?Peace of mind for you and your customers.

The secure processing of EMV payments is part of our daily life. All companies that accept, process, store or transmit credit or debit card information must comply with the Payment Card Industry Data Security Standard (PCI DSS) and maintain a secure environment. Protecting sensitive card data is of paramount importance to avert fraudulent activity, generate consumer trust and safeguard brand reputation.

Our infrastructure is hosted in a PCI level 1 environment. This means we conform to yearly on-site reviews by an    auditor and a network scan by an approved scanning vendor.

In addition our 3C Integra Payment Application is PCI PA DSS certified and we are listed on both Visa’s  and Mastercard’s  Service Providers List.


Visa List 2019



Our solution is PCI Point-to-Point-Encryption (P2PE) validated, and provides the most secure and effective solution to protect cardholder data in conjunction with EMV and Tokenization. It is currently the highest security standard and most complete certification we have in the payment industry.

3C Payment’s PCI P2PE listing can be found HERE



Encryption technology - P2PE protects sensitive payment card data from the point that it is read at the terminal through transit to the payment processor. It ensures that valuable cardholder data is field-level encrypted inside the SRED card reader making it useless and void of any value if an attack is attempted.

Simplify PCI compliance – With a P2PE solution cardholder data never enters a merchant’s network. This removes the merchants PCI scope, thus reducing the complex process and costs involved.

Managed Service – 3C Payment provides a managed service for our clients as we oversee the process of building the terminal, tracking the terminal status, and monitoring security.



3C Payment provides clients with a proactive managed service that compliments the full P2PE payment solution. This service includes the P2PE Implementation Manual (PIM) which provides detailed guidelines on how to ensure merchants are meeting P2PE requirements in addition to supporting collateral and expert in-house advice.




A fully secure and complete P2PE solution can only be delivered as long as all parties are fulfilling their roles and completing their P2PE requirements.

Some of key responsibilities expected from merchants during the lifetime of a P2PE terminal are as follows:

  • Validate PCI DSS compliance requirements with the acquiring bank.
  • Register or record Point of Interaction (POI) terminal device details in an inventory table. Track the device status, location and inform the payment when devices are received at merchant sites.
  • Store unused POI terminal devices in a safe or secure, locked place out of reach of tampering.
  • Report any missing or stolen POI devices to the payment provider.
  • Contact supplier Customer Support teams, to troubleshoot any device malfunctions or to swap, repair or cancel a POI device service.
  • Merchants should never need to tamper directly with any POI terminal devices. For example, connecting non-approved cardholder devices, installing applications on the device, physically try to open it, or change device configurations or settings



With our 3C Vault tokenization  service, payment card data is securely held in our central repository and replaced with tokenized PAN data for storage in your ERP for future reference, refunds, late charges or charge back resolution. Transactions can be securely started in one channel and recalled in another including pre-authorisations and reversals. The 3C Vault also supports card on file accounts for ‘one click’ payments that boost conversion rates and facilitate recurring payments for subscriptions.


Furthermore, 3C Payment supports Bulk Token Proxy Service (TPS), an Oracle OPERA enhancement , which enables multiple or batch tokenization quickly & securely.

Bulk TPS offers Hoteliers centralized tokenization via one URL concurrently, across multiple hotels in the same hotel group.

With TPS there is an additional security enhancement which uses client authentication, whereby a unique shared key is utilized which adds an additional layer of protection between endpoints.