ISV FAQ

The Paragon interface was built to support standard XML and web services interfaces such as WSDL. This robust and flexible design allows for a quick and easy integration. In addition, our Service Oriented Architecture means we can easily add new features, such as support for new security requirements, to our interface without requiring our software partners to change a single line of code once integration has been completed. 

Our API is language- and platform-independent, so developers are free to use whatever language and platform with which they feel most comfortable. Two interface options with identical functionality are also provided: an XML POST option and a SOAP Web Service option.

Tokenization works by moving actual cardholder data offsite to a PCI DSS compliant storage facility. Paragon’s servers work to create and then return a unique reference pointer (or token) to the software application. Using the token (which contains no actual cardholder data itself), customers can bill a card on file and schedule automatic payments.

Card Account Updater gives customers the option to seamlessly update stored cards on file for reasons such as expired or lost/stolen cards that have been replaced with new card numbers.

Point-to-point encryption (P2PE) technology ensures sensitive credit and debit card data is protected from first card swipe or key-entry, while in transit, all the way to the payment processor. We support the most advanced encrypting devices, allowing for point-to-point encryption of cardholder data.

We support a wide array of encrypting card reading devices, from simple card readers to driverless PIN pads to all-in-one devices.

This is an acronym for the Payment Card Industry Data Security Standard. The PCI DSS is a set of security standards that were created by the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) to protect their customers from identity theft and security breaches. Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion. There are 12 key requirements to achieving PCI DSS compliance.

This is an acronym for the Payment Application Data Security Standard. The PA-DSS is a set of security standards created by the PCI Security Standards Council for software distributed software applications that store, process or transmit payment cardholder data as part of authorization or settlement. To stay in scope of PA-DSS, software providers must undergo the process of validating their application or applications.  There are 14 key requirements to achieving PA-DSS compliance.

Our systems have gone through an extensive security audit by a QSA (Qualified Security Assessor) which has deemed that the Paragon Processing Platform meets industry security standards.

Both issuers and merchant banks must use, and are responsible for ensuring that their merchants use, service providers that are compliant with the PCI DSS. Validated service providers must conduct an annual on-site PCI security assessment and perform quarterly network scans audited by a Qualified Security Assessor (QSA).