DEVELOPER
DEVELOPER

Security

security

Maintaining data security is our highest priority. Our solutions comply with the most exacting industry standards so you can focus less on PCI requirements and more on development. Being a processor and acquirer, we’re uniquely positioned to eliminate many of the unnecessary vendor relationships, expenses, and risks of typical payment processing. This all-inclusive approach reduces much of the redundant cost and risk involved in having transaction data spread across multiple entities.

Payment data security



Keep Cardholder Information Secure



North leverages the latest in payments technology to help with the heavy lifting involved in data protection. Every step of the payment process has been built into our processing and acquiring environment, from the ground up. All of our systems communicate seamlessly with our in-house processor, meaning merchant and customer data flow securely through internal PCI-certified, protected environments to keep every bit of information safe.



Most integrations are PCI Level 3 certified off the shelf and out of PCI scope. Only API integrations that allow sensitive data into your server environment are within PCI scope.
Available Point-to-Point Encryption eliminates clear-text cardholder data from the payment transmission process.
A custom token replaces transaction data with a token that can be used to act on transactions after a customer’s card is read, with no need to obtain cardholder data a second time.







PCI Compliance


Payment Card Industry (PCI) standards are defined by the PCI-Security Standards Council (PCI-SSC) and are mandated by the major card brands, like Visa, Discover, and Mastercard. Maintaining PCI compliance helps ensure protection against credit card risk, including security breaches and card data theft. Our goal is to help you stay in compliance by taking on some of the PCI scope related to your payment environment. Most of our solutions are PCI Level 3 certified off the shelf and fall out of PCI scope. Only those API integrations that allow sensitive data into your server environment are considered within PCI scope and require that merchants handle PCI compliance.

Ecommerce payment security

By taking advantage of integrations that are out of scope, like our iFrame JavaScript SDK, Invoicing API, Semi-Integrated SDKs, Mobile SDKs, and more, you won’t need to worry about maintaining PCI compliance. The only circumstance when these would fall within PCI scope is when merchant staff use them to enter customer card and transaction data for Mail Orders or Telephone Orders (MO/TO). When integrated for merchant data entry, these solutions may fall in PCI scope due to merchants handling card data within their PC environment.

If you have any questions about how PCI compliance affects your payment environment, we invite you to contact us, and our Integration Specialists will provide you with further information.







PCI-Validated Point-to-Point Encryption
The SecureConnect PCI DSS-validated Point-to-Point Encryption (P2PE) solution offers your business the strongest level of encryption protection. PCI-listed P2PE solutions can also help reduce your PCI DSS validation effort.

The following devices are included in the SecureConnect P2PE solution:
  • Ingenico Desk/3500
  • Ingenico Desk/5000
  • Ingenico Lane/3000
  • Ingenico Lane/5000
  • Ingenico Move/5000
alt



For more information about how to start using the SecureConnect P2PE solution in your payment environment, download the “SecureConnect P2PE Instruction Manual (PIM).” For technical information about the solution and its implementation, download the “SecureConnect P2PE Implementation Guide.”

SecureConnect P2PE Instruction Manual (PIM)

SecureConnect P2PE Implementation Guide






Tokenized Transactions

Custom tokens (BRICs) allow you to link to transactions for reporting, chargebacks, recurring sales, and even create other transactions without having the risk and expense of storing credit card, debit card, and ACH account numbers. Tokens are commonly used to act upon a previous transaction such as capturing an authorization by using the authorization token in the capture request, or refunding a sale by using the sale token in the refund request. Tokens can also be used to create new transactions for situations such as returning customers or recurring payments.

There are two types of tokens, each used for different purposes:




Financial Tokens
Financial tokens are generated for each financial transaction submitted, such as an authorization or settlement. Tokens generated this way have a lifetime of 13 months. For example, if a recurring transaction occurs every 15 months, attempting to use a Financial token after 13 months will result in an “Unable to Locate” error. However, since each financial transaction provides a new token, an existing Financial token can be replaced with a token from the latest response, which can effectively extend the lifetime for an additional 13 months. So, for monthly recurring transactions, the newest token can replace the previously used/stored token each month for transactions going forward.
alt
  • A new Financial token is returned for each transaction.
  • For each transaction, the cardholder’s account is authorized and/or settled, depending on the transaction type.
  • Address Verification Service (AVS)-only tokens can be generated as a result of account validation requests only.
  • Financial tokens have a lifetime of 13 months. Financial transactions initiated using a token less than 13 months old will receive a new Financial token, which can be used to extend the availability of a token for a particular financial account for another 13 months.




Storage Tokens
Storage token transactions convert existing credit card, debit card (for PINless debit transactions only), and ACH account numbers to tokens to allow for long-term recurring transactions while avoiding the risk and expense of storing account numbers. Stored tokens can be used for all subsequent transaction types and do not expire. For example, if a recurring transaction occurs once every 15 months, a Storage token would be available for that recurring transaction. 

The initial conversion from an account number to a stored token is considered a non-financial transaction, and uses a special transaction type. Account number to token conversions take place completely within the processor system and are not sent to the issuer or networks for authorization. Cardholder accounts are not impacted. 

A transaction completed using the Storage token transaction type will return a new Storage token. Since the lifetime of the Storage token does not expire, it can continue to be used for all your recurring transactions.
alt
  • There are no expiration lifetimes for Storage tokens. Longer-term recurring transactions are not impacted since the Storage token does not expire.
  • Card numbers stored by your company can be replaced with tokens at a minimal expense to eliminate the concerns of storing credit card data.
  • At the time of the initial conversion, the Storage token does not impact the cardholder’s account.
  • A Storage token can be created from account information, a Financial token, or a previous Storage token.



Get Started
Working With UsHardwareSecurityFAQsGlossaryTags by Topic
Products
In Person PaymentsOnline PaymentsFull FeaturedFinTech Tools
Explore
About UsBlogNorth.comNorth HubNorth Exchange
More
Log InCreate AccountContact UsTerms of UsePrivacy PolicyCookies
©2025 North is a registered DBA of NorthAB, LLC. All rights reserved. North is a registered ISO of BMO Harris Bank N.A., Chicago, IL, Citizens Bank N.A., Providence, RI, The Bancorp Bank, Philadelphia, PA, FFB Bank, Fresno, CA, Wells Fargo Bank, N.A., Concord, CA, and PNC Bank, N.A.