PCI Compliance

Spend less time on credit card compliance, while protecting your customers’ information with the strongest payment security technologies.

Learn More

Your Customers Trust You to Protect Their Credit Card Information

Handling or storing card data on your network leaves your organization vulnerable to threats – but there’s a better way to keep sensitive data safe.

Curbstone lets you move credit card data off your network. Our Software as a Service (SaaS) platform collects three critical fields – card number, expiration date, and security code – to merge with the rest of the order information. We send the approval request directly to your Authorization Network, and you receive a detailed response in seconds.

You don’t process, store, or transmit sensitive information on your existing infrastructure; this takes it out of scope for the Payment Card Industry Data Security Standard (PCI-DSS). You reduce your risk of your customers’ information being stolen, and spend less time on security reporting and compliance.

Secure Payment Technologies to Support PCI Compliance

As a PCI-Validated "Service Provider Level 1", our technologies are compliant by design. You have the tools you need to meet payment security standards - everywhere you do business.

Call Center PCI Compliance

Over the Phone

Accept your customers’ credit card information over the phone, without leaving your order entry application. Our Isolated Payment Terminals (IPT) integrate with the programs you already use for back office collections. They provide fast responses while helping you eliminate the keying of card data into insecure PC workstations.

IPT takes your workstations and everything they connect to – your IBM i, servers, routers, switches, firewall, printers, and other workstations – out of scope for PCI. This eliminates reporting and audit requirements for your existing computing infrastructure.

Voice Scope Elimination

Potentially take your phone system and customer service operators out of scope as well. With Interactive Voice Response (IVR), your agents can process phone payments without overhearing card information. Customers enter their own card data on their phone keypad, and the information is never passed to the operator.

By Mail

Enter card numbers, expiration dates, and security codes on our Isolated Payment Terminals, keeping the rest of your computing infrastructure out of scope for PCI.

Mail Order PCI Compliance
PCI Compliance Retail

In Person

Collect payments in your stores while satisfying payment security requirements for retail EMV, interfacing seamlessly with your IBM-i based retail applications. Let customers swipe, tap, or dip their cards – or, if needed, key in the card information – and quickly collect signatures to keep on record.


Create a secure checkout on any programmable online application or shopping cart. Whether your e-commerce site runs on IBM i, Linux, or even Windows, use our iFrame-based Payment Landing Pages (PLP) to collect card information through our secure, hosted environment.

How iFrames Can Simplify PCI Compliance
PCI Compliance E-Commerce

Securely Store Card Data With Remote Tokenization

Reduce the security risks that come with storing your customers’ data in readable form. Instead of keeping sensitive information in your description fields, replace this information with unique and reusable Curbstone Tokens. You can easily process transactions for returning customers – from individual purchases to recurring subscriptions – without keeping card data on your network. When you need to process a subsequent charge, use the Curbstone Token rather than the physical card data, which remains securely stored in our Portal Vault.

Use Tokens For Credits And Refunds

Curbstone's Remote Tokenization helps you do more than collect payments. Quickly issue refunds and credits, process add-on charges, and refresh pending pre-authorizations without referencing the physical card number.

Learn More About Remote Tokenization

Satisfy Your PCI Reporting Requirements With Less Effort

PCI Compliance for Distributors and Wholesalers

If you store, transmit, or process credit card information, you are required to comply with PCI security guidelines. Large merchants are required to verify their compliance with yearly on-site audits, but most businesses can meet their obligations with a self-assessment questionnaire (SAQ). However, there are nine different self-assessment questionnaires – each with varying levels of complexity.

By outsourcing payment processing to Curbstone, you can reduce the scope of your environment and qualify for a shorter questionnaire. While you focus on your SAQ, our team will deal with the more complex PCI security compliance requirements. We complete annual audits with a third-party Qualified Security Assessor (QSA), maintaining our status as a PCI-Validated Service Provider Level 1.

Eliminate PCI Compliance Fees

To cover the risks associated with non-compliant environments, many credit card acquirers charge additional fees to merchants who don’t submit a completed SAQ. Our technologies help you qualify for an easier SAQ, while establishing a PCI-compliant cardholder data environment. It’s a simple way to reduce liability and avoid unnecessary costs.

SaaS Technologies That Support Your Credit Card Security Efforts

As PCI-Certified QIRs (Qualified Integrators and Resellers), we’re here to help you implement a solution that meets industry standards.

Discover a Faster and Safer Way to Process Your Transactions