The PAYTEF payment gateway,  processes hundreds of thousands of transactions daily both in eCommerce and in physical stores, allowing interconnection through a simple interface with any POS application.

Since its beginnings as a payment gateway, PAYTEF has paid special attention to the possible security risks it faces on a daily basis, analyzing the possible threats and ensuring that IT controls are adequate to minimize existing risks as much as possible. This is why PAYTEF has relied on a security standard such as PCI-DSS to increase the security of its systems and reduce the risk of information leakage of card data of customers who use this gateway.

PAYTEF is a face-to-face and online payment gateway that allows the interconnection of any cash register/billing application to the credit or debit card payment process in an automated manner.

PAYTEF is a product of the company PAYTEF Sistemas, S.L., founded by specialists with more than 10 years of experience in the electronic payment market, and with a clear technical and service orientation in high availability environments 24x7x365.

PCI-DSS as a change tool

Jon Egurrola, Director of PAYTEF Sistemas, has always prioritized the security of the data of customers who buy through the different PAYTEF solutions.

For this reason, complying with PCI-DSS regulations has always been for him an opportunity to reduce the inherent risk of theft and fraud in the payment processes carried out with credit and debit cards.

“A2SECURE has worked with PAYTEF Sistemas to ensure that PCI-DSS compliance becomes a tool for change that facilitates the achievement of PAYTEF Sistemas’ business objectives.”

Risk reduction the main objective of the regulation

Thanks to the collaboration between PAYTEF Sistemas and A2SECURE, in addition to adapting the IT environment of PAYTEF Sistemas to comply with all the requirements of the PCI-DSS regulation, it has been possible to identify the main risks and concerns for the organization and focus on those PCI controls that allow them to be significantly reduced.

Having an HSM module for the storage of encryption keys as proposed by control 3.5.3 of the PCI-DSS regulation has meant for PAYTEF a significant improvement in the way of centrally managing the different encryption keys used by its devices, the crypto-periods of each one of them, etc. as well as increasing the security level of PAYTEF’s IT environment by ensuring that the encryption keys are stored in the best possible way.