Reward Gateway is a Level 2 PCI DSS compliant merchant. This compliance covers our Smart Spending product where we take payment directly from your employees. We do not process their payment or card details on behalf of you, or your customers.
Scope of Processing
Reward Gateway needs to take payment from employees when they use the Smart Spending product. In exchange for their payment, we give them a discounted gift card or voucher redeemable at the retail partner they chose.
We do not process payments more generally on your behalf, or for your customers, and are not a PCI DSS ‘service provider’ to you.
We have partnered with Checkout.com for payment gateway and merchant services. Checkout.com is a Level 1 PCI DSS Service Provider which is the highest standard set by the Payment Card Industry to ensure that cardholder data is processed, stored or transmitted in a secure environment.
Checkout.com provides us with a ‘frame based’ solution that allows us to process credit card payments without cardholder information being transmitted to our servers. Checkout.com also provides a secure payment card vault, allowing us to exchange payment card details for a long-lived token that we use to allow employees to save their details.
This does not diminish our responsibilities or commitments in this area. We must maintain our own PCI DSS compliance programme, which is why you can find our Attestation of Compliance in our Security Pack along with details of our other security measures.
- Our use of a frame based solution is recognised as best practise and one of the safest methods for merchants to process card payments. No cardholder data is transmitted to our servers.
- This is reflected by requiring us to complete an “Self-Assessment Questionnaire (SAQ) A” annually. You can find a copy of our SAQ A in our Security Pack.
- Our Information Security Team are qualified Internal Security Assessors (ISA), and are listed on the PCI Security Standards public register.
If you would like further information on how credit card payments are handled, please see the information on Checkout.com’s website.