Direct-Post Payment Processing with PayConex

Bluefin’s PCI compliant Transparent Redirect feature, available on our PayConex payment platform, is an elegant token-based method to securely and transparently collect card data directly from the cardholder online while allowing the merchant to still manage the authorization process. Our clients can process credit/debit card and ACH transactions on their website without ever having cardholder data traverse through their systems.

While the checkout page is designed and hosted by the merchant, our solution posts payment details directly to PayConex over our secure network. Utilizing direct-post payment processing ensures credit card information never enters the merchant’s system, even though the merchant maintains control of the look and feel of the page.

How It Works

Transparent Redirect payment processing allows the merchant to be in control of the design and hosting of the payment page. The page silently posts to Bluefin directly from the customer’s browser to generate a token. The merchant only receives the token for processing and never sees the full cardholder data.

Reducing PCI Compliance Scope

When properly implemented, Bluefin’s Transparent Redirect & Tokenization can take an ecommerce merchant from SAQ D’s 326 security questions down to SAQ A-EP’s 139 security questions. Bluefin also offers a completely hosted payment page which could further reduce an Ecommerce merchant’s requirements down to SAQ A’s 14 questions. Contact us for more information.

PCI DSS SAQ A

“The way that criminals attempt to hijack card data from e-commerce transactions depends on the way that the merchant’s website accepts cardholder data, the difficulty of gaining access to the transaction, and how likely it is that the criminal will receive an ongoing supply of cardholder data. PCI DSS aims to reduce the probability that a criminal can steal cardholder data from a merchant’s e-commerce transaction.”

“To be eligible for PCI DSS v3 SAQ-A, the e-commerce environment must be fully outsourced such that: “The entirety of all payment pages delivered to the consumer’s browser originates directly from a third-party PCI DSS validated service provider(s).” 

Read PCI’s Guidance