With ePay, powered by Nodus Technologies’ PayFabric®, merchants can remove the credit card entry point, transmission and storage of sensitive payment information from their environments. PayFabric is a PCI-DSS certified solution.
ePay gives your customers the ability to check invoices and payment history at their leisure, reducing your call center demands. Costly check processing administrative expenses are no longer required.
This is a joint development project with Nodus Technologies, Inc. Nodus Technologies, Inc. is a leading provider of electronic payment, e-commerce and business process automation software.
PCI Compliance FAQ
Below are some frequently asked questions on PCI Compliance. To read more, navigate to the Payfabric support page and click on the “PCI & Security” menu item at the bottom of the page.
The Payment Card Industry (PCI) Data Security Standards (DSS) are international technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect credit card data.
What is PA-DSS?
Acronym for Payment Application Data Security Standard, which define security requirements and assessment procedures for software vendors of payment applications. Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment.
The PCI standards apply to all entities that store, process or transmit credit cards, including merchants, software developers and manufacturers of applications and devices used in those transactions.
In general, PCI Security Standards include:
- PCI Data Security Standard (PCI DSS)
- PIN Transaction Security Requirements (PTS)
- Payment Application Data Security Standards (PA‐DSS)
- PCI Point‐to‐Point Encryption Standard (P2PE)
In the context of PA-DSS (Payment Application – Data Security Standards), a software application that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.
PayFabric can assist entities with simplifying their scope of PCI compliance by eliminating the processing and storage of sensitive payment data in local environments, however, its use by itself does not constitute PCI compliance. There are other requirements that must be continuously fulfilled within PCI DSS such as annual certification, periodic vulnerability scans, self-assessment questionnaires (SAQ), operational policies and procedures, etc.
The PCI DSS can be reviewed on the PCI Security Standards Council (PCI SSC) website: https://www.pcisecuritystandards.org/security_standards/index.php
While the PCI SSC sets the PCI Security Standards, each payment card brand has its own program for compliance, validation levels and enforcement. More information about compliance can be found online at these links:
- Visa: www.visa.com/cisp
- American Express: www.americanexpress.com/datasecurity
- Discover: www.discovernetwork.com/fraudsecurity/disc.html
- JCB International: http://partner.jcbcard.com/security/jcbprogram/
- MasterCard: www.mastercard.com/sdp
Compliance with PCI DSS is a continual ongoing process, not a onetime thing. The PCI Security Standards Council does not manage compliance programs or impose any consequences for non-compliance. Individual payment brands, however, have their own compliance initiatives, including financial or operational consequences to certain business that are not compliant. Merchants who do not comply could face restrictions by the card brands and may be subjected to fines. The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower the brand and financial risks associated with account payment data compromises.
Ready to Automate Your Financial Operations?
Take a peek into the future of banking and treasury. Request a demo of our automation suite and take the first step toward your financial evolution.
