Certifications
PAYETHOS is certified to protect your data
DigiCert / TLS Encryption
What it is:
SSL/TLS certificate authority ensuring 128–256-bit encryption and trusted endpoints.
PAYETHOS status:
Fully compliant
Our Data Privacy & Information Security Policy mandates TLS encryption across all public networks and prohibits insecure protocols.
Compliance details:
- TLS 1.3 encryption maintained across all environments
- DigiCert-verified SSL certificates
- Documented quarterly in PCI DSS 4.0.1 Vulnerability Scan Reports
EMV (Europay, Mastercard, Visa)
What it is:
Chip transaction certification ensuring secure in-person card payments.
PAYETHOS status:
Functionally EMV-ready through REPAY/TSYS/ScanSource.
Our TSYS KSI Request Form confirms DUKPT key encryption and EMV-compliant device handling.
Compliance details:
- All supported terminals are EMV Level 1 & 2 certified through REPAY’s network
- No separate corporate EMV certification required
Healthcare Payments P2PE (PCI-Validated v3.1)
What it is:
End-to-end point-to-point encryption certified by PCI Security Standards Council.
https://www.pcisecuritystandards.org
PAYETHOS status:
Operationally certified under PCI DSS v4.0.1 and integrated into PCI-Validated P2PE (v3.1) solutions through REPAY / TSYS.
Compliance details:
- PCI-Validated P2PE (v4.0.1, Level 1 Service Provider)
- Hardware and software encryption validated by PCI SSC
- Equivalent or superior to InstaMed’s encryption model
HIPAA / HITECH
What it is:
U.S. law governing PHI (Protected Health Information) security and breach response.
- HIPAA Overview: https://www.hhs.gov/hipaa
- HITECH Act: https://www.hhs.gov/hipaa/for-
professionals/special-topics/ hitech-act-enforcement- interim-final-rule
PAYETHOS status:
PAYETHOS is PCI DSS v4.0.1 validated and does not store, process, or transmit cardholder data. All payment data is securely handled by REPAY and Qualpay, both PCI-certified processors.
Compliance details:
- All PHI-equivalent data encrypted in transit and at rest
- Business Associate Agreements (BAAs) maintained with REPAY, ScanSource, and healthcare clients
NACHA
What it is:
Governs ACH (bank-to-bank) payments under U.S. Federal rules.
PAYETHOS status:
Functionally compliant under CBCal sponsorship and Account Settlement Procedures.
Compliance details:
- Adheres to NACHA Third-Party Sender and Third-Party Service Provider standards
- Annual NACHA Rules Compliance Audit scheduled post-launch
PCI DSS (Level 1 v4.0.1)
What it is:
Global data security standard for payment processors.
https://www.
PAYETHOS status:
Fully certified as a Level 1 Service Provider under PCI DSS v4.0.1 by 0 Tolerance Security (QSA).
Certification details:
“PAYETHOS does not store, process, or transmit cardholder data. All processing is managed by REPAY and Qualpay (both PCI DSS–compliant). PAYETHOS is completely out of scope of the Cardholder Data Environment.”
Status: Equivalent or superior to InstaMed’s PCI validation.
0 Tolerance Security (QSA)
What it is:
Qualified Security Assessor (QSA) firm recognized by the PCI Security Standards Council.
https://zerotolerancesecurity.
PAYETHOS status:
Certified through 0 Tolerance Security.
They conducted our PCI DSS v4.0.1 audit and maintain ongoing compliance oversight.
Compliance details:
- PCI DSS Level 1 QSA audit and Attestation of Compliance
- Quarterly vulnerability scans and annual penetration testing
- Recognized by PCI SSC as an Approved QSA