Welcome to the Developer Portal

Default UI Integration
- Integrating Default UI
- Migrating from PayButton to Default UI
- Managing Default UI Properties
- Summary Screen
- Incremental Authorization
- Custom Receipt Printing
- Automatic Receipt Printing
- Standalone Receipt Printing
- Sending Receipts via Email
- Customization
- Mobile UI Customization
- Release Notes

PayButton Integration
- Integration
- Stripe Transactions
- Alipay
- Summary Screen
- On-Reader Tipping
- Tip Adjust
- Loyalty and Bonus Cards
- Pre-Auth and Capture
- Refunds
- Custom Receipts
- Testing
- Going Live
- Release Notes

Custom Integration
- Installation
- Integration
- Stripe Transactions
- Signature
- Refunds
- Email & Print Receipts
- Custom Receipts
- Custom Receipts for PAX Terminals
- Preformatted Receipts
- Alipay
- On-Reader Tipping
- Tip Adjust
- Loyalty & Bonus Cards
- Pre-Auth & Capture
- Connection Keep-Alive
- Testing
- Going Live

Backend Integration
- API Endpoints and Authentication
- WebHooks
- Query Transactions
- Refunds
- Custom Receipts
- Going Live
- API Documentation

Card Readers
- Protecting Cardholder Data
- Developer Kits
- Test Cards
- Manage Card Readers
- Verifone Card Readers
  - Verifone e355
    - USB Connectivity Configuration
    - WiFI Connectivity Configuration
    - Windows Setup
    - User Guide
    - FAQ
  - Verifone P400
    - Getting Started with the Verifone P400
    - Ordering Test Equipment
    - Inspecting the Terminal
    - Connecting Verifone P400 Terminal Hardware
    - Configuring Ethernet Connectivity
    - Configuring USB Connectivity
    - Finding the Network Address Assigned to the Terminal
    - Configuring the Static IP Address
    - Verifying the Terminal IP Address
    - Changing Your Password on the Terminal
    - Processing a Transaction
    - Troubleshooting Terminal Issues
  - Verifone VX820
    - USB Connectivity Configuration
    - Ethernet Connectivity Configuration
    - Windows Setup
    - User Guide
    - FAQ
- Miura Card Readers
  - USB Connectivity Configuration
  - Windows Setup
  - Customization
  - Troubleshooting

Merchant Setup
- AMEX Merchant Setup
- Barclaycard APACS Merchant Setup
- Barclaycard HISO Merchant Setup
- Credorax Merchant Setup
- Elavon Merchant Setup
- EVRY Merchant Setup
- net-m Privatbank Merchant Setup
- Nexi Merchant Setup
- Stripe Merchant Setup
  - Stripe Direct and Stripe Connect
  - Stripe Connect

Protecting Cardholder Data

What is PCI PIN Security and why is it necessary?

The PCI Security Standards require that cardholder data (including PINs) are protected at any time. All entities that handle POS terminals (i.e., terminal distributors and manufacturers, PSPs, ISVs, and merchants) need to follow these standards. All entities need to have appropriate processes documented and in use. All involved personnel needs to be aware of the processes.

The document provides guidance only The official PCI Security Standards Council’s PIN Security Requirements will always remain the applicable rule.

Your duties

Your duties related to procuring, shipping, storing, using, and managing payment terminal include the following.

Procuring and shipping terminals

Terminals must be procured from legitimate sources only, e.g. directly from the manufacturer or from an authorized reseller. Otherwise they cannot be used on our platform. Payworks can make the necessary introductions for you.

Terminals must only be shipped by companies that allow tracking of the shipments.

Retain shipping documents for possible warranty and inspection issues.

Storing terminals

Before they are deployed, terminals must be stored in a secure place (e.g. locked cabinet or room) that can only be accessed by authorized personnel. Unauthorized individuals must not be able to access, modify, or substitute any stored terminals (see our sample list of authorized personnel).

Access to the stored terminals needs to be defined, documented and controlled (see our sample storage facilities log).

Entities storing card terminals must keep written records of all their terminals. They have to conduct regular inventory checks (at least every 6 months) and implement monitoring procedures to protect their terminals and detect lost or stolen terminals (see our sample inventory statement).

Using and managing terminals

Before enabling merchants to use a POS terminal, providers must educate them and give them clear instructions on how to use and store the terminal. You can use our sample merchant guidelines for this.

Providers must be available for merchants to deactivate manipulated, lost or stolen terminals.

Your merchants’ duties

Before setting up or using a terminal, merchants must inspect it for possible manipulations.

Merchants must not use a terminal if they suspect that it has been manipulated or replaced. They must notify their provider immediately, so that the terminal can be deactivated.

Merchants must keep their terminals out of reach for unauthorized third parties and lock their terminals away at a secure place (e.g. locked cabinet or room), when they are not in use (e.g. outside of business hours).

Merchants must keep written records of all their card terminals and need to regularly compare it to the terminals in their inventory (at least every 6 months). Discrepancies need to be raised with the provider.

Merchants must notify their providers immediately about all lost, stolen or manipulated terminals, so that they can be deactivated.

Merchants must not modify, manipulate or operate their terminals in any unauthorized manner.

How we help you

The following merchant guidance and sample documents are provided to help you set up your processes for protecting cardholder data by managing your payment terminals. For assistance, contact your Solution Consultant or Card Present Support.

Merchant Guidelines

The sample Merchant Guidelines contain a set of minimum guidelines about terminal handling that you must communicate to your merchant. You can use this document as a starting point and adjust the rules so that they fit your processes (as long as they provide at least the same level of security). You should refer to these rules in your terms and conditions.

List of authorized personnel

Use this sample List of Authorized Personnel to create a list of your team members or fulfillment provider has access to the terminals in your storage.

Terminal inventory statement

Use this sample Terminal Inventory Statement as a template for your inventory statement and to conduct your regular inventories.

Storage facilities log

Use this sample Storage Facilities Log to log and track access to your terminal storage facilities.

FAQs

A merchant notifies me about a lost, stolen, or manipulated terminal. What do I need to do?

Deactivate the terminal in the Gateway Manager and detach it from the merchant. Notify Payworks Customer Support so we can remove the terminal from our gateway.

Does using your product ensure my PCI compliance status and that I do not have to worry about the security of my terminals?

No. Using our products does not guarantee your PCI compliance status.

However, using our products and guidelines can help you and your merchants become more secure and protected while deploying your PCI-DSS and PCI-PIN compliant products. We helps users and merchants manage terminals in a secure, PCI-compliant way by providing:

Transparent documentation

Merchant guidelines

Sample documents

Terminal management and security remains the responsibility of the users and merchants.

In general, PCI DSS is intended for all entities involved in payment processing, including merchants (regardless of their size). The ultimate decision about whether a merchant has to validate its compliance and how is made by the respective payment schemes.

For more information about compliance, we encourages our users and merchants to contact their acquirer and PCI assessors.

Card Readers