With ePay, powered by Nodus Technologies’ PayFabric®, merchants can remove the credit card entry point, transmission and storage of sensitive payment information from their environments. PayFabric is a PCI-DSS certified solution.
ePay gives your customers the ability to check invoices and payment history at their leisure, reducing your call center demands. Costly check processing administrative expenses are no longer required.
This is a joint development project with Nodus Technologies, Inc. Nodus Technologies, Inc. is a leading provider of electronic payment, e-commerce and business process automation software.
NODUS’ PayFabric® provides cloud-based electronic payment processing, designed with an innovative and secure storage algorithm.
Your Choice of Gateways & Processors
You have the freedom to choose your preferred payment gateway without being tied to just one provider. PayFabric is constantly adding support for gateways and processors so you can choose the one that is right for you.
State of the Art Security
Unique Encryption & Tokenization Technology.
PayFabric uses the innovative encryption and tokenization technology, providing worry-free security and Payment Card Industry (PCI) compliance.
Hosted Payment Entry and Wallet Screens
Sensitive payment data and all PayFabric screens are securely stored and hosted in the cloud– not on your servers – simplifying PCI Compliance requirements.
PayFabric ensures that all aspects of the transaction process comply with Payment Card Industry Data Security Standards (PCI-DSS), putting your mind (and also your customers’)
Below are some frequently asked questions on PCI Compliance. To read more, navigate to the Payfabric support page and click on the “PCI & Security” menu item at the bottom of the page.
What is PCI DSS?
The Payment Card Industry (PCI) Data Security Standards (DSS) are international technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect credit card data.
What is PA-DSS?
Acronym for Payment Application Data Security Standard, which define security requirements and assessment procedures for software vendors of payment applications. Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment.
Who does PCI apply to?
The PCI standards apply to all entities that store, process or transmit credit cards, including merchants, software developers and manufacturers of applications and devices used in those transactions.
In general, PCI Security Standards include:
· PCI Data Security Standard (PCI DSS)
· PIN Transaction Security Requirements (PTS)
· Payment Application Data Security Standards (PA‐DSS)
· PCI Point‐to‐Point Encryption Standard (P2PE)
What is a payment application?
In the context of PA-DSS (Payment Application – Data Security Standards), a software application that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.
Does using PayFabric satisfy my obligations for PCI compliance?
PayFabric can assist entities with simplifying their scope of PCI compliance by eliminating the processing and storage of sensitive payment data in local environments, however, its use by itself does not constitute PCI compliance. There are other requirements that must be continuously fulfilled within PCI DSS such as annual certification, periodic vulnerability scans, self-assessment questionnaires (SAQ), operational policies and procedures, etc.
How can I review the PCI Data Security Standards (PCI DSS)?
The PCI DSS can be reviewed on the PCI Security Standards Council (PCI SSC) website: https://www.pcisecuritystandards.org/security_standards/index.php
While the PCI SSC sets the PCI Security Standards, each payment card brand has its own program for compliance, validation levels and enforcement. More information about compliance can be found online at these links:
· Visa: www.visa.com/cisp
· American Express: www.americanexpress.com/datasecurity
· Discover: www.discovernetwork.com/fraudsecurity/disc.html
· JCB International: http://partner.jcbcard.com/security/jcbprogram/
· MasterCard: www.mastercard.com/sdp
What are the consequences for not complying with PCI DSS?
Compliance with PCI DSS is a continual ongoing process, not a onetime thing. The PCI Security Standards Council does not manage compliance programs or impose any consequences for non-compliance. Individual payment brands, however, have their own compliance initiatives, including financial or operational consequences to certain business that are not compliant. Merchants who do not comply could face restrictions by the card brands and may be subjected to fines. The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower the brand and financial risks associated with account payment data compromises.