- CloudPay Mobile - Security Overview
Learn How CloudPay Mobile
Helps Protect Payment Activity
PCI-compliant tokenization, gateway-vault card storage, role-based access, and audit logs.
CloudPay Mobile is built to help businesses process payments securely across mobile devices, the Dashboard, and back-office workflows. Card data is tokenized at the point of capture, sensitive fields are redacted before logging, and every administrative action is recorded in an audit log.
Security Built Into Everyday Payment Operations
Businesses process sensitive payment activity every day, which means security cannot be a layer added after the fact. It needs to live in the payment flow itself — from card capture to transaction processing to customer management to reporting.
CloudPay Mobile is designed around this. Card data is tokenized via gateway-native flows (CollectJS for NMI, FTD for Dejavoo) and never lands in the application database. Sensitive fields — card numbers, auth codes, tokens — are automatically redacted before any logs are written. Role-based access controls separate cashier, manager, and admin permissions. Every administrative change is captured in an audit log with timestamp, actor, and before/after values.
What Helps Protect Payment Activity
PCI-Safe Tokenization
Card data is captured through gateway-native tokenization flows — CollectJS for NMI accounts, FTD for Dejavoo accounts. The actual card number never touches the CloudPay Mobile application or its database. What’s stored is a vault reference; subsequent charges use the reference, not the card.
Gateway-Vaulted Card Storage
Saved cards (Card on File) live in the gateway’s PCI-compliant vault — NMI vault for NMI accounts, Dejavoo vault for Dejavoo accounts. CloudPay Mobile holds vault identifiers, not card data. This keeps storage compliant and out-of-scope for your application.
Tap to Pay Through Trusted Infrastructure
Tap to Pay on iPhone uses Apple’s Proximity Reader framework. Tap to Pay on Android uses SoftPOS via the Dejavoo IposgoSDK. Both rely on the contactless chip in the device for the read; transaction tokens flow through PaymentCore to NMI or Dejavoo.
Role-Based Access Control
Three role levels: Admin, Manager, and Cashier. Each has scoped permissions — cashiers see Charge and Payments, managers add Reports and Settings, admins add user management. No shared logins.
Sensitive Data Redaction in Logs
Card data, auth codes, tokens, and sensitive response fields are automatically redacted before any log line is written. Even if a developer accidentally logs a full payment response, the sensitive parts are stripped at the logging layer.
Audit Logs
Every administrative action is logged with timestamp, actor, change details, and before/after values. Includes user role changes, settings changes, refunds, voids, and customer record edits. Useful for compliance reviews, dispute investigation, and multi-user accountability.
Crash Recovery and Idempotency
Every Tap-to-Pay transaction is tracked from the moment Pay is tapped. If the app crashes or the network fails between capture and confirmation, the transaction is recovered safely on the next launch. Unique idempotency keys per transaction prevent double-charges from network retries.
Session Management
Authentication tokens have defined lifetimes with refresh flows. Suspended or deactivated merchants are kicked out at the request layer — sessions don’t survive a status change. PIN login auto-locks on app close so a misplaced device doesn’t expose payment activity.
Visibility Across Payments, Customers, and Staff Activity
CloudPay Mobile keeps payment activity organized within one ecosystem. Transactions, customer records, invoices, subscriptions, and payment workflows are visible from one Dashboard instead of being scattered across multiple systems.
Operational Security Benefits
- Role-based staff access management (Admin / Manager / Cashier)
- Centralized transaction visibility across every channel
- Connected customer payment history with audit trail
- Dashboard access controls and audit logging
- Tokenized customer payment storage in gateway vaults
- PCI-DSS aligned logging and data handling
- Sensitive data redaction at the application layer
- Idempotency keys and crash recovery on every transaction
Security Across Mobile, POS, and Dashboard Workflows
Security workflows extend across the Mobile App, Mobile POS environments, and the Dashboard. Whether the business is taking contactless payments through Tap to Pay, managing subscriptions, sending invoices, or processing Virtual Terminal payments, the same tokenization, redaction, and audit infrastructure applies.
As businesses grow, CloudPay Mobile continues supporting connected payment operations across devices, staff members, and customer environments while maintaining centralized reporting visibility.
Manage Payments Through
a Connected, Secure Platform
CloudPay Mobile helps businesses manage payment activity, customer workflows, and reporting through
one connected ecosystem built around modern operational and security needs.
one connected ecosystem built around modern operational and security needs.