PCI Compliance In The Cloud

Selling via credit card in the cloud offers ISVs significant advantages. However, the technical and operational requirements set forth by the PCI Security Standards Council (PCI SSC) to protect cardholder data can be a large hurdle. Additionally, the requirements set forth in the PCI Data Security Standards (PCI DSS) are not easily supported in a cloud environment.

                                   Metanga is PCI Level 1 Certified

For the cloud, Metanga created the PCI compliant Metanga Payment Broker system.  ISVs selling services via hosted or proprietary enrollment sites use transparent payment code snippets, allowing the Metanga Payment Broker to directly capture vulnerable payment card data without that data needing to be passed from the ISVs application. The Metanga Payment Broker then creates a secure and proprietary token which is passed to the Metanga application. All other non-credit card information is passed directly to the Metanga application.  

When an ISV is processing a payment or running a bill close, Metanga leverages that token to tell the Metanga Payment Broker to make the payment. Sensitive credit card data never lands in the cloud, but ISVs monetizing their application have the benefit of PCI compliant credit card payments.