In traditional full integration, the ISV is required to work with a PIN and middleware provider. Even if encrypted data passes through the POS, it remains in scope for PCI.
With FlexPoint, no card data ever enters the POS. FlexPoint manages the entire transaction via a separate, secure EMV compliant solution. Point-to-point encryption (P2PE) ensures card data in the back office is encrypted, rendering it useless to hackers. Data is protected in use, during transfer and at rest.
An independent white paper from a leading PCI Payment Application Qualified Security Assessor (PA-QSA) explains how POS developers and integrators can benefit from FlexPoint’s increased security.
PCI compliance can cost between tens of thousands to millions of dollars. FlexPoint provides bullet-proof security and removes many expensive hurdles in certifying for PCI DSS.
Becoming PCI compliant can often take up to two years, and renewing your certification may last a full six months. FlexPoint significantly relieves your regulatory and security burdens.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card brands including Visa, MasterCard, American Express, Discover, and JCB. PCI requires service providers, banks and high-volume merchants to follow strict security guidelines, including:
Building and maintaining a secure network
Protecting cardholder data
Maintaining a vulnerability management program
Implementing strong access control measures
Regularly monitoring and testing networks
Maintaining an information security policy
Any merchant -- regardless of acceptance channel -- processing over 6M Visa transactions per year. Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system.
Any merchant -- regardless of acceptance channel -- processing 1M to 6M Visa transactions per year.
Any merchant processing 20,000 to 1M Visa e-commerce transactions per year.
Any merchant processing fewer than 20,000 Visa e-commerce transactions per year, and all other merchants -- regardless of acceptance channel -- processing up to 1M Visa transactions per year.
PCI DSS requirements apply to all organizations, merchants and service providers who accept, transmit or store any cardholder data.
Cardholder data is any and all information which can personally identify or be associated with the cardholder. Information such as name, address, account number etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.
Within the scope of PCI DSS are all cards branded with one of the five card association/brand logos that participate in the PCI SSC - American Express, Discover, JCB, MasterCard, and Visa International. That includes debit cards and prepaid cards in addition to credit cards.
Any company that stores, processes, or transmits cardholder data on behalf of another entity is defined to be a Service Provider by the Payment Card Industry (PCI) guidelines.
Under PCI, a payment application is anything that stores, processes, or transmits card data electronically. This means that anything from a Point of Sale System to an e-commerce shopping cart. Therefore any piece of software that has been designed to touch credit card data is considered a payment application.
Noncompliance can be very costly and although the payment brands fine the acquiring bank and not the merchant directly, penalties make their way downstream and could result in increased transaction fees or even termination of the banking relationship. An acquiring bank faces anywhere from $5,000 to $100,000 per month for PCI compliance violations.
You can find them on the PCI SSC's website using the link below:
FlexPoint was built with security in mind, providing cardholders, merchants and software developers the highest levels of safety throughout the payment transaction and beyond.
In compliance with PCI Data Security Standards, we have met and surpassed all requirements set forth as a Level 1 Service Provider. Our goal is to maximize our clients' revenues and performance by empowering them with safer and smarter transactions.