Because of the increased complexity of acting as a Payment Facilitator and aggregating payments, PayFacs face additional requirements related to PCI as well as added requirements from the card brands.
While these may not impact the developer directly, PCI requirements are important to understand because they can affect how a developer builds applications and their strategies related to maintenance, certification and their choice of security technologies.
Additional information is provided in the Vantiv PayFac Integration Guide available to Vantiv O.N.E. members.
PayFacs will generally need to provide the following items for PCI compliance and registration requirements:
Level 1 Service Provider PCI DSS Compliance Validation documentation
A documented process explaining how the PayFac validates PCI compliance of sub-merchants
Vantiv’s Compliance team will work with you as a PayFac to register you with Visa, MasterCard and Discover as an aggregator. Typical requirements include but are not limited to the following information:
PCI DSS Compliance must by achieved prior to registration with the payment brands
Completed Payment Brand Registration Forms
Payment brands may have their own specific requirements, and your Vantiv integration consultant can help advise what additional requirements may exist.
For example, VISA has a registered service provider program designed for aggregators and payment facilitators and have their own specific requirements for third party agents (https://usa.visa.com/dam/VCOM/download/merchants/tpa-registration-program-faqs.pdf).