Security

Peace of mind for you and your customers.

The secure processing of EMV payments is part of our daily life. All companies that accept, process, store or transmit credit or debit card information must comply with the Payment Card Industry Data Security Standard (PCI DSS) and maintain a secure environment. Protecting sensitive card data is of paramount importance to avert fraudulent activity, generate consumer trust and safeguard brand reputation.

Our infrastructure is hosted in a PCI level 1 environment. This means we conform to yearly on-site reviews by an    auditor and a network scan by an approved scanning vendor.

In addition our 3C Integra Payment Application is PCI PA DSS certified and we are listed on both Visa’s  and Mastercard’s  Service Providers List.

 

v

 

P2PE VALIDATION

Our solution is PCI Point-to-Point-Encryption (P2PE) validated, and provides the most secure and effective solution to protect cardholder data in conjunction with EMV and Tokenization. It is currently the highest security standard and most complete certification we have in the payment industry.

3C Payment’s PCI P2PE listing can be found HERE

 

P2PE BENEFITS

Encryption technology - P2PE protects sensitive payment card data from the point that it is read at the terminal through transit to the payment processor. It ensures that valuable cardholder data is field-level encrypted inside the SRED card reader making it useless and void of any value if an attack is attempted.

Simplify PCI compliance – With a P2PE solution cardholder data never enters a merchant’s network. This removes the merchants PCI scope, thus reducing the complex process and costs involved.

Managed Service – 3C Payment provides a managed service for our clients as we oversee the process of building the terminal, tracking the terminal status, and monitoring security.

 

P2PE PROCESS

3C Payment provides clients with a proactive managed service that compliments the full P2PE payment solution. This service includes the P2PE Implementation Manual (PIM) which provides detailed guidelines on how to ensure merchants are meeting P2PE requirements in addition to supporting collateral and expert in-house advice.

security

 

P2PE MERCHANT RESPONSIBILITIES

A fully secure and complete P2PE solution can only be delivered as long as all parties are fulfilling their roles and completing their P2PE requirements.

Some of key responsibilities expected from merchants during the lifetime of a P2PE terminal are as follows:

  • Validate PCI DSS compliance requirements with the acquiring bank.
  • Register or record Point of Interaction (POI) terminal device details in an inventory table. Track the device status, location and inform the payment when devices are received at merchant sites.
  • Store unused POI terminal devices in a safe or secure, locked place out of reach of tampering.
  • Report any missing or stolen POI devices to the payment provider.
  • Contact supplier Customer Support teams, to troubleshoot any device malfunctions or to swap, repair or cancel a POI device service.
  • Merchants should never need to tamper directly with any POI terminal devices. For example, connecting non-approved cardholder devices, installing applications on the device, physically try to open it, or change device configurations or settings

 

3C VAULT

With our 3C Vault tokenization  service, payment card data is securely held in our central repository and replaced with tokenized PAN data for storage in your ERP for future reference, refunds, late charges or charge back resolution. Transactions can be securely started in one channel and recalled in another including pre-authorisations and reversals. The 3C Vault also supports card on file accounts for ‘one click’ payments that boost conversion rates and facilitate recurring payments for subscriptions.