Because of the increased complexity of acting as a Payment Facilitator and aggregating payments, Payment Facilitators face additional requirements related to PCI as well as added requirements from the card brands.
While these may not impact the developer directly, PCI requirements are important to understand because they can affect how a developer builds applications and their strategies related to maintenance, certification and their choice of security technologies.
Additional information is provided in the Worldpay PayFac® Integration Guide available to Worldpay ONE members.
Payment Facilitators will generally need to provide the following items for PCI compliance and registration requirements:
Level 1 Service Provider PCI DSS Compliance Validation documentation
A documented process explaining how the Payment Facilitator validates PCI compliance of sub-merchants
Worldpay’s Compliance team will work with you as a Payment Facilitator to register you with Visa, MasterCard and Discover as an aggregator. Typical requirements include but are not limited to the following information:
PCI DSS Compliance must by achieved prior to registration with the payment brands
Completed Payment Brand Registration Forms
Payment brands may have their own specific requirements, and your Worldpay integration consultant can help advise what additional requirements may exist.
For example, VISA has a registered service provider program designed for aggregators and payment facilitators and have their own specific requirements for third party agents (https://usa.visa.com/dam/VCOM/download/merchants/tpa-registration-program-faqs.pdf).