This acquisition combines Sphere’s strength in integrated healthcare payments software and technology with Health iPASS’s leading operational and financial technology to create a single platform for patient payments.

Nashville, TN, December 17, 2020—Sphere, a leading provider of end-to-end integrated payments and security software, today announced its acquisition of Health iPASS, an innovative provider of cloud-based patient engagement software and revenue cycle management technology.

Health iPASS specializes in solutions that enhance provider revenue collections and deliver a streamlined healthcare consumer experience from appointment to final payment. The software helps providers accelerate cashflow, reduce the cost to collect, lower claim denials, and improve patient relations. The technology improves the healthcare consumer experience by simplifying the check-in process and payment experience by facilitating pre-service, time-of-service and post-service engagement and patient payments through an innovative, multi-channel virtual software interface.

“Recent events have accelerated healthcare providers’ need for virtual interactions with their patients throughout the patient experience. The Health iPASS software platform addresses those needs by streamlining the check-in and financial engagement workflow to increase provider revenue and improve patient communications,” said Andrew Rueff, Executive Chairman of Sphere. “This strategic acquisition builds upon Sphere’s strong presence in the healthcare market and adds a highly relevant and unique set of software solutions to address the growing demand for improved patient engagement and payment experience in healthcare.”

“As a leading patient engagement and revenue cycle platform, Health iPASS is a tremendous fit with the strategic direction of Sphere to further our capability within healthcare and wellness,” said Steve Rizzuto, Chief Executive Officer of Sphere. “Additional healthcare integrations expand our opportunity to offer our payment solutions to the healthcare marketplace. With their unmatched technology, common vision and reputation for excellence, we are excited to welcome them to the Sphere organization.”

“The Health iPASS team has built a tremendous business with innovative technology and has reached a point where we will benefit from broader distribution channels, an in-house acquiring platform and a global brand. These gaps are filled when combined with Sphere,” said Rajesh Voddiraju, Founder and Chief Executive Officer of Health iPASS. “We are aligned in vision, aspiration for growth and believe the future investment will help us capture significant market opportunity.”

The Health iPASS patient friendly platform supports more than 850 payers, 90 practice management systems and is payment processor-agnostic. The company’s commitment to personalized client support will remain unchanged as Health iPASS clients will remain with their existing relationship team.



About Sphere
Sphere is a software and financial technology company providing integrated solutions that reduce friction and facilitate better and more secure commercial interactions with customers in primarily healthcare and non-profit. Sphere’s integrated payments technology and security software enable its clients to process payments in a way that is highly secure and compliant; integrated with their core business software; omnichannel to accept payments anytime, anywhere; and processor-neutral. Sphere’s partner-centric focused payments solutions serve small, midsize and enterprise level businesses and software companies in the U.S., Canada, and Australia. Follow us on Twitter and LinkedIn. For news and thought leadership, visit the Sphere Blog.
About Health iPASS
Health iPASS is an innovative provider of cloud-based patient engagement software and revenue cycle management technology. Health iPASS’s solutions enhance provider revenue collections and deliver a streamlined healthcare consumer experience from appointment to final payment. Health iPASS’s software platform simplifies the check-in process and payment workflow prior to and at time-of-service. The technology also streamlines post service payment collection through an innovative, multi-channel, virtual software interface. Health iPASS is committed to delivering better check-ins for patients and better revenue for medical practices.

This is a guest post from Vincent Martino, Chief Product Officer & Co-Founder of  VisitPay.

In this Q&A, Vincent Martino shares how VisitPay helps simplify and consolidate the patient experience. He also discusses the value of choosing a technology compatible with Sphere to ensure your organization continues to manage a single, integrated experience.

Why are health systems choosing a platform like VisitPay?

Vincent Martino: Health systems are choosing VisitPay primarily for the increase in patient satisfaction we drive combined with the resultant increase in cash payments.  The platform provides patients a consolidated billing process that creates an unparalleled amount of transparency, which in turn creates more loyal and better-paying patients.  Our clients Net Promoter Score (NPS) for their billing experience is in the 40’s, which is three times higher than the average across healthcare.  Bills are also higher than they have ever been, and providers have a need to deploy more advanced strategies and capabilities to manage this growing and difficult to collect asset.  The VisitPay team offers a tremendous amount of consumer finance experience to help guide and advise client-specific strategies, which can be enabled and delivered through the platform.

What teams in the health system are typically driving that work?

Martino: We team up with teams across the entire health system.  Of course, the CFO and rev cycle organization are key partners – VisitPay offers a lot of flexibility in terms of how it’s deployed, and many of the financial offer decisions will be driven by these teams.  Oftentimes the consumer experience team will also influence or drive some of the configurations.  The patient billing experience is complex and also is viewed as an increasingly important part of the overall healthcare experience.  Therefore we also partner with the information and technology groups, patient access, the treasury department, and the marketing departments.

What are the implications of this from a payment processing experience?

Martino: It’s important to create cohesive, system-centric experiences for your patients and operational efficiency for your staff.  Finding a patient financial experience company that can effectively partner and collaborate with the different teams within your healthcare system is very important – and it’s vital that your partner can drive alignment when you need them to do so.

Why is it good to have a single payment environment?

Martino: Having one integrated payment solution from end to end is a good thing for a health system and for your patients.  It provides the most efficiency for your staff in terms of posting, reconciliation, and reporting.  And it provides the best experience for patients by providing a single place to save payment method information.

Any industry trends in payments? Any that could influence change?

Martino: Prior to COVID, we were already seeing a trend around contactless payment and “login-less” payment, and the two essentially go together and can be one and the same. And COVID has only accelerated the need for contactless payments.  Every consumer today essentially has a “payment device” in the mobile phone they carry with them everywhere they go. VisitPay has deployed multiple novel ways to pay from that device, which are all contactless in nature.  One specific payment option we offer is “Text To Pay,” which serves as both a contactless and “password-less” way to pay.  VisitPay developed and now offers Text to Pay in partnership with Sphere.  This provides the patient with an automated text when a balance is due and provides them a way to pay their bill securely, without needing to log into an application to do so.   In general, we are seeing more consumers willing to pay from their mobile device using a variety of payment options – some of our clients have over 60% of their consumers paying via mobile devices.

How do these changing trends impact the people running infrastructure?

Martino: I think the organization should continually be looking to deploy new technologies that provide easier and better ways to pay bills.  That said, ideally, newly added technologies shouldn’t create an added process or management burden for the organization that manages the infrastructure.  There are vendors in the market that seamlessly combine technologies onto one platform to ensure efficiency for your team.  When assessing the market, be sure to ask if all payment technologies are centralized on a common processing, reporting, and reconciliation platform.


To learn more about VisitPay and Sphere solutions, such as Text to Pay, request a demo.

Health systems have been hard hit by the economic impact of COVID-19. Unfortunately, bad debt will rise for providers as patients prioritize their bills, oftentimes putting medical bills last.

Ryne Natzke, Vice President of Strategic Accounts and Healthcare at Sphere joined Vince Martino, Chief Product Officer & Co-Founder at VisitPay to discuss 3 ways to reduce cost and recover patient revenue during a recession.



Want to learn more about Sphere and VisitPay? Read Sphere’s interview with Vince Martino, Chief Product Officer  of VisitPay.

Sphere and Unified Practice now offer secure, integrated payments solutions to the Holistic Medicine market.

Nashville, TN, July 7, 2020Sphere, the leading provider of end-to-end integrated payments and security software, today announced it has made a strategic investment in Unified Practice, a leading technology company that provides a fully integrated practice management and EHR system within the Holistic Medicine market. This relationship advances Sphere’s broader strategy to expand and deepen its integrated payment solutions within high-growth vertical markets, specifically healthcare.

Based in Denver, Colorado, Unified Practice provides a clinic management system for independent clinics offering Traditional Chinese Medicine (TCM), massage and physical therapy. Their innovative technology gives practices the tools to manage their clinic all in one place. Unified Practice will offer clients Sphere merchant processing and secure gateway, leveraging frictionless boarding to facilitate easy onboarding.

A single source for technology and merchant processing, Sphere’s secure payment platform supports:

  • Card-present and card-not-present transactions
  • Tokenization for secure data storage, card on file, and recurring payments
  • Validated Point to Point Encryption

“Unified Practice’s reputation for providing innovative technology and superior service makes them a natural fit for Sphere,” said Steve Rizzuto, Chief Executive Officer of Sphere. “The combination of Sphere and Unified Practice solutions will deliver a user-friendly and secure payment experience that is highly efficient. We are thrilled to have Unified Practice leverage Sphere’s technology platform.”

“A strategic partnership with Sphere was a no-brainer for us.” Peter Ungureanu, Chief Executive Officer of Unified Practice said. “By combining our innovative technologies, we’re able to provide our clinics with a seamless end-to-end payment processing system that streamlines the checkout process. Unified Practice’s main goal is to make managing clinics as easy as possible for our practitioners and having an integrated payment processor like Sphere in place is an important piece of that goal.”




About Sphere
Sphere, powered by TrustCommerce, is a software and financial technology company providing integrated solutions that reduce friction and facilitate better and more secure commercial interactions with customers in specialized vertical markets, primarily healthcare, non-profit, transportation and education. Sphere’s integrated payments technology and security software enable its clients to process payments in a way that is highly secure and compliant, integrated with their core business software, omnichannel, and processor-neutral. Sphere’s partner-centric focused payments solutions serve small, midsize and enterprise level businesses and software companies in the U.S., Canada, and Australia. Follow us on Twitter and LinkedIn. For news and thought leadership, visit the Sphere Blog.
About Unified Practice
Unified Practice is a technology company that provides a fully integrated clinic management software for TCM practitioners. At its core, Unified Practice builds technology that synchronizes and supports the complex work of Chinese Medicine practitioners from streamlining, scheduling and patient care, to unifying administrative functions and practice management. Designed to work the way practitioners think, Unified Practice understands practitioners’ unique processes to provide the support necessary to harmonize their work lives. Follow us on Facebook and Twitter. For news and updates, visit the Unified Practice blog.

By Dr. Heather Mark, CCEP

In the wake of the COVID-19 pandemic, fraudulent activity and scams have been on the rise.  As a result, scammers are looking for ways to test their stolen card information.  One way they do that is to find portals or e-commerce sites that have payment forms and use those forms to “test” cards.  This is done by running hundreds or thousands of small transactions to see if they will be authorized.  If these small transactions are authorized, the criminals assume the card is “good.”  Meanwhile, the merchant may not know that this has happened until an expensive invoice is received for those “auths.”

In order to combat these types of scams, here are three ways merchants with an internet presence can mitigate their risk proactively:

  • Implement CAPTCHA – CAPTCHA is an easy test that users take on web-based forms to prove that they are not a “bot.” These may include simple math questions or identifying pictures from an array.  This simple step allows merchants to filter out bad actors and helps to ensure that their payment site is not being misused.
  • Use TC CrediGuard TC CrediGuard is a product offered by Sphere that allows merchants to set parameters for certain transaction patterns. Merchants can set TC CrediGuard to deny transactions based on a set of predetermined criteria.  For example, a merchant may set parameters to deny transactions after five attempts from the same IP address within 7 minutes.  Or, if the IP address of a bad actor is known, a merchant may block that specific IP address.
  • Add a Log-in Screen – Payment forms that reside in front of a log-in page may be more convenient for your customers, patients, or donors, but it can also make it easier for criminals to use that payment screen as a tool for testing card numbers.  By adding a log in screen, you create a barrier that may protect your business from becoming a target for these types of schemes.

By implementing these recommendations, merchants can take significant steps towards mitigating the likelihood of a Primary Account Number (PAN) or Card Testing event.

To learn more about secure online payment solutions and fraud reduction tools, please contact a Solutions Consultant at 800.915.1680, option 2 or

Solution delivers safe and compliant ways for veterinary practices to take payments via many channels that automatically post to practice management software.  

Nashville, TN, June 18, 2020—Sphere, the leading provider of end-to-end integrated payments and security software, and Sikka Software, a market leader in advancing retail healthcare connectivity, today announced their integrated payments platform called Sikka Payments is now available for the veterinary market.

Sikka Payments joins Sphere’s technology and merchant processing with Sikka Software’s innovative practice solutions to streamline collections and payment acceptance. The solution enables veterinary practices to accept client payments securely from a variety of channels.

As practices are now adapting to accommodate social distancing, the need for flexible, self-service methods for clients to pay is paramount.  Whether in person, online, mobile, text and/or card on file, the innovative Sikka Payments platform delivers safe and compliant ways for vet practices to take payments. These transactions automatically post back to the veterinarian’s compatible practice management software (PiMS) for greater efficiency.

Features include:

  • Flexible modes of payments for the pet parents, including mobile, SMS and web-based, to enable payments on the go.
  • Easy-to-use desktop application that sits next to the PiMS so everything is on a single screen. Payments are posted automatically back to the PiMS in real-time.
  • Supports tokenization and validated point-to-point encryption to enable secure card on file payments and safe transaction processing.
  • Ability to create set it and forget it installment plans. For those who cannot pay in full at the time of service, customized, automatic payment plans can improve collections.
  • Push requests for payments, allowing clients to complete the payment on their phone without the need to come to a waiting room or shared card reader.

“While self-service payments have been on the rise for years, the current environment has greatly accelerated the need to allow customers to pay with their mobile devices.  The work we have done with Sikka has prepared clients to quickly adapt, allowing them to continue to collect payments as interaction within their waiting rooms and front desks has been reduced,” said Steve Rizzuto, Chief Executive Officer of Sphere.

“The payment experience is undergoing fundamental changes for veterinary practices, particularly in the era of social distancing,” said Vijay Sikka, Chief Executive Officer of Sikka Software. “Sikka Payments, powered by Sphere, will provide pet parents with the flexible methods they need to pay their vet bills, and at the same time, automate many of manual processes at the front desk. No solution in the market enables the level of 360-degree integration offered with Sikka Payments.”

To learn more, visit: Sikka Payments for Veterinarians


About Sphere
Sphere, powered by TrustCommerce, is a software and financial technology company providing integrated solutions that reduce friction and facilitate better and more secure commercial interactions with customers in specialized vertical markets, primarily healthcare, non-profit, transportation and education. Sphere’s integrated payments technology and security software enable its clients to process payments in a way that is highly secure and compliant, integrated with core business software, omnichannel, and processor-neutral. Sphere’s partner-centric focused payments solutions serve small, midsize and enterprise level businesses and software companies in the U.S., Canada, and Australia.


About Sikka Software
Sikka Software is helping to rethink the retail healthcare market using a single API cloud platform with Artificial Intelligence and Predictive Analytics. Focusing on non-physician practices in dentistry, audiology, veterinary, optometry, chiropractic, orthodontic and oral surgery etc., Sikka Software now has over 34,000 practice installations on its platform. These are businesses where the primary skilled worker is also the owner who needs tools to digitize their practice and help them make more real-time, optimized decisions. Sikka Software API and cloud platform connect to 90% of the retail healthcare market including practice management systems and financial software. For more information, please visit

Advantages of Adopting Flexible Payment Methods in Healthcare

By Ryne Natzke, Sphere and Vince Martino, Chief Product Officer, VisitPay

PaymentsJournal, a leading payments and banking news and information portal, recently published an article co-authored by Ryne Natzke, Vice President of Strategic Accounts and Healthcare at Sphere and Vince Martino, Chief Product Officer, VisitPay.

Click to read the full article.

Below is an excerpt.

In healthcare, the payment process differs from virtually all other industries in one significant way: patients do not pay for the bulk of the service received themselves because their insurance companies do.

American healthcare consumers have come to expect that their insurers will handle most billing issues with their medical providers. However, the responsibility has started to shift in recent years.  Patients are increasingly paying more of their own medical costs due to rising health insurance deductibles and escalating out-of-pocket expenses.  This year, for example, individuals with commercial insurance will be responsible for 20% to 35% of the cost of the healthcare they receive. For hospitals and health systems, this means that 20% to 35% of their total revenue must now be collected directly from the consumer. …

This is a guest post by Barnard Crespi, Co-Chief Executive Officer of Datatel. Datatel is integrated with Sphere for secure payment acceptance via Datatel’s IVR solutions.

Learn how IVR Payment Solutions Can Help Healthcare Providers Relieve the Stress on Staffing and Business Operations Caused By the COVID-19 Pandemic

The COVID-19 pandemic has drastically impacted the functioning of healthcare providers across the board. Business leaders have been forced to recalibrate their entire operations, quickly activate business continuity plans, make staff reductions and/or reallocations and implement work-at-home policies where viable. The ability of healthcare providers to respond promptly to their patients’ phone inquiries, prioritize payment calls and maintain PCI compliance and data security as staff works from home can be compromised by the need for on-the-fly re-architecture of business and security processes to respond to rapidly changing developments.  For those healthcare providers seeking a solution to what might very well end up becoming a long-term issue, IVR payments can be a vital payment acceptance solution.  Implementation of IVR payments can help healthcare providers relieve the stress caused by the need for significant staff changes while enabling them to continue processing patient payments.  All this without compromising customer service or PCI compliance.

IVR Payments  (Interactive Voice Response) is a technology that allows patients to make payments over the telephone by interacting with an automated system, as opposed to having to  provide their payment card information  to a live agent. Because it is fully automated, an IVR payment solution can operate 24/7 as opposed to being limited to a business’s normal hours of operation (“normal” being an ever-evolving concept in these uncertain times). And for those healthcare providers that for various reasons still require the involvement of an agent or staff member in the process, IVR can be deployed in such a way as to allow representatives to speak to patients and then  transfer the call seamlessly when it’s time to collect and process the caller’s payment information.

Types of IVR Payment Solutions

There are two primary types of IVR payment solutions.

  1. Customer (Patient) Self-Service – IVR Payment Solutions:

With Customer (Patient) Self-Service IVR payments, your patients call into your organization’s existing phone number and select “Payments” from your front end phone menu (e.g. “To Make A Payment Now, Press 1”. You can set it as 1, 2 or 3 which ever works best for your organization). Your phone system will transfer the call to your DatatelPay-By-Phone line, which is branded and configured to your specifications. Your patients can make a payment using their payment card, in a PCI compliant environment with transactions processed in real-time to your Sphere, Powered by TrustCommerce account. Datatel’s IVR Payment platform is integrated to the Sphere/TrustCommerce gateway so organizations can process payments securely. Sphere’s experience in integrating patient payments for hundreds of leading health systems over the last 15+ years gives comfort to patients and providers that their data will be kept secure.

  1. Agent Assisted – IVR Payment Solutions

While your representative is speaking with a patient, he or she can transfer your patients to the DatatelPay-By-Phone line when it comes time to collect the patient’s payment information. Your representative can then exit the call, thereby ensuring the confidentiality of your patients’ payment card information. This solution leaves your patients confident that their information is safe and secure and you can rest easy in the knowledge that your phone payment solution support your PCI compliance.

Datatel’s IVR Payment Solutions can help you manage call payment activity efficiently and securely. Among its many advantages are:

  • Your patients can securely make phone payments 24/7, outside your regular business hours
  • The stress on your staff is reduced and your operations are more efficient and responsive by not having to devote time to handling payment-related calls. This can also work with representatives who are re-deployed to work from home.
  • Compliance with industry security requirements (PCI and HIPAA) and keeps you in compliance while you re-deploy your workforce.
  • Transactions flow directly into your existing Sphere, Powered by TrustCommerce account without having to make any changes.
  • Datatel posts the payment information back to the EHR automatically.
  • Datatel IVR solutions can be deployed in a matter of days. Depending on the complexity of the deployments, implementation times can take as little as 5 to 12 business days.

We are hopeful that with the efforts of medical experts and scientists globally, the current COVID-19 pandemic and the impact that it has on all of our lives will begin to subside. Businesses and organizations that are  burdened with coping with all of the implications need to make sure that they are not just making decisions that help them navigate the here and now, but that will also serve them well when things eventually return to normal (or whatever the new normal ends up being).

In turbulent times like the ones we are experiencing, when the situation changes throughout the day and reaction time is of the essence, our experienced and dedicated teams of IVR Payment Solutions specialists can have your IVR Payments Solution up and running in a matter of days with no need for any hardware or software for you to buy or install. Contact us, we are here to help.



As governmentcity and other civic agencies enact restrictions on businesses in an effort to safeguard the public and prevent the spread of germs, exceptions have been granted for what most are calling essential businesses or essential jobs. Examples include grocery stores, medical offices, postal services, childcare or senior care centers, transportation providers and more.  

While these businesses and service providers remain open to patrons, it’s important to practice safe social distancing and limit the amount of contact made, including during each payment transaction.  

Here are a few ways essential businesses and consumers can limit contact when a transaction takes place: 

Contactless Payment Solutions 

The spread of germs through cash and cardpresent transactions is top of mindContactless payment methods, such as with payment cards enabled with NFC chips, or smartphones enabled with Apple Pay or Google Pay*, help merchants and customers avoid physical interaction. When choosing a terminal for your business, consider its contactless capabilitiesWhile the adoption of contactless payments has been a trend recently, the popularity of this type of transaction is paramount in a time where the spread of germs is a heightened concern. 

No Signature Required 

Don’t forget, as of 2018, the card brands (Visa, Discover, MasterCard, American Express) no longer require signatures when making a purchase with a credit cardThere’s no need to have pens available for customers to use to signThis simple step can give everyone peace of mind. 

Pay Before You Go 

A popular way to reduce contact is to allow customers to prepay for goods and services when possible via a remote payment option such as an online payment, text to pay, or over the phone.   

Properly Clean Equipment 

Some contact with devices is unavoidable. Most device manufacturers are offering guidance on how to properly clean your equipment. In addition, consumers and employees can help by making sure to clean s payment cards regularly, practice safe social distancing, wiping down checkout counters and surfaces, and washing hands between each transaction.  

Wrap Up 

As businesses start to reopen their doors and social distancing recommendations start to ease, there may still be a demand from cautious consumers to limit any potential interactions. There is no way to know what consumer behaviors will last beyond the current environment. Its a good idea for businesses to make these features available to consumers who wish to continue to minimize contact with others even after all restrictions are lifted.  

*NFC/Contactless is limited to hardware manufacturer device capabilities and/or authorization network EMV certifications.

By Dr. Heather Mark, CCEP

Over the course of the last seven weeks, the business world has undergone a seismic shift.  Remote work, which had its advocates and detractors over the last two decades, has become a necessity.  The technology exists to make this happen, and while it hasn’t been without its obstacles, we’re living a real-time experiment in how connected we can be in isolation.  Transitions and adjustments are being made to workflows and business operations to account for this new environment.  With all these changes being made so rapidly, it can be easy to lose sight of the fact that our compliance and security obligations have not changed, particularly around the protection of sensitive data (PII, PHI, etc.). That can sound daunting, but there are steps that we can all take in our remote offices to help ensure support the continued security of patient and payment related data.

  1. Use a secured WiFi network and VPN – a secure WiFi network uses a password and encryption to protect access to the network and the data that travels over the network. WPA2, or WiFi Protected Access 2, is the currently accepted security protocol for wireless networks. VPN will provide a secure connection between your computer and the company’s network.
  2. Change default passwords on home networks – when setting up your home network, make sure that you change the default passwords set up for routers, access points, and similar devices. These are often set by vendors and are easily guessable (e.g. admin, password, default).
  3. Make sure devices used for remote work have secure configurations – any devices used for working at home should have personal firewalls installed and operational. Antivirus should be installed and current and all the appropriate security patches should be installed.  These applications should be configured in such a way that they cannot be disabled by the user.
  4. Keep your work and home life separate – make sure that you’re not using personal devices for work activities and vice versa. If you do use a personal device, for example a phone, for work, make sure that you keep a separation between work information and personal activities.
  5. Maintain vigilance about malicious emails and information security – particularly during these unsettling times, hackers are looking for the easiest way into a network. That means getting people to give them access (by clicking links or opening attachments) instead of having to “break in.”  All of the same security and compliance processes and practices that apply in the office must also apply in the remote office.

It’s also important to work with partners that can support secure payments anyway you need to take them – via virtual terminal, IVR or, e-commerce.  Restricting access to payment data by using tokenization and token vaults for stored payments, and requiring multi-factor authentication for access to payment applications and data can all help to ensure that we all remain committed to securing payment data, even in non-traditional environments.

By Dr. Heather Mark, CCEP

The complex puzzle of PCI DSS compliance can be made more challenging for merchants when they introduce the wide variety of service providers that they use in order to service their customers.  Increasingly, Independent Software Vendors (ISVs) are working to simplifying their merchants’ burdens by introducing integrated payment functionality.  In essence, the ISV is presenting a one-stop opportunity for merchants to support their business management objectives – be it through back office support, inventory management or billing – while also enabling payment functionality.  In doing so, the ISV may inadvertently become the de facto resource for merchants on all things PCI DSS related.  So, what are some things that ISVs can do to help support their merchants in achieving and maintaining PCI DSS compliance.

#1 – Understand your own PCI DSS compliance obligations and status

It isn’t uncommon for an ISV to be new to the payments ecosystem. Even for those companies that are deeply ingrained in the payments chain, the compliance and security obligations facing payments companies can sometimes get confusing.  As an ISV, it is important to understand whether your integration of payment functionality renders you a Payment Service Provider, as defined by the PCI SSC.  A Payment Service Provider is an entity that stores, processes, or transmits cardholder data on behalf of another entity, or can impact the security of the transaction.  If the ISV integrates payments in such a way as to fall into that scope, then the ISV must validate compliance with the PCI DSS.  Merchants must use PCI DSS compliant service providers, so it’s important that ISVs are prepared to provide their Attestation of Compliance (AOC) to their merchants.

If the ISV is able to offer payments functionality without falling into the Payment Service Provider scope, then the entity must be able to clearly articulate how they are able to maintain that status.  For example, if the ISV has partnered with another PCI-compliant service provider to offer a hosted payment page, and the ISV does not host, nor does it redirect to that page, then it may be possible to remain out of scope. This is dependent on the ISV integration and the current guidance from the PCI SSC and the card brands.

#2 – Implement Industry Best Practice Even if You’re Not in Scope

Even if an ISV is able to maintain a posture that keeps it out of scope for PCI DSS, it is important to maintain industry best practice for data security and privacy.  Having good security practice is not just necessary for those companies that are obligated to  PCI DSS.  Most states have data breach notification laws that offer safe harbor for encryption of sensitive data, as long as the encryption keys are not also exposed.  Additionally, states are rapidly moving towards the adoption of privacy laws, most of which have data protection requirements.  Maintain compliance with industry standards such as PCI DSS, even in the absence of card scheme requirements, can put an ISV, and by extension their clients, in good stead with respect to existing and forthcoming regulatory requirements.

#3 – Explain the Payment Integration Options that You Offer and their PCI Implications for Your Merchants

For ISVs that are looking to add payments functionality, it’s important to understand how that choices you make about the payment solutions you integrate cascade down to merchants.  For instance, if an ISV integrates a hosted payment page the likelihood that the merchant will be able validate their own compliance using the SAQ-A is fairly high.  However, if an ISV integrates and offers a redirected page, the merchant is more likely to be required to validate using an SAQ A-EP, which is a much longer questionnaire.  Both may be valid choices for a variety of reasons, but ISVs should understand the implications on their merchants

#4 – Clearly Communicate Who Owns What Responsibilities

The interplay between merchants and service providers can be complex, particularly if merchants are able to select services and features a la carte.  This can lead to uncertainty as to which entity might own responsibility for various security controls.  ISVs can demonstrate partnership with their merchants by providing a “shared responsibility” matrix.  The matrix doesn’t need to be very complicated, but it should clearly delineate which PCI responsibilities belong the ISV and which belong to the client.  Since all merchants must comply, and any business with a Merchant Identifier (MID) must validation compliance, this documentation can significantly simplify their own process of PCI compliance management.

PCI DSS compliance is a fact of life for any participant in the payment system.  Understanding how your decisions as an ISV can impact the compliance standing of your client portfolio can help you make more informed decisions about the solutions that you implement and may simplify the compliance and validation process for your merchants.

Gives software vendors the power of accepting payments via many channels through one single integration.

Nashville, TN, April 8, 2020—Sphere, Powered by TrustCommerce, a leading provider of end-to-end integrated payments and security software, today announced it has launched a Hosted Multi-Channel Payment suite. This solution gives software vendors the power of accepting payments via multiple channels through one simple integration.

The ability to accept payments within a  Software as a Service (SaaS) solution is essential. With consumer demand for anytime, anywhere payments, Sphere has developed a Hosted Multi-Channel Payment Suite with one of the simplest integrations on the market. One integration into our robust hosted payment form connects independent software vendors (ISVs) to many payment acceptance channels: countertop EMV, call center/back office, and traditional online/ecommerce transactions. These solutions are highly customizable, ensuring branding continuity and a seamless user experience. A full sandbox environment is available as well as sample code assistance.

Using a hosted model, sensitive payment data stays out of software vendor environments, helping to protect transactions and reduce PCI scope. To help further mitigate risk and exposure, the Hosted Multi-Channel Payments Suite supports PCI Validated Point-to-Point Encryption.

Security features include:

  • Tokenization for recurring and subscription payments
  • Validated Point to Point Encryption
  • Velocity controls to reduce fraudulent activity
  • Recaptcha

Because Sphere is a gateway and merchant services provider, we are a single source for payments, reducing moving parts and avoiding potential points of interference.

“No other platform gives software vendors more choice, less development effort, and greater opportunities for immediate revenue,” said Steve Rizzuto, Chief Executive Officer of Sphere.

“With decades of experience working with developers and integration partners, the TrustCommerce Gateway offers a wide range of products and integration methods,” said Curtis Bauer, Chief Product Officer of Sphere. “Our new Hosted Multi-Channel Payments Suite represents a revolutionary next step in the evolution of hosted payments.”

To learn more, read the product fact sheet.


About Sphere
Sphere, powered by TrustCommerce, is a software and financial technology company providing integrated solutions that reduce friction and facilitate better and more secure commercial interactions with customers in specialized vertical markets, primarily healthcare, non-profit, transportation and education. Sphere’s integrated payments technology and security software enable its clients to process payments in a way that is highly secure and compliant, integrated with their core business software, omnichannel, and processor-neutral. Sphere’s partner-centric focused payments solutions serve small, midsize and enterprise level businesses and software companies in the U.S., Canada, and Australia. Follow us on Twitter and LinkedIn. For news and thought leadership, visit the Sphere Blog.