Pharos Systems International understands that organizations that store, process, or transmit cardholder data must meet strict requirements to be PCI compliant. PCI compliance specifically relates to the security and controls around the payment applications and cardholder data within the merchant’s IT environment. The Pharos Uniprint Credit Card Gateway is not a payment solution and at no time does Pharos Uniprint provide software or systems to handle, process, or store credit card data; therefore, the Pharos Uniprint Credit Card Gateway falls outside of the scope of PCI review. According to the PCI Security Standards Council, it is the merchant or service provider's responsibility to ensure that they are using only products that support compliance.
The Pharos Uniprint Credit card gateway solution is meant to reduce the merchant’s scope for PCI compliance by using a URL redirect e-commerce implementation. Customers using the Credit Card Gateway may be eligible for PCI SAQ A or SAQ A-EP, provided they meet the eligibility criteria of that SAQ.
It is recommended the merchant monitor connections and redirections between the merchant and a third party since the connections can be compromised. The merchant should ensure no changes have occurred and that the integrity of the e-commerce solution is maintained. The PCI Security Standards Best Practices for Securing E-commerce provides best practices for merchants on securing and monitoring redirections.
More information about the Uniprint Credit Card Gateway can be found here on the Pharos Community.