“Developer Resources” Posts

Why Tokenization Is Better Than Point to Point Encryption

Why Tokenization Is Better Than Point to Point Encryption

Whether you’re a developer seeking an integrated payment solution or a business owner searching for a credit card processing partner, the security of cardholder data should be at the top of your checklist. When processing and storing credit card data via a terminal, the payment processing security standard can vary. Below, we compare the two current standards for securing cardholder data: point to point encryption and cloud-based tokenization. Point to Point Encryption vs. Cloud-Based Tokenization Point to point encryption (P2PE) encrypts data from point A, when a card is swiped or dipped in a terminal, until it reaches point…

5 Essential Features of a Payment API

5 Essential Features of a Payment API

If you’re an independent software vendor (ISV) who is evaluating payment APIs, you have much to consider. There might be a number of Payment Gateways seeking integration with your software; or maybe you want to offer your customers several partners to choose from, but you don’t know where to start. It’s important to integrate with the right payment provider because integrations take time to build. You don’t want to invest months of development work into a provider that will harm your customers with unethical billing practices, poor service or outdated technology. A bad experience for your…

What Defines PCI Scope?

What Defines PCI Scope?

Whether you’re a player in the payments space or a business processing credit cards, you’ve heard of Payment Card Industry (PCI) compliance. With the intention to optimize security around credit and debit card transactions and protect cardholder information, all parties involved in facilitating a transaction fall within PCI scope. This includes any system components connected to the cardholder data environment (CDE). Processing credit cards can involve many different components, so PCI scope varies depending on the breadth of an organization's CDE. Because of this, many businesses are unaware of the components they are responsible for and which even…

PayJunction Security Explained: Level 1 PCI DSS Compliance

PayJunction Security Explained: Level 1 PCI DSS Compliance

PayJunction provides business owners with helpful features like cards on file and electronic signature capture. These features go above and beyond the old-school technology many businesses still use, but they naturally lead business owners to ask, “How is this secure?” We don’t outsource our security measures. Instead, we store all cardholder data internally. PayJunction is secure to the highest industry standard: Level 1 PCI DSS. Compliance requires annual audits and tireless work to maintain our systems. That said, just because you use PayJunction does not mean you’re completely secure. As a PayJunction customer, it’s your responsibility to…

EMV API Makes Life Easy for Developers

EMV API Makes Life Easy for Developers

Building business-to-business software and point of sale systems isn’t easy. You build, then refine, then re-build, then refine again ... and again. Finally, you have a worthy product that’s ready for use, except for one small detail: your customers are businesses and they need to accept payments. Integrating payments might sound easy at first, but there are quite a few challenges, especially for in-person payments. To understand the problem, let’s go over the basics. EMV API and PCI Compliance All credit and debit cards contain sensitive cardholder data. To maintain a secure environment Visa, MasterCard, American Express, JCB…