PCI Compliance & Card Data Security

Last updated: 17 October 2025

RSTEPOS and TapaPay maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS) to ensure all cardholder data is processed securely.

What is PCI DSS?

PCI DSS (Payment Card Industry Data Security Standard) is a global standard designed to protect cardholder information and reduce fraud. All businesses that accept, process or transmit card payments must comply with PCI DSS requirements.

Our commitment to data security

As outlined in our Terms & Conditions, RSTEPOS and our payment partner TapaPay process transactions under strict PCI DSS Level 1 certification — the highest achievable level of compliance. This ensures that all payment data handled via our systems is secured using encryption, tokenisation and restricted access controls.

All TapaPay transactions are processed within PCI DSS Level 1 certified environments.
RSTEPOS point-of-sale terminals and cloud systems do not store or transmit unencrypted cardholder data.
Data is securely transmitted directly to the payment gateway using end-to-end encryption.
Regular vulnerability scans and security audits are conducted to maintain certification.

How your card data is protected

1. Encryption & tokenisation

When you process a card payment using RSTEPOS and TapaPay, sensitive cardholder details are encrypted immediately and replaced with a unique, non-reversible token. This ensures no actual card numbers are stored or visible within RSTEPOS systems.

2. Secure hardware

Our integrated payment terminals are manufactured by PCI-PTS certified partners and comply with the latest security firmware requirements.

3. Regular compliance validation

TapaPay and RSTEPOS undergo routine PCI DSS audits and penetration testing to verify continued compliance and ensure security controls remain effective.

Merchant responsibilities

While RSTEPOS and TapaPay maintain PCI DSS certification for their systems, each merchant is responsible for ensuring that their own networks and environments remain secure. This includes:

Restricting physical and network access to POS equipment.
Maintaining secure passwords and system updates.
Following RSTEPOS and TapaPay setup guidance to ensure full compliance.

Validation & certification

TapaPay holds PCI DSS Level 1 certification as a payment processor, validated annually by a Qualified Security Assessor (QSA). Certification documents and Attestation of Compliance (AOC) are available upon request for audit purposes.

Contact for compliance enquiries

If you require more information or need to verify compliance status, contact our compliance team:

Email: [email protected]

Postal enquiries: RSTEPOS, McLean Rd, Eglinton, Derry/Londonderry, N.Ireland, BT47 3XX.