Support
Find answers to frequently asked questions below, or contact us if you need help.

Email us for sales or support inquiries and we’ll get back to you as fast as possible.

If you can’t find the answers you need online or by email call us at (909) 482-4701.

Write to us at 1900 S. State College Blvd., Suite 525, Anaheim, CA 92806.

General

Payments

PCI & Security

Integration

Data

Merchant Accounts & Gateways

General

What is PayFabric?

PayFabric is a cloud-based payment processing solution for merchants and developers that makes it easy to accept and manage online payments in your application, website or ecommerce storefront. PCI validated, the PayFabric service provides an alternative to developing costly and complex infrastructure to safely process payments, as well as store and share transactional data across multiple platforms, channels and devices. Whether you’re just looking to start accepting payments quickly, or you’re searching for a more complete solution for storing cards, connecting applications and integrating with back office systems, PayFabric allows merchants and developers of any size and complexity to connect once, and grow infinitely.

What types of customers use PayFabric?

PayFabric is used by entities of all size and complexity, from startups to fortune 500 companies and everything in between. As a developer tool, PayFabric supplies a RESTful API requiring only a few lines of code to process a transaction. For businesses, PayFabric provides a complete solution for payment processing including secure credit card and ACH storage, integration across multiple platforms, websites, and payment applications - including ERP and CRM, plus optional merchant account and payment gateway services.

How fast can I get a PayFabric account?

Anyone can sign up for a PayFabric account online 24/7 and begin using PayFabric after completing the required fields in the online set up wizard. The process is fast, intuitive and allows merchants to start processing online payments the same day.

What is the cost to use PayFabric?

Check out our pricing page for more details on our offerings.

What are the hours and contact information for PayFabric support?

Monday to Friday, 7am to 5pm Pacific Standard Time
Support Email: support@payfabric.com
Phone: (909) 482-4701
Nodus Technologies, Inc.
2099 S. State College Blvd., Suite 250
Anaheim, CA 92806

How are updates handled with PayFabric?

PayFabric follows best practices with regards to service updates. Changes are first developed and tested within our internal development environment, published to a second test environment for application compatibility testing, then onto Sandbox.PayFabric.com and finally, www.PayFabric.com. Multiple layers of testing procedures greatly minimize the chances of downtime introduced by code changes.

Does PayFabric require me to do any maintenance on my end?

If you have integrations with PayFabric, you might need to perform updates to take advantages of our newly supported features and functionalities.

What happens if PayFabric service is interrupted or not available?

We don’t anticipate this situation with 99.95% uptime, however, in the rare event this occurs, we first suggest checking your internet connection to make sure you have good connectivity. If the problem persists, please contact PayFabric support for troubleshooting assistance.

What happens if internet connection is interrupted or not available?

PayFabric is hosted within different data centers located across different regions of United States for redundancy. These regions are currently setup as active-active to ensure no interruption to the service.

What happens if there is a power failure?

In the event of a power outage, PayFabric will remain online as traffic will be directed to the alternative site.

What happens if there is a serious incident or disruption on my side?

We strongly urge you to contact us immediately in the event of a serious incident or disruption on your side.

What countries is PayFabric available in?

PayFabric is located in the United States and supports payment processing for the United States and Canada.

What is the difference between your service and running a POS terminal?

PayFabric is a payment processing engine that is used by a software application for internet-based payment processing. Unlike a POS terminal, PayFabric supports card-not-present scenarios. In the near future, we’ll be able to support card-present-transactions.

Payments

What forms of payments are supported by PayFabric?

PayFabric supports the ability for merchants to accept credit cards, debit cards (excluding pin-based) and ACH (eChecks).

How fast will I receive my funds after a transaction is processed?

In the U.S., for Visa, MasterCard, and Discover transactions, the funds will appear in your bank within 2 business days. American Express transactions are typically 3-5 business days.

Will my funds be held by PayFabric in any event?

PayFabric will not hold your funds. Once settlement occurs, funds will be moved from customer’s bank directly into your merchant bank account.

How does PayFabric define a transaction?

Any card authorization, credit, ticket only, capture or settlement request, decline transaction, or other related transaction, completed or submitted under a Customer’s account to PayFabric.

How does the checkout process work with PayFabric?

PayFabric supplies a secure payment frame that can be seamlessly integrated into your application or website’s payment page to match your desired branding. After either you or your customer enters the required payment information, the transaction will be processed in real time and a confirmation can be used to confirm payment status. The payment can be integrated to your ERP and/or CRM, as well as other platforms and applications.

Can I customize the look and feel of PayFabric’s checkout?

PayFabric’s hosted payment page is easily customizable using CSS and JavaScript.

How are taxes calculated with PayFabric?

PayFabric does not perform any tax calculations. It relies on integrated applications to pass in the calculated tax values along with other transaction details. Contact our support team for more information.

Does PayFabric support Level II and Level III transactions?

Yes. PayFabric offers smart field level handling and provides tools to help you qualify your transactions for Level II and Level III rates in order to help you reduce processing fees.

Can PayFabric be configured to allow only a specific form of payment(s)?

Yes, PayFabric provides the ability to enable specific forms of payment(s) from your dash board’s control panel.

Does PayFabric support any payment methods besides credit card?

Aside from credit card, PayFabric currently supports ACH, Google Pay, PayPal & Apple Pay payment methods.

Does PayFabric convert foreign currencies to U.S. dollars or vice versa?

PayFabric processes transactions based on the currency that was submitted from the application. It does not perform any conversion prior to submitting to the payment gateway.

Can PayFabric transactions settle in multiple currencies?

PayFabric does not dictate the currency for settlement. This is specific to your merchant account setup.

Can I process recurring or subscription payments using PayFabric?

PayFabric facilitates transaction processing through the selected payment gateway & processor. The business rules for recurring charges can be implemented at the application level using saved wallet entries from PayFabric. For additional assistance with selecting a recurring payment or subscription billing solution, check out Nodus ePay Advantage.

Can I process ACH payments using PayFabric?

Yes, PayFabric supports eCheck or ACH payments. Please contact us for more information.

PCI & Security

What is PCI DSS?

The Payment Card Industry (PCI) Data Security Standards (DSS) are international technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect credit card data.

Is PayFabric PCI Compliant?

PayFabric is PCI DSS Level 1 Compliant. Please see our supported security documents and card brand listings for additional details.

  PCI DSS Attestation of Compliance

  ASV PCI Scan Attestation of Compliance

  PayFabric’s PCI DSS listings for MasterCard   PayFabric’s PCI DSS listings for Visa

What is PA-DSS?

Acronym for Payment Application Data Security Standard, which define security requirements and assessment procedures for software vendors of payment applications. Use of a PA-DSS compliant application by itself does not make an entity PCI DSS compliant, since that application must be implemented into a PCI DSS compliant environment.

Who does PCI apply to?

The PCI standards apply to all entities that store, process or transmit credit cards, including merchants, software developers and manufacturers of applications and devices used in those transactions.

In general, PCI Security Standards include:

· PCI Data Security Standard (PCI DSS)
· PIN Transaction Security Requirements (PTS)
· Payment Application Data Security Standards (PA‐DSS)
· PCI Point‐to‐Point Encryption Standard (P2PE)

What is a merchant?

For the purposes of the PCI DSS, a merchant is defined as any entity that accepts payment cards bearing the logos of any of the five members of PCI SSC (American Express, Discover, JCB, MasterCard or Visa) as payment for goods and/or services. Note that a merchant that accepts payment cards as payment for goods and/or services can also be a service provider, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers.

What is a service provider?

Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. Examples include managed service providers that provide managed firewalls, IDS and other services as well as hosting providers and other entities. If an entity provides a service that involves only the provision of public network access—such as a telecommunications company providing just the communication link—the entity would not be considered a service provider for that service (although they may be considered a service provider for other services).

What is a payment application?

In the context of PA-DSS (Payment Application – Data Security Standards), a software application that stores, processes, or transmits cardholder data as part of authorization or settlement, where the payment application is sold, distributed, or licensed to third parties.

What is a vulnerability scan?

A vulnerability scan is a computer program designed to assess a merchant or service provider’s systems for flaws or weaknesses which, if exploited, may result in an intentional or unintentional compromise of a system or its data. Vulnerability scans are used as part of validating PCI DSS compliance. PCI DSS Requirement 11.2 requires that external vulnerability scanning be performed quarterly by an approved scanning vendor (ASV) qualified by PCI SSC.

What is an Approved Scanning Vendor (ASV)?

An Approved Scanning Vendor (ASV) is a data security firm using a scanning solution to determine whether or not the customer meets the PCI DSS external vulnerability scanning requirement 11.2. ASVs are qualified by the PCI Security Standards Council to perform external network and system scans as required by the PCI DSS. ASVs may submit compliance reports to the acquiring institution on behalf of a merchant or service provider, if agreed by the ASV and their customer.

What is a SAQ?

The Self‐Assessment Questionnaire (SAQ) is a validation tool for merchants and service providers to report the results of their PCI DSS self‐assessment, if they are not required to submit a Report on Compliance (ROC). The SAQ includes a series of yes‐or‐no questions for each applicable PCI DSS requirement. If an answer is no, the organization may be required to state the future remediation date and associated actions. There are different SAQs available to meet different merchant environments. If you are not sure which SAQ would apply to you, contact your acquiring bank or payment card brand for assistance.

Why should my business comply with PCI DSS?

Compliance with data security standards can bring major benefits to businesses of all sizes, while failure to comply can have serious and long-term negative consequences. Details can be found on the PCI SSC website: https://www.pcisecuritystandards.org/security_standards/why_comply.php

Does using PayFabric satisfy my obligations for PCI compliance?

PayFabric can assist entities with simplifying their scope of PCI compliance by eliminating the processing and storage of sensitive payment data in local environments, however, its use by itself does not constitute PCI compliance. There are other requirements that must be continuously fulfilled within PCI DSS such as annual certification, periodic vulnerability scans, self-assessment questionnaires (SAQ), operational policies and procedures, etc.

How can I review the PCI Data Security Standards (PCI DSS)?

The PCI DSS can be reviewed on the PCI Security Standards Council (PCI SSC) website: https://www.pcisecuritystandards.org/security_standards/index.php

While the PCI SSC sets the PCI Security Standards, each payment card brand has its own program for compliance, validation levels and enforcement. More information about compliance can be found online at these links:

· Visa: www.visa.com/cisp

· American Express: www.americanexpress.com/datasecurity

· Discover: www.discovernetwork.com/fraudsecurity/disc.html

· JCB International: http://partner.jcbcard.com/security/jcbprogram/

· MasterCard: www.mastercard.com/sdp

What are the consequences for not complying with PCI DSS?

Compliance with PCI DSS is a continual ongoing process, not a onetime thing. The PCI Security Standards Council does not manage compliance programs or impose any consequences for non-compliance. Individual payment brands, however, have their own compliance initiatives, including financial or operational consequences to certain business that are not compliant. Merchants who do not comply could face restrictions by the card brands and may be subjected to fines. The PCI Security Standards Council encourages all businesses that store payment account data to comply with the PCI DSS to help lower the brand and financial risks associated with account payment data compromises.

What level of merchant am I under the PCI Requirements?

Merchant levels are determined by the merchant’s annual volume of transactions. Specific merchant levels can be defined using the table below:



Does PCI apply to my business if we only accept credit cards by telephone?

Yes. The PCI standards apply to all entities that store, process or transmit credit cards.

Does my business have to be PCI compliant if we use third-party payment processors?

Yes. Using a PCI validated, third-party company might simplify your business’ scope of PCI compliance and possibly reduce your risk, however it does not constitute PCI compliance for your business.

If our organization has more than one location, does each location have to validate PCI Compliance?

Generally, you are required to validate only once per year for all locations if they process under one Tax ID.

Does the scope for PCI compliance include debit cards?

Payment cards such as credit, debit and prepaid, from any of the five card brands that participate in the PCI SSC, including Visa, MasterCard, American Express, Discover and JCB, are all included within the scope for PCI compliance.

Does an SSL certificate constitute PCI compliance?

Having SSL certificates do not achieve PCI compliance. These are installed onto web servers to initiate secure sessions with browsers. Their inclusion is meant to confirm a website’s operators are a legitimate entity and that a secure connection exists between the user and website. PCI compliance standards require more than a just secure connection, for example, the submission of a SAQ form or quarterly scan by approved vendor.

Does PayFabric provide fraud protection features?

Yes. PayFabric was designed in part to help reduce payment card fraud and improve security. Fraud protection features include AVS, CVV and Zip Code Validation, and more.

What information is allowed to be visible on a customer receipt?

According to PCI DSS 3.3, merchants should mask primary account number (PAN) when displayed (the first six and last four digits are the minimum number of digits to be displayed), such that only personnel with a legitimate business need can see the full PAN. This requirement does not supersede stricter requirements in place for displays of cardholder data – for example, legal or payment card brand requirements for point-of-sale (POS) receipts. The display of full PAN on items such as computer screens, payment card receipts, faxes, or paper reports can result in this data being obtained by unauthorized individuals and used fraudulently. Ensuring that full PAN is only displayed for those with a legitimate business need to see the full PAN minimizes the risk of unauthorized persons gaining access to PAN data. This requirement relates to protection of PAN displayed on screens, paper receipts, printouts, etc., and is not to be confused with Requirement 3.4 for protection of PAN when stored in files, databases, etc.

What is the risk level for merchants who operate from a home business?

The risk level for home businesses is considered very high due to vulnerabilities generally attributed to insecure home networks. These environments often do not safeguard and continually monitor security threats the same as more established businesses. Cyber criminals will often attack systems they feel offer a path of least resistance.

Are entities required to report data breaches?

Yes. There are state laws that require notification to affected parties. Please see the following link for additional details and state laws: http://www.privacyrights.org/

What course of action should I follow if my system is compromised?

Merchants and service providers that have experienced a suspected or confirmed security breach must take immediate action to help prevent additional damage and adhere to Visa CISP requirements. Please see the following link for additional details and steps for compromised entities: http://usa.visa.com/merchants/protect-your-business/cisp/if-compromised.jsp

What are the card holder data storage risks and when does the credit card data get encrypted? Where does the PCI scope begin when using PayFabric?

PayFabric is validated to meet PCI-DSS requirements when it comes to handling credit card data from storage or during transmission for processing needs. You can find a copy of our AOC on our About PCI page. In regards to the PCI scope, PayFabric can help reduce the risk exposure with card data and consequently reduce the effort to validate compliance. For a full scope analysis, it is still beneficial to contact a QSA as they’re best equipped to answer specific questions about your scope of compliance based on your business process.

Integration

How fast can I integrate with PayFabric?

PayFabric can be set up for a simple integration within a couple hours or less by a knowledgeable developer. Of course, projects which are more complex may require more time, but we’ve designed PayFabric to support a Rapid Application Development Model using a RESTful API that requires only a few lines of code to process a transaction.

What platforms, applications and websites can I use PayFabric with?

PayFabric can work with almost any application, platform and/or website, including integrated payment processing solutions, ecommerce sites, online billing solutions, ERP, CRM, mobile apps, and more.

How can I use PayFabric with and without a developer?

Once you create an account, you can process single transactions using the Virtual Terminal in your account’s control panel. If you are signed up with Nodus PayLink, you can also send payment links from your PayLink portal without developers. In order to integrate payment acceptance into your platforms, applications, or websites, any experienced developer can use our RESTful API with easy documentation and sample codes. The process is simple and straightforward.

Can PayFabric’s support team help me integrate if I don’t have a developer?

Generally, PayFabric is happy to review and consider the scope of your requirements. If it makes sense for both of us, we will certainly consider providing development resources for your project. Otherwise, we will recommend you work with an integration consultant or contractor, and we will provide assistance and support as needed.

Data

Who owns the data stored in PayFabric?

You maintain ownership of your data. If you are required to change service providers, we offer portability options that will assist you in migrating data safely and accurately.

What is cardholder data?

At a minimum, cardholder data consists of the full PAN (primary account number). Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name and expiration date.

Does PayFabric require me to store credit cards?

No. Users have the option to save credit cards (or eCheck) for later use. If this option is not enabled, the wallet entry will not be saved.

What are the limits regarding the number of payment cards I can store in PayFabric?

There are no limits against the number of payment cards you can store in PayFabric. You can always request to go to a higher storage plan by simply contacting sales@payfabric.com.

If I decide to move to another service, what does PayFabric do with my credit card data?

We are certain you’ll love the service from PayFabric, but if you ever need to switch, we do offer portability options for existing wallet data. We will provide a recommended data transfer approach to ensure that any data transfer is both secure and in compliance with the PCI Data Security Standards.

Where does PayFabric Cloud Services store its data?

PayFabric is hosted in the US. Currently, we do not provide data storage outside of United States. If you need further information regarding data storage outside of US, please contact us at support@payfabric.com.

Merchant Accounts & Gateways

What is a payment gateway?

A payment gateway is an ecommerce service provider that authorizes electronic payments and processes them with an entity’s merchant account. Payment gateways facilitate the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the Front End Processor or acquiring bank. Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor. It is not uncommon for a merchant account and payment gateway to be set up and managed through a single provider.

Is PayFabric a payment gateway?

Yes, PayFabric is a payment gateway under EVO Payments.

What do I need to do if I do not have an existing Merchant Account?

As a value-added service to PayFabric, we can also perform a statement analysis and assist with setting up merchant account services. We are often able to save customers money on payment processing rates and fees. Contact us for more information or to get started.