Card brands receive trillions of dollars in payments worldwide (VISA data 2021) and these figures are based on the trust that the cardholder has to place their card data for purchases of goods and services in present and non-present card channels.

IQ Information Quality has fourteen years of experience in providing security services in digital payments for Latin America and the Caribbean, approved by the PCI SSC (PCI Security Standard Council), to perform the evaluation of compliance with international standards (PCI DSS, PCI PIN, PCI 3DS) that protect payments made with cards (VISA, Amex, Master, Discovery) in card present (POS) and card not present (e-commerce and telephone) environments.

PCI standards are industry best practices to protect any electronic transaction where sensitive data must be protected and can be used to secure other payment ecosystems such as:

  • Private Cards
  • BNPL (Buy Now Pay Later)
  • International Wire Transfers
  • Person-to-Person P2P payments
  • Toll Payment
  • Loyalty points
  • Cryptoassets.

In any payment your customers make, there is sensitive card data information that must be protected.


The use of the BNPL option grew significantly in the Covid Pandemic as an option for customers to acquire products and services with the possibility of obtaining the product immediately and paying its value in installments.

In this sense, companies emerged that provide BNPL services with direct sales and/or affiliate businesses that sell products and services based on this purchasing model.

In the BNPL model with merchant acquiring, the mechanism for sending the necessary information for the BNPL company to carry out the transaction must be integrated into the merchant's portal. Depending on the integration of the merchant with the BNPL company, a series of requirements must be taken into account to mitigate the risk of:

  • Redirection of the client to a fraudulent portal where personal data can be captured.
  • Capture of sensitive information by not properly protecting the information when sending it to the BNPL portal.

Risks in the private card payment ecosystem are:

  • Leaks of sensitive cardholder information that generate reputational losses for the card issuer.
  • Changes in transaction data with man-in-the-middle attacks.
  • Compromises in the systems that perform transactions that can lead to fraudulent transactions.
  • The services that support the protection of private cards are:
  • Identification and documentation of information flows in processes where sensitive private card information is used.
  • Scope identification and validation
  • Identification of the controls that apply to the scope according to the best practices of the PCI standards.
  • Diagnosis with respect to PCI standards.
    Validation and support in the action plan to close the findings. Third party audit to validate compliance with controls.

Your mission:

Start NOW to protect your customers and your business.