top of page
banner-bg.jpg

Compliance
Reference Center

Let BridgePay help maintain your compliance

BridgePay is dedicated to maintaining a high level of security and compliance to protect sensitive data.

 

“The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data.”     – PCI DSS

As a service provider that stores, processes and/or transmits transactions, BridgePay is certified as a Level 1 Service Provider. We have and continually comply with PCI DSS requirements. Compliance is verified annually through a leading third party PCI QSA firm in the industry, A-LIGN.

BridgePay tokenizes all transactions in our gateway

card-chip-1-599845.png

Enable our EMV technology for secure payment processing

encryption-35-213566.png

Using point to point encryption ensures the secure transmission at the time of swipe

shoping-367213.png

Secure ecomm payments using our hosted payment page

fingrprint-882298.png

Reduce fraud using reCAPTCHA on an ecomm site

What is PCI Compliance?

PCI Compliance refers to meeting the requirements of the Payment Card Industry Data Security Standard (PCI DSS), a global framework designed to protect cardholder data. These standards were created to strengthen payment security and ensure consistent data protection practices across all organizations that handle credit and debit card information

BridgePay's commitment to PCI Compliance

BridgePay has maintained Payment Card Industry Data Security Standard (PCI DSS) Level 1 certification consistently since 2012, demonstrating our long-standing commitment to payment security. Each year, we undergo comprehensive audits conducted by independent Qualified Security Assessors (QSAs) to ensure compliance with the highest industry standards. BridgePay is also listed on both Visa's Global Registry of Service Providers and Mastercard's Compliant Service Provider List.

How does is PCI DSS apply to me?

PCI DSS applies to any organization that stores, processes, or transmits cardholder data-including merchants, payment processors, financial institutions, and service providers. If your business accepts card payments, you are responsible for complying with PCI DSS to help safeguard sensitive payment information.

P2PE Certification

BridgePay ensures its Point-to-Point Encryption (P2PE) solution remains PCI-validated by undergoing regular assessments conducted by independent PCI Qualified Security Assessors (QSAs). This includes rigorous reviews of encryption hardware, software, and operational procedures. BridgePay only deploys PCI-listed P2PE devices and maintains strict controls over device management, encryption key handling, and secure data transmission to minimize PCI DSS scope for merchants.

Reducing PCI Scope with P2PE

Merchants who implement a PCI-validated Point-to-Point Encryption (P2PE) solution in their card-present environment can significantly reduce their PCI DSS scope. By using only hardware payment terminals that are part of a PCI-listed P2PE solution, merchants are eligible to complete the simplified P2PE Self-Assessment Questionnaire (SAQ), which contains approximately 34 questions.

BridgePay's Secure Payment Technologies

PCI DSS Resource Library

BridgePay offers a suite of advanced security features designed to protect sensitive payment data and reduce fraud across in-store and online transactions. From tokenization to encryption and fraud prevention tools, our technologies help merchants maintain compliance and deliver secure customer experiences.

 

Key Features:

  • Transaction Tokenization: All transactions processed through BridgePay's gateway are tokenized, replacing sensitive card data with secure, non-sensitive tokens.

  • EMV Technology: Enable EMV chip card processing for enhanced security and reduced risk of counterfeit fraud in card-present environments.

  • Point-to-Point Encryption (P2PE): Encrypts card data at the point of swipe, ensuring secure transmission and minimizing PCI scope.

  • Hosted Payment Page: Secure eCommerce transactions using BridgePay's hosted payment page, which keeps cardholder data off the merchant's systems

BridgePay - PCI DSS Attestation of Compliance (AOC)

T-Gate - PCI DSS Attestation of Compliance (AOC)

VISA PCI DSS Validated Service Providers

PCI Council

PCI Council Document Library

PCI DSS Resource Library

HIPAA Compliance

While BridgePay does not store or manage medical records, we process payments for medical services and therefore adhere to HIPAA requirements for safeguarding protected health information (PHI) during financial transactions. BridgePay implements robust administrative, physical, and technical safeguards-including secure data transmission, access controls, and regular third-party audits-to ensure the confidentiality and integrity of sensitive health-related data in compliance with HIPAA regulations.

bottom of page