|
|
| Call 1-800-838-8651 |
|
|
ePayment Solutions Payment Processing
Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. PCI DSS requirements are set forth and managed by the PCI Standards Security Council, an independent body created by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB). The PCI DSS requirements are available at: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
Do you need to be PCI compliant?
PCI applies to ALL organizations (merchants, service providers, and payment gateways) regardless of size or number of transactions processed that accept, transmit, or store any cardholder data. Depending on number of transactions processed annually and how the transactions are accepted, merchant may be required to commit to greater levels of compliance assessment and scrutiny.
Example: Under the Visa Cardholder Information Security Program, merchants processing, storing, or transmitting under 20,000 Visa e-commerce transactions annually would be recommended to complete an annual Self-Assessment Questionnaire and perform quarterly network scans. Merchants who process over 20,000 to 1 million Visa e-commerce transactions annually are required to complete an annual SAQ, perform quarterly network scans, and complete an Attestation of Compliance Form which is submitted to their acquirers.
How can using ePayment Solutions make you PCI compliant?
ePayment is a suite of payment acceptance and initiation services tailored for merchants and business who accept eCheck, Card, and/or Remote Deposit Capture (RDC). ePayment is composed of four products: eCheck, Card, Virtual Check and RDC. ePayment Card provides merchants with the ability to accept and process credit and debit card payments where the card information is mailed-in, via the telephone, obtained face-to-face, and from the Internet. Card present and card not present transactions are both supported.
Applications that integrate with ePayment Card can initiate both one-time payments and set up recurring card payments. Applications can also obtain reporting information concerning the status of a payment or payments.
ePayment is PCI compliant. By using ePayment or integrating with ePayment, the merchant can take advantage of ePayment to be PCI compliant. The following table shows how the merchant can integrate with ePayment and how each integration options enables the merchant to be compliant with PCI DSS.
NOTE: Merchants who handle mailed-in, face-to-face, or telephone-based card payments must not store the cardholder data. If the merchant does store the cardholder data outside the ePayment system, the merchant will be required to assess its compliance obligations under the PCI Data Security Standard. This applies particularly to merchants that use HTTPS Post, Virtual Terminal and Web Services.
| Integration Option | Description | Process Compliance | Storage Compliance | Transmittal Compliance |
| Online Payment Page, Payment Gateway, PCI Terminal | Accept payments online by redirecting the payer to ePayment online payment page | Cardholder data is processed by ePayment. Once payment has been processed, the customer is redirected back to the merchant’s website. | Cardholder data is never stored on the merchant’s website. ePayment maintains the payer’s payment information. | All cardholder data is collected and handled between payer and ePayment. |
| Virtual Terminal | Process card present face-to-face or card not present mailed-in and telephone payments through a ePayment web application. | Cardholder data is processed by ePayment systems. | Cardholder data should not be stored at the merchant’s location. ePayment maintains the payer’s payment information. | All cardholder data is collected and handled between payer and ePayment. |
| HTTPS POST | Process payments by having the payer directly send the payment information to ePayment via HTTPS POST. | Cardholder data is processed by ePayment. Once payment has been processed, the customer is redirected back to the merchant’s website. | Cardholder data should not be stored at the merchant’s location. ePayment maintains the payer’s payment information. | All cardholder data is collected and handled between payer and ePayment. |
| Web
Services |
Process payments by having the payer directly send the payment information to ePayment via WebServices. | Cardholder data is processed by ePayment. Once payment has been processed, the customer is redirected back to the merchant’s website. | Cardholder data should not be stored at the merchant’s location. ePayment maintains the payer’s payment information. | All cardholder data is collected and handled between payer and ePayment. |
| User Interface
(UI) Reports |
Access Web reports that summarize the payments processed via ePayment. | Elided cardholder data is provided to the merchant with a merchant-provided reference number to link the payment to the merchant’s A/R system. | The merchant may obtain the payment information with the elided cardholder data. ePayment stores and maintains the cardholder information for subsequent use. | No cardholder data is provided the merchant. |
| Batch Reports | Receive batch reports that summarize payments processed via ePayment for updating | Elided cardholder data is provided to the merchant with a merchant-provided reference number to link the payment to the merchant’s A/R system. | The merchant may obtain the payment information with the elided cardholder data. ePayment stores and maintains the cardholder information for subsequent use. | No cardholder data is provided the merchant. |