Looking for Opayo, you're in the right place. View Opayo products

Americas

United States
Puerto Rico

Europe

Denmark
Germany
Ireland
Norway
Poland
Sweden
United Kingdom
Spain

Americas

United States
Puerto Rico

Europe

Denmark
Germany
Ireland
Norway
Poland
Sweden
United Kingdom
Spain
Elavon customer service: 0345 850 0195 Opayo product support: 0191 313 0299
For support in Ireland, click here

 

Help with your account

Getting started

Protect your business

As a business taking card payments, you have a responsibility to keep your customers’ card information safe. This is closely regulated by the Payment Card Industry Data Security Standards (PCI DSS) and affects any businesses accepting card payments. To find out more about why and how this impacts you, take a look at our Merchants’ Guide to PCI DSS.

For specific security-related problems, you can call 0203 684 7634 between 9:00am and 4:30pm, or email fraud.management@elavon.com.

PCI DSS Compliance

At Elavon, we hold payment security as our first priority. That's why we created Secured by Elavon, a simple security programme that provides everything you need to keep your business protected - from achieving Payment Card Industry Data Security Standards (PCI DSS) compliance to securing your customers' data throughout transactions.

The PCI DSS is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council, which was founded by Visa®, MasterCard®, JCB®, Discover® and American Express® to facilitate industry-wide adoption of consistent data security measures on a global basis.

It applies to all businesses that take credit and debit cards, regardless of size or transaction volume. Any business involved in the storage, processing and/or transmission of payment card numbers must comply.

The fallout of non-compliance has a domino effect on your business, as the financial implications of a breach can destroy customers of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry. By following the standardised PCI DSS procedures, you can:

  1. Protect your customers’ personal data
  2. Boost customer confidence through a higher level of data security
  3. Insulate your organisation from financial losses and remediation costs
  4. Maintain customer trust and safeguard the reputation of your brand

Becoming PCI DSS compliant

You should speak to your merchant acquiring bank so they can refer you to their  preferred Quality Security Assessor (QSA). 

No matter what type of payments you're accepting (online, over the phone or using card machines), you'll only need one PCI certificate for your business

PCI certificates for businesses accepting online payments

If you're processing payments online through your website, the requirements will vary depending on how you've integrated our payment technology to your website.

Integration type

Description

Form integration

All compliance levels

  • All compliance levels  
  • Simplified PCI compliance using an online self-assessment questionnaire.

Server & Inframe integration

All compliance levels

  • All compliance levels
  • Simplified PCI compliance using an online self-assessment questionnaire with monthly or quarterly vulnerability scans.

Direct integration

Level 4 compliance

  • Level 4 compliance Less than 20,000 transactions/annum       
  • Simplified PCI compliance using an online self-assessment questionnaire with monthly or quarterly vulnerability scans.

Level 3 compliance

  • 20,000 - 1M transactions/annum
  • Remote assessment, compliance validation, monthly vulnerability scans (via 10 IPs) and SSL certificate validation.

Level 2 compliance

  • 1-6M transactions/annum​
  • Remote assessment, compliance validation, monthly vulnerability scans (via 50 IPs) and SSL certificate validation.

Level 1 compliance

  • 6M+ transactions/annum
  • Onsite assessment, penetration test and monthly vulnerability scans.
  • Prices available on request

Integration type

Description

Form integration

All compliance levels

  • All compliance levels  
  • Simplified PCI compliance using an online self-assessment questionnaire.

Server & Inframe integration

All compliance levels

  • All compliance levels
  • Simplified PCI compliance using an online self-assessment questionnaire with monthly or quarterly vulnerability scans.

Direct integration

Level 4 compliance

  • Level 4 compliance Less than 20,000 transactions/annum       
  • Simplified PCI compliance using an online self-assessment questionnaire with monthly or quarterly vulnerability scans.

Level 3 compliance

  • 20,000 - 1M transactions/annum
  • Remote assessment, compliance validation, monthly vulnerability scans (via 10 IPs) and SSL certificate validation.

Level 2 compliance

  • 1-6M transactions/annum​
  • Remote assessment, compliance validation, monthly vulnerability scans (via 50 IPs) and SSL certificate validation.

Level 1 compliance

  • 6M+ transactions/annum
  • Onsite assessment, penetration test and monthly vulnerability scans.
  • Prices available on request

PCI certificates for all other types of card payments

If you're only processing payments using card machines or over the telephone your PCI requirements are reduced to the minimum.

Compliance level

Description

All compliance levels

  • All compliance levels  
  • Simplified PCI compliance using an online self-assessment questionnaire.

Compliance level

Description

All compliance levels

  • All compliance levels  
  • Simplified PCI compliance using an online self-assessment questionnaire.

Welcome to Secured by Elavon

As a new customer, your business is automatically enrolled to Secured by Elavon. This enables you to get your PCI DSS compliance certification, as well as manage your ongoing compliance programme.

Your business keeps you busy enough, so you might prefer to save time and let Elavon manage your PCI Compliance for you. If you do, then Secured Pro is the right option for you.

Secured Pro, managed by Elavon, offers you enhanced protection against payment security breaches, making sure your business looks after its customers and its reputation. Whether you’re signing up for the first time or renewing, Secured Pro means we manage your compliance process for you, contacting you when an action is due and working together to complete it successfully. No more worrying about your certification expiring or your fraud processes not being up to scratch.

What’s more, with Secured Pro you also benefit from our PCI Waiver Programme. Depending on your level of PCI compliance, liability for fines may be waived.

Secured Pro in detail

A non-compliant payment processing environment is susceptible to a security breach, such as a hacker stealing your customers’ payment card information. Secured Pro includes a range of scan checks that ensure your payments processing environment keeps the bad guys out and protects your business against data breaches:

Network Perimeter Scan

This scan assesses the security position of your internet-facing systems for any vulnerabilities, providing you with a report that identifies possible entry points so that you can close them up.

Device Security Scan

Protect your computers and mobiles with this scan - it detects any stored customer card information and analyses the system for any current cyber-threats, viruses and malware for peace of mind that your devices are vulnerability free. It's possible to scan all your devices in seconds.

Cardholder Data Scan

Protect your computers by running this scan. It helps you find and remove any unencrypted credit card numbers on your network. By identifying where you store payment card data you can securely remove it, dramatically reducing the scope of your PCI DSS assessment.

Antivirus Protection

Fight the hackers and ensure your devices are not infected with viruses and other malware, which can disrupt and potentially damage your business.

PCI DSS External Vulnerability Scan

A quarterly scan of all IP ranges and domains to identify any areas of weakness.

POS Application Discovery Scan

It's important to regularly check and verify your point-of-sale (POS) application against the PCI Security Council list of approved POS Applications to ensure your compliance.

Frequently asked questions

Elavon terms of service UK (CCA)

(Sole trader, or partnership with 3 or less partners)

Elavon terms of service UK (non-CCA)

(All other customers)

Elavon terms of service (Multi-national customer)

(Multi-national customers)

Opayo Merchant Terms & Conditions

(Opayo gateway only)

Your Order
  • Qty:

    X

    Delete Product