QuickVault Summary Guide

This page describes the QuickVault solution and provides high level information about each of the registration options. The purpose of the page is to highlight the key features of each option so that you can compare the methods and choose the right option for your business.

In addition to this page, provide you with separate implementation guides for each registration option. These guides provide detailed technical information as well as step-by-step instructions to help you implement the solution.

You can register customer accounts using these methods:

What is QuickVault?

QuickVault is a Westpac service that allows you to store a customer’s credit card details or bank account details securely outside of your system. This process is commonly referred to as preregistering account details. QuickVault offers a range of solutions to register these account details. The range includes a file based solution, an API solution and a variety of web based solutions

The primary purpose of QuickVault is to help your credit card solution become PCI DSS compliant. The term PCI DSS stands for Payment Card Industry Data Security Standard. It is a security standard that has a number of requirements for processing, transmitting and storing credit card details. QuickVault has attained Level 1 PCI DSS compliance - the highest level achievable. To learn more about PCI DSS visit https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.

The benefit of using QuickVault is that your system is not required to store account details. Instead you only need to store an account token for each account. An account token is a unique identifier for a particular account. It is a shared identifier, meaning your system and QuickVault will both agree to use this value when referring to the account. The value for the token will be agreed upon at the time of registration. Then, at the time of payment, your system will provide this token to your Westpac payment solution and the corresponding account details will be used to make the payment.

High level steps for both the registration process and the payment process follow.

Figure 1 Registering an account with QuickVault

The high level steps for registering an account are as follows:

  1. The source will provide account details to QuickVault. The term ‘source’ is a generic concept. It is different for different registration solutions. The source will either be your staff, your customer or your system. See Figure 3 for details.

  2. QuickVault will store the account details alongside an account token. There are two ways the token can be generated. You can choose either a client generated token or a QuickVault generated token.

    • A client generated token is a value created by your system. It uniquely identifies your customer’s account. For example, your customer’s reference number or member ID. Your system will provide this value to QuickVault at the beginning of the registration process.
    • A QuickVault generated token is a value created by QuickVault. It is created during step 2 of the registration process. We recommend using this type of token if your system doesn’t have a unique ID for each account or if it is difficult to provide the ID to QuickVault. QuickVault can format the token in a number of ways. You can select your preferred format during the implementation process.
  3. QuickVault will notify your system about the registered account. A copy of the token will be included in the notification. Your system will make sure the token is stored alongside the customer’s details.

Registration is complete. Payments can now be made using the preregistered account.

Figure 2 Making a payment using a preregistered account

The high level steps for making a payment are as follows: 1. Your system provides the account token to your Westpac payment product (for example QuickBatch or QuickGateway). 2. The Westpac payment product searches for the account that was registered with the token. 3. The account details are located and returned to the Westpac payment product. 4. The Westpac payment product attempts to make a payment (using the account details located in the previous step). 5. A response is returned to indicate whether or not the payment was successful. 6. The Westpac payment product will provide a payment summary to your system.

Registration solutions

QuickVault has 5 different solutions that allow you to register account details. They are called:

  • Batch registration
  • API registration
  • Web registration
  • QuickConnect registration
  • Portal registration

Figure 3 QuickVault registration solutions

Batch registration

Batch registration is a file based solution. It allows you to register many accounts at once. This makes it an ideal solution for migrating existing accounts from your system.

To register account details, your system will provide a Registration Request File to QuickVault. This file contains details about every credit card or bank account you wish to register. QuickVault will process the file and store the account details. Once all the accounts have been processed a Registration Response File will be provided back to your system. This file will contain a summary of all the registration attempts. You will then process this file and remove the customers’ account details from your system.

To transfer files to and from QuickVault you can choose to either:

  1. Manually send and retrieve the files using iLink
  2. Automatically send and retrieve files using WIBS

For more information about each of these options see Sending and retrieving files

Figure 4 Batch registration

Key features of batch registration:

  • Many accounts can be registered at once
  • It can register both credit card accounts and bank accounts
  • It is the fastest and most effective way to migrate accounts

Limitations of batch registration:

  • It is not suitable for registering new accounts

For more information about implementing this solution, read the QuickVault (Batch Registration) Technical Implementation Guide.

API registration

API registration is an Application Programming Interface (API) based solution.

To register an account your system will send an API Request to QuickVault. This request contains details about a single account you wish to register. QuickVault will save the account details then send an API Response back to your system. The response will indicate whether the account was successfully registered.

The key feature of API registration is its ability to provide a real-time, synchronous response. This removes the complexities of issuing a request then having to process a separate response message sometime in the future. With API registration, your system will send the request then receive a response back in the same call, all in real-time.

Figure 5 API registration

API registration is typically used as part of a webpage registration process. To register an account, the customer will log onto your website and enter their account details into one of your webpages. Your server will then use API registration to send these details to QuickVault. The steps for this process are shown in Figure 6.

The problem with using API registration is that it requires the account details to be sent from your server. This means sensitive account details will enter your system, therefor increasing your PCI DSS responsibilities. For this reason we recommend you consider using one of our other web based registration solutions. Web registration and QuickConnect registration for details.

Figure 6 API  Registration (for a webpage based solution)

The steps for the above diagram are as follows:

  1. The customer visits your website and enters their account details into your ‘Account Details’ page.

  2. When the 'Save’ button is clicked the customer’s browser posts the account details to your server.


    API registration begins here.

  3. Your server sends an API Request to QuickVault. The request contains the customer’s account details.

  4. QuickVault stores the customer’s account details.

  5. QuickVault returns an API Response to your server. The response indicates whether the account was successfully registered. API registration ends here.

  6. Your server builds the html for the 'Account Registered’ page (or your preferred page) then returns the html to the customer’s browser.

Web registration

Web registration is a webpage based solution that combines your website and QuickVault’s website. The key to web registration is that account details are entered into a Westpac hosted webpage, meaning sensitive account details never enter your system. This makes it an ideal solution if you wish to minimise your PCI DSS responsibilities.

To register an account, the customer will first log onto your website. Then, at the appropriate time, your website will redirect the customer’s browser to a QuickVault webpage. The customer will enter their account details and the account will be stored securely within QuickVault. Once registration is complete, QuickVault will redirect the customer’s browser back to your website.

Figure 7 Web registration

The steps in the above diagram are as follows:

  1. The customer visits your website. One of your webpages will include a button to begin the registration process.
  2. When the customer clicks the button your website will redirect the browser to QuickVault. This transition is known as the 'handoff’.
  3. QuickVault displays the 'Account Details’ page. This page asks the customer to enter their credit card details or bank account details. The look and feel of this page can be customised to match your website.
  4. QuickVault stores the account.
  5. QuickVault displays the 'Account Registered’ page. The page includes a button linking back to your website.=

  6. QuickVault returns the customer back to your website. This is known as the 'passback’.

  7. Your website displays the appropriate page to the customer.

For more information about web registration, read the 'QuickVault (Web Registration) Technical Implementation Guide’.

QuickConnect registration

QuickConnect registration is a webpage based solution, where all the webpages are hosted by your system.

To register an account, the customer logs onto your website and enters their account details into one of your webpages. These account details are then submitted directly to QuickVault, meaning sensitive account details never enter your system.

Figure 8 QuickConnect registration

The steps for the above diagram are as follows:

  1. The customer visits your website. One of your webpages will include a button to begin the registration process.
  2. When the customer clicks the button your website will prepare the 'Account Details’ page. To do this you must first retrieve a security token from QuickVault. You will then include this security token in a hidden field within the page.
  3. The customer enters their account details into the 'Account Details’ page.
  4. When the 'Save’ button is clicked the customer’s browser will post the account details directly to QuickVault. The account details will not enter your website.
  5. QuickVault saves the account details.
  6. QuickVault redirects the customer’s browser back to your website.
  7. Your website displays the 'Account Registered’ page (or your preferred page) to the customer.

For more information about QuickConnect registration, read the 'QuickVault (QuickConnect Registration) Technical Implementation Guide’.

Portal registration

Portal registration is a webpage based solution, where all the webpages are hosted by Westpac. The key to Portal registration is that it is only accessible to your staff. This means your customers cannot register their own account details. Instead, customers will communicate their details to a staff user who will then register the account for them. This type of solution is typically used in a call centre environment.

To register an account, a staff user will log on to QuickVault’s website and enter the customer’s account details. The account will then be stored securely within QuickVault. If necessary QuickVault can also provide a registration summary to your system.

Figure 9 Portal registration

The steps for the above diagram are as follows:

  1. The staff user logs on to QuickVault’s website and enters the customer’s account details into the 'Account Details’ page.
  2. When the 'Next’ button is clicked the 'Confirm Account Details’ page will appear. This page shows the account details that are about to be registered. If any data is incorrect, the user can click the 'Back’ button to readjust the details.
  3. When the 'Confirm’ button is clicked QuickVault will save the account details.
  4. QuickVault will display the 'Account Registered’ page.

For more information about Portal registration, read the 'QuickVault (Portal Registration) Technical Implementation Guide’.

Summary

The following table provides a high level comparison of the different QuickVault registration solutions.

Batch Registration API Registration Web Registration QuickConnect Registration Portal Registration
Solution description See Batch Registration See API Registration See Web Registration See QuickConnect Registration See Portal Registration
Can the solution migrate existing accounts? Yes No No No No
Can the solution register new accounts? No Yes Yes Yes Yes
Can the customer register their own account? No Yes Yes Yes No
Can the solution register credit card accounts? Yes Yes Yes Yes Yes
Can the solution register bank accounts? Yes No Yes Yes Yes

Daily registered accounts report

At the end of each day QuickVault can provide you with a Registered Accounts Report. The report lists all the accounts that have been registered throughout the day. It can be provided for any of the registration solutions, however it is mainly used for Web registration, QuickConnect registration and Portal registration.

QuickVault will generate the report at 12am each night. You can then upload the report into your system and reconcile the data against notifications you received earlier in the day.

QuickVault offers two file formats. You can choose either:

  1. The standard CSV format
  2. A custom file format

For more information about the formats, read the technical implementation guide for your chosen solution.

Once QuickVault has generated the report you can retrieve it using either iLink or WIBS. See (Sending and retrieving files)[#sending-and-retrieving-files] for details.

Identifying expiring credit cards

This section describes the different ways you can identify expiring credit cards. This is an optional task but one you may find useful because it allows you to warn customers and advise them to update their credit card registration details.

There are two ways you can identify expiring credit cards. You may choose either:

  • QuickVault’s Expiring Cards Report
  • Create your own report

QuickVault’s Expiring Cards Report

QuickVault’s Expiring Cards Report provides you with a list of credit cards that are due to expire. QuickVault will generate the report at the start of each month. You can then upload the report into your system and notify your customers about their expiring credit cards.

Qvalent offers two file formats. You can choose to receive one of the following:

Once QuickVault has generated the report you can retrieve it using either iLink or WIBS. See File transmission for details.

Create your own report

If you prefer, your system can create its own report to identify expiring credit cards. The expiry date is already provided to your system after an account is registered. It is included in both the response back from QuickVault and the daily Registered Accounts Report. Your system can save this data and then query it later to find the list of cards that are due to expire.

Sending and retrieving files

This section is relevant if you choose a registration solution that requires files to be sent or received. There are two options for sending and retrieving files. You can choose either:

  1. Manually send and retrieve files using iLink
  2. Automatically send and retrieve files using WIBS

iLink is a web based service that allows you to securely send and retrieve files. It has a simple user interface that is similar to web based mail systems.

The benefit of using iLink is that it is quick and easy to setup connectivity. The disadvantage is that it relies on a person to send or retrieve the file. Problems may occur if the person is sick or on leave.

For more information about iLink, read the iLink User Guide.

The high level steps for manually sending a file are as follows:

  1. Your system will generate the file
  2. An employee from your organisation will log on to iLink and upload the file
  3. iLink will send the file to QuickVault
  4. QuickVault will process the file

The high level steps for manually retrieving a file are as follows:

  1. QuickVault will generate the file
  2. QuickVault will send the file to iLink
  3. iLink will store the file
  4. An employee from your organisation will log on to iLink and download the file
  5. The employee will upload the file into your system

Automatically send and retrieve files using WIBS

Westpac Integrated Banking Services (WIBS) allows your system to automatically send and retrieve files. These files can be delivered via a number of different technologies including HTTPS, XCom and SFTP.

The benefit of using WIBS is that it provides a fast and reliable way to send and retrieve files. It does not rely on people to upload or retrieve files. The downside however is it is a more technically complex solution to implement and therefore will require more effort on your part to set up.

For information about the different WIBS connectivity methods please contact your Westpac implementation manager.

Sending files using WIBS

The high level steps for automatically sending a file are as follows:

  1. Your system will generate the file
  2. Your system will automatically send the file to QuickVault using your preferred technology
  3. QuickVault will process the file

Retrieving files using WIBS

The high level steps for automatically retrieving a file are as follows:

  1. QuickVault will generate the file
  2. Your system will automatically retrieve the file from QuickVault using your preferred technology
  3. Your system will process the file

Requirements checklist

Download the Checklist.

The purpose of this section is to help identify your requirements. Use the checklist as follows:

  1. Download the requirements checklist and rename it with your company name.
  2. Complete as much of the checklist as you can before your first meeting with Westpac.
  3. Use the checklist to understand the steps required to implement this product.