PCI Compliance and TopsPay

TopsPay helps you stay compliant with Payment Card Industry standards. Here's how:

Orthodontic Businesses in the Payment Card Industry

• TopsPay offices are categorized as E-Commerce/Online businesses.
• Orthodontic offices are considered Healthcare/Retailer businesses.

Processing transactions in TopsPay

• After payment cards are tokenized, TopsPay uses a Virtual Terminal to process payments.

TopsPay and credit card terminals

• TopsPay does not require credit card terminals; it allows you to save payment information offsite - this means that you don't have to worry about a credit card machine connected to a potentially insecure network.
• Because of this you do not have to report manufacturer/model of a credit card machine when asked about your TopsPay PCI compliance.

Storing Credit Card information with TopsPay

• TopsPay stores Credit Card information for you! It is classified as being stored by a third party.
• With TopsPay, your website is hosted and managed by a PCI compliant provider.
• When the Credit Card data is collected, it is collected on a PCI DDS (Payment Card Industry Data Security Standards) validated third party website.

TopsPay transactions and your business

• Your TopsPay merchant account processes payments for your office location only. It does not process transactions on behalf of other merchants or businesses.

Involvement with third party applications

• TopsPay does not use third party software such as Google Pay, Venmo, Cash App or Zelle.

Sharing cardholder data with third party service providers

• What goes in TopsPay stays in TopsPay! TopsPay does not share credit card information with any third party service providers.

TopsPay and network segmentation

• When you are connected to your server in the Tops Ortho application, you are connected to your server alone. No other networks can access your patient information, which means TopsPay utilizes network segmentation.