ComplianceReference Center

Let BridgePay help maintain your compliance

BridgePay is dedicated to maintaining a high level of security and compliance to protect sensitive data.

“The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.”     – PCI DSS

As a service provider that stores, processes and/or transmits transactions, BridgePay is certified as a Level 1 Service Provider. We have and continually comply with PCI DSS requirements. Compliance is verified annually through a leading third party PCI QSA firm in the industry, A-LIGN.

BridgePay also develops and maintains payment applications supporting card present transactions via card swipes or keyed into a terminal. PayGuardian is certified according the Payment Application Data Security Standard (PA DSS). Compliance is verified through a leading third party PA QSA firm in the industry, Security Metrics.

Learn more about BridgePay and PCI by downloading our brief summary.

 

  • BridgePay tokenizes all transactions in our gateway

  • Enable our EMV technology for secure payment processing

  • Using point to point encryption ensures the secure transmission at the time of swipe

  • Secure ecomm payments using our hosted payment page

  • Reduce fraud using reCAPTCHA on an ecomm site

 

What is PCI Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. – PCI DSS

How does is PCI DSS apply to me?

PCI DSS applies to all entities involved in payment card processing-including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process, or transmit cardholder data and/or sensitive authentication data. – PCI DSS

How does BridgePay maintain its PCI DSS Compliance?

As a service provider that stores, processes and/or transmits over 300,000 transactions per year, BridgePay is certified as a Level 1 Service Provider. We have and continually comply with all PCI DSS requirements. Compliance is verified annually through a leading third party PCI QSA firm in the industry, A-LIGN.

 

 

 

What is PA DSS?

The PCI Payment Application Data Security Standard (PA DSS) Requirements and Security Assessment Procedures define security requirements and assessment procedures for software vendors of payment applications.- PCI DSS

Am I compliant?

In order to maintain compliance, all PA DSS applications must be implemented in a PCI compliant environment.


BridgePay’s PCI Validated P2PE (Point-to-Point Encryption) Solution

Utilizing BridgePay’s PCI Validated P2PE solutions reduces the merchant’s PCI scope. Implementing this solution secures card present transactions by encrypting the card data at the physical credit card device at the time of the card swipe or insert. Using our solution also reduces the PCI Self-Assessment Questionnaire merchants must complete in order to main compliance.

 

 

HIPAA Compliance

HIPAA compliance

BridgePay’s HIPAA compliance ensures to our healthcare partners we are adhering to the regulatory requirements of HIPAA/HITECH (The Health Insurance Portability and Accountability Act and subsequent Health Information Technology for Economic and Clinical Health). These acts define policies, procedures, and processes that are required for BridgePay as we may store, process or handle health-related payments. This audit exhibits BridgePay has the proper safeguards in place to protect this information.