PCI Compliance

Greatly reduce your scope for PCI and EMV

In traditional full integration, the ISV is required to work with a PIN and middleware provider. Even if encrypted data passes through the POS, it remains in scope for PCI. 

With FlexPoint, no card data ever enters the POS. FlexPoint manages the entire transaction via a separate, secure EMV compliant solution. Point-to-point encryption (P2PE) ensures card data in the back office is encrypted, rendering it useless to hackers. Data is protected in use, during transfer and at rest.

An independent white paper from a leading PCI Payment Application Qualified Security Assessor (PA-QSA) explains how POS developers and integrators can benefit from FlexPoint’s increased security.

Download white paper

SIMPLIFY YOUR PCI DSS REQUIREMENTS

We’ve made it extremely simple for our partners and merchants to reduce the resources necessary to manage their payment security infrastructure

REDUCE COSTS

PCI compliance can cost between tens of thousands to millions of dollars. FlexPoint provides bullet-proof security and removes many expensive hurdles in certifying for PCI DSS.

SAVE TIME

Becoming PCI compliant can often take up to two years, and renewing your certification may last a full six months. FlexPoint significantly relieves your regulatory and security burdens.

WHAT YOU NEED TO KNOW ABOUT PCI

defining pci dss

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card brands including Visa, MasterCard, American Express, Discover, and JCB. PCI requires service providers, banks and high-volume merchants to follow strict security guidelines, including:

  • Building and maintaining a secure network

  • Protecting cardholder data

  • Maintaining a vulnerability management program

  • Implementing strong access control measures

  • Regularly monitoring and testing networks

  • Maintaining an information security policy

level 1

Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.

level 2

Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.

level 3

Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.

level 4

Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.

Click on the questions below to expand:
  • WHO DOES PCI COMPLIANCE APPLY TO?

    PCI DSS requirements apply to all organizations, merchants and service providers who accept, transmit or store any cardholder data.

  • WHAT EXACTLY IS CARDHOLDER DATA?

    Cardholder data is any and all information which can personally identify or be associated with the cardholder. Information such as name, address, account number etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.

  • WHAT ABOUT DEBIT CARD TRANSACTIONS?

    Within the scope of PCI DSS are all cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International. That includes debit cards and prepaid cards in addition to credit cards.

  • WHAT CONSTITUTES A SERVICE PROVIDER?

    Any company that stores, processes, or transmits cardholder data on behalf of another entity is defined to be a Service Provider by the Payment Card Industry (PCI) guidelines.

  • WHAT CONSTITUTES A PAYMENT APPLICATION?

    Under PCI, a payment application is anything that stores, processes, or transmits card data electronically. This means that anything from a Point of Sale System to an e-commerce shopping cart. Therefore any piece of software that has been designed to touch credit card data is considered a payment application.

  • WHAT ARE THE PENALTIES FOR NONCOMPLIANCE?

    Noncompliance can be very costly and although the payment brands fine the acquiring bank and not the merchant directly, penalties make their way downstream and could result in increased transaction fees or even termination of the banking relationship. An acquiring bank faces anywhere from $5,000 to $100,000 per month for PCI compliance violations.

  • WHERE CAN I FIND THE PCI DATA SECURITY STANDARDS (PCI DSS)?

    You can find them on the PCI SSC's website using the link below: 
    https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

WE ARE YOUR TRUSTED PCI RESOURCE

FlexPoint was built with security in mind, providing cardholders, merchants and software developers the highest levels of safety throughout the payment transaction and beyond. 

In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider. Our goal is to maximize our clients' revenues and performance by empowering them with safer and smarter transactions.

Contact us
DOWNLOAD
solution sheet
EMV CERTIFIED
EMV
PCI COMPLIANT
PCI
PCI
COMPLIANT
P2P ENCRYPTION
P2PE