With Element's Hosted Payments, we have reduced our costs and removed risk from our business by no longer having to handle, process or transmit cardholder data through our software application. We are now able to offer our customers more secure, PCI DSS-compliant payment processing that differentiates us from our competitors."

Ramona Taylor,
President,
Space Control Systems, Inc.

All software providers whose applications store, process, or transmit payment cardholder data must meet either the Payment Card Industry Data Security Standard (PCI DSS) or Payment Application Data Security Standard (PA-DSS) in order for their merchants to comply with the mandated PCI DSS requirements.

How do you know if your application is in scope for PCI DSS or PA-DSS?

If cardholder data is directly entered into your software application, it is considered to be a payment application and falls in scope for PCI Compliance. In practice, this could be as simple as a text box input: the application is still in scope.

Acquiring financial institutions cannot approve merchants for processing that are using non-compliant software, since the requirement was put in place in 2008. As a result, software providers who are not PCI compliant risk losing customers and damaging their brand. All software providers (that are in scope) must prove compliance by having their applications validated through an annual security audit. A Qualified Security Assessor (QSA) must perform this audit.

Since PCI DSS/PA-DSS certification can be both time consuming and expensive, Element offers an alternative to PCI Compliance called Hosted Payments. Hosted Payments allows software providers to remain out of scope and avoid the significant cost and effort of achieving validation. With Hosted Payments, your application is responsible for collecting all of the non-sensitive data needed to perform a payment transaction. Element then handles all of the sensitive cardholder data—leaving your application free of information susceptible to data thieves. In this way, the responsibility of handling sensitive data is shifted to Element.

Avoiding the hassle and cost of achieving PCI compliance is just one benefit. Protection from cardholder data compromises is another. Since Hosted Payments allows your application to be fully integrated to the Express Processing Platform, your customers enjoy the same benefits without the risk associated with storing, transmitting or processing cardholder data.

Options for All Application Types

Element offers Hosted Payment interfaces for both distributed and web-based software applications. Each interface integrates seamlessly with all types of business management software applications.

To learn more about PCI DSS/PA-DSS compliance, view our PCI Compliance Guide for Software Providers. You can also view the Hosted Payments White Paper for more information about this innovative solution.