What is Direct-Post Payment Processing?

Transparent Redirect is a secure, token based, payment processing system, that allows a merchant to control the look and feel of the checkout process, while the cardholder’s data is securely sent directly to the payment processor. This way, the merchant’ servers are never responsible for securing the cardholder’s data.

Bluefin’s PCI compliant Transparent Redirect feature, available on our PayConex payment platform, is an elegant token-based method to securely and transparently collect card data directly from the cardholder online while allowing the merchant to still manage the authorization process. Our clients can process credit/debit card and ACH transactions on their website without ever having cardholder data traverse through their systems.

Using Direct-Post Payment Processing allows the checkout page to be designed and hosted by the merchant, while our solution posts payment details directly to PayConex over our secure network. Utilizing direct-post payment processing ensures credit card information never enters the merchant’s system, even though the merchant maintains control of the look and feel of the page.

How Does Transparent Redirect Work?

Transparent Redirect payment processing allows the merchant to be in control of the design and hosting of the payment page. The page silently posts to our dedicated payment platform over our secure network directly from the customer’s browser to generate a token. The merchant only receives the token for processing and never sees the full cardholder data with this PCI transparent redirect.

How does Transparent Redirect reduce PCI Compliance Scope?

When properly implemented, Bluefin’s Transparent Redirect & Tokenization can take an ecommerce merchant from SAQ D’s 326 security questions down to SAQ A-EP’s 139 security questions. Bluefin also offers our Payment iFrame, which could further reduce an Ecommerce merchant’s requirements down to SAQ A’s 14 questions. Contact us for more information.


“The way that criminals attempt to hijack card data from e-commerce transactions depends on the way that the merchant’s website accepts cardholder data, the difficulty of gaining access to the transaction, and how likely it is that the criminal will receive an ongoing supply of cardholder data. PCI DSS aims to reduce the probability that a criminal can steal cardholder data from a merchant’s e-commerce transaction.”

“To be eligible for PCI DSS v3 SAQ-A, the e-commerce environment must be fully outsourced such that: “The entirety of all payment pages delivered to the consumer’s browser originates directly from a third-party PCI DSS validated service provider(s).”

Read PCI’s Guidance