The FloCash FGW utilises a 128-bit SSL communication channel over HTTPS, which is a method of encryption used to secure traffic between payment gateway and intermediary servers. HTTPS must be supported for secure communication; HTTP is not an available option as it is unencrypted.
Because the communication layer is already provided by the server, this is often the fastest way to implement the FloCash solution. The only message format allowed via this communication method is XML, and the data must be submitted as Content-Type: text/xml and via a POST. The response shall only return the raw XML response message. The current implementation requires that the client software be able to validate the server’s SSL certificate. Either the server’s CA must be registered with the client, or an officially signed certificate must be used for the server.
The IP protocol is a standard, unencrypted TCP/IP connection. It is only recommended to use this method on guaranteed private networks otherwise sensitive data such as card numbers or PINs could be intercepted, and utilizes only the Stream Message Format (not XML). Upon establishment of a connection, the server/host shall send a single ENQ to the client to indicate the connection is up and is ready to receive transactions. If the client has not received that ENQ within 5 seconds, it shall disconnect. The primary reason for this is for detecting faulty firewall rules whereas some firewalls may allow the IP connection establishment, but not actual communication. It also allows the server to perform some pre-initialization steps upon establishment of a connection prior to receiving a transaction.