Skip to main content

PCI Compliance

Spend less time on credit card compliance requirements, while protecting your customers’ data with the strongest payment security technologies.

Learn More

Your Customers Trust You to Protect Their Credit Card Information

Handling or storing card data on your network is a security risk – but there’s a better way to keep sensitive data safe.

Curbstone lets you move credit card data off your network to more easily meet the requirements of the Payment Card Security Data Security Standard (PCI DSS). Our Software as a Service (SaaS) solution collects three critical fields – card number, expiration date, and security code – which is later merged with the rest of the order information. Our portal sends the approval request directly to your Authorization Network.

You don’t process, store, or transmit cardholder data on your existing infrastructure. This takes your systems out of scope for the PCI DSS. In turn, you spend less time on security reporting and compliance audits, while reducing the risk of your customers’ information being stolen.

Secure Payment Technologies to Support PCI Compliance

As a PCI-Validated "Service Provider Level 1", our technologies are compliant by design. You get the tools you need to meet Payment Card Industry security standards - everywhere you do business.

Call Center PCI Compliance

Over the Phone

Accept credit card information over the phone, without leaving your order entry application. Isolated Payment Terminals (IPT) integrate with the systems you already use in your back office. Phone represpentatives receive fast authorization responses, without having to key card data into insecure PC workstations.

IPT takes your workstations and everything they connect to – your IBM i, servers, routers, switches, firewall, printers, and other workstations – out of scope for the Payment Card Industry Data Security Standard. This reduces your reporting and audit requirements for your existing computing infrastructure.

Voice Scope Elimination

Take your phone system and customer service operators out of PCI scope as well. With Interactive Voice Response (IVR), call center agents can process phone payments without overhearing card information. Customers enter their own card data on their phone keypad; operators can’t access the sensitive data.

Learn more about streamlining your compliance requirements when you accept credit card payments over the phone.

By Mail

Enter card numbers, expiration dates, and security codes on Isolated Payment Terminals, keeping the rest of your computing infrastructure out of scope for PCI.

Mail Order PCI Compliance
PCI Compliance Retail

In Person

Collect payments in your retail stores while meeting PCI security requirements for card-present EMV transactions. Let customers swipe, tap, or dip their cards, then collect signatures to keep on record.


Create a PCI-compliant checkout experience with any programmable online application or shopping cart. Whether your e-commerce site runs on IBM i, Linux, or even Windows, use iFrame-based Payment Landing Pages (PLP) to collect card information through our secure, hosted environment.

How iFrames Can Simplify PCI Compliance
PCI Compliance E-Commerce

Securely Store Cardholder Data With Remote Tokenization

Reduce the security risks that come with storing your customers’ data in a readable format. Instead of storing sensitive information on your systems, replace this data with unique, reusable payment tokens. Use these tokens to instantly process transactions for returning customers – from individual purchases to recurring subscriptions – without referencing the original card data. Yhe physical card data remains in the Curbstone Portal Vault, where it's protected from unauthorized access.

Use Tokens For Credits And Refunds

Remote Tokenization helps you do more than process up-front payments. Quickly issue refunds and credits, process add-on charges, and refresh pending pre-authorizations without referencing the physical card number. All your processes become faster, easier, and more importantly: more secure.

Learn More About Remote Tokenization

Satisfy Your PCI DSS Reporting Requirements With Less Effort

PCI Compliance for Distributors and Wholesalers

If you store, transmit, or process credit card information, you are required to comply with PCI security guidelines. Large merchants need to verify their compliance with annual on-site audits, but the average small or mid-sized business can meet their PCI requirements with a self-assessment questionnaire (SAQ). However, there are nine different self-assessment questionnaires – some of which are more complicated than others.

By outsourcing payment processing to Curbstone, you can reduce the scope of your environment and qualify for a shorter security questionnaire. Many of our merchants are able to avoid the longest and most complicated report - the SAQ-D - and meet their requirements with an easier alternative.

While you focus on your SAQ, our team will deal with the more complex PCI security standards. We undergo third-party audits with a PCI-Certified Qualified Security Assessor (QSA), earning an annual Report on Compliance (ROC). This confirms that our technologies meet the strongest industry requirements. As a PCI-Validated Level 1 Service Provider, we provide merchants extra peace of mind that their cardholder data is appropriately protected.

Eliminate PCI Compliance Fees

To cover the risks associated with non-compliant environments, many credit card acquirers charge additional fees to merchants who don’t submit a completed SAQ. Our technologies help you establish a PCI-compliant cardholder data environment qualify for an easier SAQ. It’s a simple way to reduce your risk and avoid unnecessary costs.

SaaS Technologies That Support Your Credit Card Security Efforts

As PCI-Certified QIRs (Qualified Integrators and Resellers), we’re here to help you implement a solution that meets industry standards.

Discover a Faster and Safer Way to Process Your Transactions