D The payment page and form are hosted and supplied by the merchant website with all cardholder data processed by the merchant web server (and possibly other system components) before being sent to the payment solution provider.
 
Merchant e-commerce systems that receive or store cardholder card data (even temporarily) require greater security controls than the previously discussed methods.
 
In the payment methods discussed earlier in this document, risks are minimized due to payment service providers receiving cardholder data directly from the customer, reducing security responsibility for merchant systems.
 
The merchant system’s handling of cardholder data in the API method may require that the entire set of PCI DSS controls be applied to the merchant’s in-scope systems, people, and processes.

Back-office / Customer Service environments

Partner Plugin/Payment Terminal Control your own UI / Embed within your application Use a hosted payment page
  • Encrypted Keypad
  • Cayan Checkout Plus
  • MWare Web Service API
  • Transport hosted payment page
Put the Genius of Cayan to work for your business.
1-844-278-7115