PCI

What is PCI? Payment Card Industry (PCI) Data Security Standard (DSS)

Is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. PCI DSS requirements are set forth and managed by the PCI Standards Security Council, an independent body created by the major payment card brands (Visa, MasterCard, American Express, Discover, and JCB). The PCI DSS requirements are available at: https://www.pcisecuritystandards.org.

Property Management11

Do you need to be PCI compliant?

PCI applies to ALL organizations (merchants, service providers, and payment gateways) regardless of size or number of transactions processed that accept, transmit, or store any cardholder data. Depending on number of transactions processed annually and how the transactions are accepted, merchant may be required to commit to greater levels of compliance assessment and scrutiny.

Example: Under the Visa Cardholder Information Security Program, merchants processing, storing, or transmitting under 20,000 Visa e-commerce transactions annually would be recommended to complete an annual Self-Assessment Questionnaire and perform quarterly network scans.  Merchants who process over 20,000 to 1 million Visa e-commerce transactions annually are required to complete an annual SAQ, perform quarterly network scans, and complete an Attestation of Compliance Form which is submitted to their acquirers.

How can using PayZang make you PCI compliant?

PayZang is a suite of payment acceptance and initiation services tailored for merchants and business who accept ACH/eCheck and Credit Card. PayZang is composed of three products: eCheck, Card, and RDC. PayZang Card provides merchants with the ability to accept and process credit and debit card payments where the card information is mailed-in, via the telephone, obtained face-to-face, and from the Internet. Card present and card not present transactions are both supported.

Applications that integrate with PayZang Card can initiate both one-time payments and set up recurring card payments. Applications can also obtain reporting information concerning the status of a payment or payments.

PayZang is PCI compliant. By using PayZang or integrating with PayZang, the merchant can take advantage of PayZang to be PCI compliant. The following table shows how the merchant can integrate with PayZang and how each integration options enables the merchant to be compliant with PCI DSS.

Property Management2

NOTE: Merchants who handle mailed-in, face-to-face, or telephone-based card payments must not store the cardholder data. If the merchant does store the cardholder data outside the PayZang system, the merchant will be required to assess its compliance obligations under the PCI Data Security Standard. This applies particularly to merchants that use HTTPS Post, Virtual Terminal and Web Services

Hosted Donation Page hero

INTEGRATION OPTIONDESCRIPTIONPROCESS COMPLIANCESTORAGE COMPLIANCETRANSMITTAL COMPLIANCE
Online Payment PageAccept payments online by redirecting the payer to PayZang online payment page Cardholder data is processed by PayZang,. Once payment has been processed, the customer is redirected back to the merchant’s website Cardholder data is is never stored on the merchant’s website. PayZang maintains the payer’s payment information.All cardholder data is collected and handled between payer and PayZang.
Virtual TerminalProcess card present face-to-face or card not present mailed-in and telephone payments through a PayZang web application.Cardholder data is processed by PayZang systems.Cardholder data should not be stored at the merchant’s location. PayZang maintains the payer’s payment information.All cardholder data is collected and handled between payer and PayZang.
HTTPS POSTProcess payments by having the payer directly send the payment information to PayZang via HTTPS POST.Cardholder data is processed by PayZang,. Once payment has been processed, the customer is redirected back to the merchant’s website.Cardholder data should not be stored at the merchant’s location. PayZang maintains the payer’s payment information.All cardholder data is collected and handled between payer and PayZang.
Web ServicesProcess payments by having the payer directly send the payment information to PayZang via WebServices.Cardholder data is processed by PayZang,. Once payment has been processed, the customer is redirected back to the merchant’s website.Cardholder data should not be stored at the merchant’s location. PayZang maintains the payer’s payment information.All cardholder data is collected and handled between payer and PayZang.
User Interface
(UI) Reports
Access Web reports that summarize the payments processed via PayZang.Elided cardholder data is provided to the merchant with a merchant-provided reference number to link the payment to the merchant’s A/R system.The merchant may obtain the payment information with the elided cardholder data. PayZang, stores and maintains the cardholder information for subsequent use.No cardholder data is provided the merchant.
Batch ReportsReceive batch reports that summarize payments processed via PayZang for updatingElided cardholder data is provided to the merchant with a merchant-provided reference number to link the payment to the merchant’s A/R system.The merchant may obtain the payment information with the elided cardholder data. PayZang, stores and maintains the cardholder information for subsequent use.No cardholder data is provided the merchant.

PayZang 1-800-838-8651

Payzang