Secure Payments – Next Steps

Complexity:    

Audience: Upper Management, Developers, Accounting, Loan Servicing/Collections Managers, Administrator, Compliance

Introduction

As we explain in Secure Payments 101, Secure Payments is a PCI-DSS compliant software that works with LMS to safely store payment information. It's also integrated with several payment processing companies, who move funds from borrowers' accounts into yours.

This article will explore the different features and tools available in Secure Payments, and show you how to use them in the UI.

How Secure Payments Works

Secure Payments (originally called PCI Wallet) is a LoanPro product that integrates with both LMS and third-party payment processors to facilitate payments. We developed it as a separate software so that it can more easily comply with Payment Card Information (PCI) Data Security Standards (DSS). This means that Secure Payments' code, procedures, and practices all meet a high standard for security, and that's where all of your customers' payment profile information is saved.

While security was the original reason for creating Secure Payments, it has proven helpful to have a separate software for processing payments because payment processing is so important. Secure Payments processes hundreds of millions of dollars each month in payments.

LMS is integrated directly with Secure Payments. In turn, Secure Payments is integrated with several payment processing services. This integration makes it possible for your company to be integrated with multiple payment processors or even be connected to more than one account with the same company. For example, if you want to use two different Authorize.net accounts, the integration with Secure Payments makes this possible.

Account Linking & Navigation

Normally, an LMS account is linked to a sister Secure Payments account during the onboarding process. If your LMS account is not yet linked to a Secure Payments account, our article Account Setup in Secure Payments explains the process.

Within the Software

When you first open Secure Payments, you'll land on the Customers page.

On the left, you'll see a navigation pane listing other pages, which are categorized into four groups.

Group

Description

Reports

In this area, you can run a Transaction History Search, view NACHA or CPA-005 files and history, and see your own usage history.

Tools

This section only contains Imports.

Settings

These settings control how Secure Payments works. The profile section shows you your API credentials, the email where notifications are sent, and MFA settings. On the processors page, you can create and edit all of you payment processors.

You can set up webhooks to send information after specific events. You can also customize the styling for your Secure Payments iframe. Lastly, you can configure Bank Card and Bank Account Controls.

My Account

This area is for information about your company, like your own payment profile, payment settings, and payment history. You can view your contract, and toggle which actions are available for your account.

Common Uses & Questions

Here's some information pertinent to specific roles at your company:

Upper Management Use
As upper management, you may not be using the software directly, but will probably be interested in the Payment Processors we're integrated with.
Developers Use
If you're integrating with the Secure Payments API, we recommend using our Secure Payments ReadMe page, where we list all whitelisted endpoints and give sample payloads and responses. We've also tried to explain what each field or value actually means, so you can understand the real-world effects of the requests you send.
Accounting Use
Accountants will likely be interested in the Reports tab and the My Account tab.

The Reports tab includes the Transaction History Search, NACHA or CPA-005 files and history, and your company's usage history.

The My Account tab shows your company's payment profile, payment settings, and payment history. You can also view your contract, and toggle which actions are available for your account.
Loan Servicing/Collections Managers Use
We recommend only logging into Secure Payments when necessary. Limiting logins can help keep customer payment data secure, and we've integrated Secure Payments with LMS so that all your day-to-day servicing activities can be managed from LMS. For more info on that integration and how payments move from one software to the next, see our article Payments 101.
Administrator Use
Be aware that your password for Secure Payments expires every 90 days. Our article Secure Payments Credentials Management explains how to best manage both your password and API credentials.
Compliance Use
Secure Payments is PCI-DSS compliant.

It also has features that can help you comply with other laws, like how Bank Account Verification can help you confirm a borrower's ability to repay, or how some payment processors can help you comply with the CFPB's Small-Dollar Payments Rule.

Terminology

Here's a quick list of the terms we use in this article.

Term

Definition

LMS

Loan Management System (LMS) is our core lending software. It's integrated with Secure Payments. We recommend using LMS for all your day-to-day servicing, including logging payments. LMS will then communicate with Secure Payments, and Secure Payments with your payment processors.

Payment Profile

A payment profile is a specific bank account or bank card that's been saved in Secure Payments. We recommend creating payment profiles through the iframe in LMS, which lets you save data into Secure Payments without actually logging in. Secure Payments then tokenizes the profile (see below) and lets LMS use it while keeping the borrower's information safe.

Token/Tokenize

Payment profiles in Secure Payments are tokenized. Sensitive data, like a bank account or card number, are saved and hidden from view. The system then gives you a token, a randomized string of letters and numbers that represents that profile. To process payments with them, you need to provide the token.

When a payment profile is added through the LMS iframe, this all happens in the background. Secure Payments automatically sends the token to LMS, which stores it in the with that customer, and then LMS uses the token when you log a payment.

What’s Next

If you'd like more details on how payments travel between LMS, Secure Payments, and your processors, check out Payments 101, and then Payments – Intermediate can show you how to actually add profiles and log payments in the software. You're probably also interested in setting up payment processors, in which case you'll want to read Payment Processors 101.


How did we do?


Powered by HelpDocs (opens in a new tab)