Understanding PCI Requirements for Payment Facilitators

Document created by jordanbarhorst on May 10, 2016Last modified by lsolheim on Nov 12, 2018
Version 5Show Document
  • View in full screen mode

Because of the increased complexity of acting as a Payment Facilitator and aggregating payments, Payment Facilitators face additional requirements related to PCI as well as added requirements from the card brands.


While these may not impact the developer directly, PCI requirements are important to understand because they can affect how a developer builds applications and their strategies related to maintenance, certification and their choice of security technologies.


Additional information is provided in the Worldpay PayFac® Integration Guide available to Worldpay ONE members.


Payment Facilitators will generally need to provide the following items for PCI compliance and registration requirements:


  • Level 1 Service Provider PCI DSS Compliance Validation documentation

  • A documented process explaining how the Payment Facilitator validates PCI compliance of sub-merchants    


Worldpay’s Compliance team will work with you as a Payment Facilitator to register you with Visa, MasterCard and Discover as an aggregator. Typical requirements include but are not limited to the following information:


  • PCI DSS Compliance must by achieved prior to registration with the payment brands    

  • Completed Payment Brand Registration Forms    


Payment brands may have their own specific requirements, and your Worldpay integration consultant can help advise what additional requirements may exist.


For example, VISA has a registered service provider program designed for aggregators and payment facilitators and have their own specific requirements for  third party agents (https://usa.visa.com/dam/VCOM/download/merchants/tpa-registration-program-faqs.pdf).

2 people found this helpful