Space Control Systems, Inc.
All software providers whose applications store, process, or transmit payment cardholder data must meet either the
Payment Card Industry Data Security Standard (PCI DSS) or
Payment Application Data Security Standard (PA-DSS) in order for their merchants to
comply with the mandated PCI DSS requirements.
If cardholder data is directly entered into your software application, it is considered to be a payment application and falls in
scope for PCI Compliance. In practice, this could be as simple as a text box input: the application is still in scope.
Acquiring financial institutions cannot approve merchants for processing that are using non-compliant
software, since the requirement was put in place in 2008. As a result, software providers who are not PCI
compliant risk losing customers and damaging their brand. All software providers (that are in scope) must
prove compliance by having their applications validated through an annual security audit. A Qualified Security Assessor
(QSA) must perform this audit.
Since PCI DSS/PA-DSS certification can
be both time consuming and expensive, Element offers an alternative to PCI Compliance called Hosted Payments. Hosted
Payments allows software providers to remain out of scope
and avoid the significant cost and effort of achieving validation. With Hosted Payments, your application is responsible
for collecting all of the non-sensitive data needed to perform a payment transaction. Element then handles all of the
sensitive cardholder data—leaving your application free of information susceptible to data thieves. In this way, the
responsibility of handling sensitive data is shifted to Element.
Avoiding the hassle and cost of achieving PCI compliance is just one benefit. Protection from cardholder data compromises is
another. Since Hosted Payments allows your application to be fully integrated
to the Express Processing Platform, your customers enjoy the same benefits without the risk associated with storing, transmitting or
processing cardholder data.
Options for All Application Types
Element offers Hosted Payment interfaces for both distributed and web-based software applications. Each interface integrates
seamlessly with all types of business management software applications.
To learn more about PCI DSS/PA-DSS compliance, view our PCI Compliance Guide for Software Providers.
You can also view the Hosted Payments White Paper for more information about this innovative solution.