Solid fraud protection and security are the backbone of Payway because, like you, we must also demonstrate ongoing compliance to the Payment Card Industry Data Security Standard.
Payway includes complimentary tokenization to both protect cardholder data and speed up recurring payments. It works by replacing primary account number (PAN) data with a token — a unique value only recognizable to us. We protect the token with superior vault technology and store it in one of two data centers hosted by Armor, a cloud-based facility in compliance with PCI requirements.
We offer point-to-point encryption (P2PE) as an add-on to Payway to help merchants reduce the scope and cost of PCI-DSS compliance, while further protecting cardholder data from potential hackers. You see, with P2PE, merchants don’t ever acquire, house or manage personal data, making it easy to satisfy your system auditor. Learn more about our P2PE partnership with Bluefin in the section below.
Whether you operate with card-present or card-not-present, we’ll provide you with secure credit card processing devices for swiping credit cards, keying in data manually, or accepting mobile payments. As an agent of CPAY, a TSYS company, and CardConnect, a First Data company, we’re able to provide a suite of point-of-sale solutions that adhere to PCI standards.
Whether you operate with card-present or card-not-present, should disaster strike in any way, shape or form, the Payway team is available 24/7 to help recover data, reset systems, or otherwise reestablish your payment processing abilities. You can trust us to always be there for you, especially when you need us most.
When you add point-to-point encryption to Payway, we employ the power of Bluefin’s secure card readers and PIN pads. These devices encrypt cardholder data in such a way that it is never accessible to the merchant.
In fact, the methodology is so effective that the Bluefin device helps you achieve PCI DSS compliance, helping you to reduce the amount of applicable controls during a merchant audit.
Cardholder data is swiped or keyed into a Bluefin device and immediately encrypted into a complicated mathematical string.
The encrypted string is delivered to Payway for routing through Bluefin environment, where it is decrypted.
Bluefin securely passes the primary account number (PAN) data to Payway for tokenization and storage into our data vault.
Payway then securely sends the PAN data out to the credit network for authorization.
Upon response from the credit network, the merchant is notified.
We are proud to support the following Bluefin device:
Swipe and keypad