PCI Compliance: How Security Standards Impact Software Vendors

PCI Compliance Software Vendors-Banner

PCI Compliance: How Security Standards Impact Software Vendors

PCI DSS stands for Payment Card Industry Data Standards. The PCI Compliance standards were incepted by the credit card associations—Visa, Mastercard, and American Express—to help merchants establish credit card processing environments where data is processed, transmitted, and stored securely.

PA-DSS stands for Payment Application Data Security Standards. These standards apply to software vendors and other entities that develop secure payment applications and confirm that these applications don’t store prohibited data.

For software vendors, the first step in the PCI journey will be determining what level of compliance your solution needs to meet. If your company sells a software solution that processes credit or debit cards, you’ll be subject to the PA-DSS requirements. Becoming PA-DSS certified requires a lot of extra legwork. First, your organization must complete this 55-page questionnaire. Next, you’ll face a required application audit from a PA-DSS Qualified Security Assessor (QSA).


Is payment processing functionality worth the extra effort?

Incorporating payment processing within your software provides value for customers and new revenue streams for your organization. However, expanding into the payments sector greatly increases risk of both the financial and reputational varieties. For software vendors concerned about the burden of processing, transmitting, and storing sensitive payment information, there is another option: integrated payments. 


How integrated payments reduce PCI scope for ISVs and SaaS providers

Integrated payments allow customers of your software company to accept payments within a payment gateway. This gateway is accessible within your software, but card data is processed, transmitted, and stored by your payment processing provider. That means your payment processing provider is able to:

1. Handle some or all of your payment processing requirements

2. Eliminate security concerns that stem from payment processing

In this way, integrated payments deliver software vendors the customization, branding capabilities, and functionality of developing their own payment gateway, without any of the risk. To confirm that sensitive payment information will be safe with your payment processing provider, make sure they are PA-DSS certified. That certification verifies that you’re with a reputable processor that utilizes the following technology to keep cardholder information secure:

Point-to-point encryption (P2Pe)

P2Pe protects card data as it is transmitted. This technology is a combination of secure devices, applications, and processes that encrypt data from the point of entry (swipe, dip, manual entry, etc.) until it reaches the payment processing provider’s secure customer vault.


Tokenization protects card data at rest. If a user keeps card data for subscription billing, a software vendor’s payment processing provider should keep that data stored in a secure vault. The data outside the vault will then be tokenized or replaced with a “token”—a random set of numbers, letters, and symbols. During a transaction, the vault matches the token to the correct customer’s actual information, then presents the token instead. This data has no exploitable value. If a malicious party were to intercept it, it would be useless. Tokenized data has the added benefit of allowing recurring billing without giving end-users access to full payment information.


Final Thoughts

Partnering with the right payment processing provider will ensure your software environment is secure. That means you can have confidence that sensitive payment information is safe, which—in turn—safeguards your hard-earned reputation.

Here at BASYS, we take the security of our partners and their merchants seriously. Our payment gateway is PA-DSS certified, and we provide numerous other security features, including P2Pe, tokenization, breach protection, and more. If you’re looking to make payment acceptance convenient, safe, and affordable for your customers, contact us today!

BASYS Processing as a business partner

If your processor doesn’t offer seamless integration and an industry-leading revenue share, please call BASYS Processing at (800) 386-0711. Let’s talk about creating a true business partnership that will help you exceed your goals.

BASYS Processing features:

–  User-friendly API allowing for seamless integration into your software
–  Competitive revenue share with easy-to-read revenue share reports tracking partnership growth
–  Personalized customer solutions, including automated recurring billing, secure customer vaults, and more!
–  A simple application process with the full support of our in-house Boarding team
–  90% + Customer Retention Rate
–  Live operator when your merchant customers need support – no automated voice systems
–  Dedicated Relationship Manager for questions and concerns
–  Proactive contact with every merchant to walk through the annual PCI process
–  Track record of successful software partnerships
–  Thorough market analysis followed by mutual plans and goals to grow your portfolio
– High-quality service mentality, similar to your own
–  Vested interest in protecting your software’s hard-earned reputation
–  Open line of communication between BASYS, you, and your customers
–  Quick response time for your questions and concerns; you are a priority


About BASYS Processing

BASYS Processing provides credit card and debit card processing services, and solutions that include terminals, virtual terminals, e-commerce, mobile, and point-of-sale, customized to fit any need.  Banksassociations, and software partners depend on us to strengthen their reputations and relationships with their customers by providing remarkable service paired with ultimate flexibility and pricing. Merchants depend on us to make accepting credit cards and debit cards convenient, safe & affordable. BASYS was founded in 2002 on one philosophy: to take care of our merchants, partners, and employees so they never want to leave. We are dedicated to working one-on-one with our customers to design the perfect solution. BASYS is Personalized Payment Processing.

Learn more at basyspro.com, and connect with us online at: