E-commerce Payment Gateway Documentation – Beta Version 1.0 is now available.
Read Me
FAQMerchant APIHow-ToYour Access

Managed Service

Tietoevry offers EGW as a fully managed service, providing merchants and banks with a reliable, secure, and scalable payment infrastructure—without the overhead of managing underlying systems.

Who it suits

Organization that want to minimize overhead leverage instant scalability, and offload technical complexities. This model is ideal for organizations seeking rapid deployment, continuous compliance, ad a hassle-free payment solution that requires minimal in-house management.

Key Characteristics of Managed Service Deployment

  • Hosted in the EU Region -EGW is deployed within secure public cloud infrastructure located in the European Union, ensuring full adherence to European data protection regulations.

  • End-to-End Management - Tietoevry handles all aspects of solution hosting, including infrastructure, updates, monitoring, backups, and compliance.

  • Zero Infrastructure Footprint - No setup or maintenance responsibilities for the solution owner (e.g.acquiring bank) —Tietoevry takes care of everything.

  • High Availability and Performance - Built on resilient infrastructure with geographic redundancy and SLA-backed uptime guarantees.

  • Effortless Scalability - Scale up as needed without worrying about performance or capacity planning.

  • Continuous Platform Improvements - New features, regulatory updates, and enhancements are deployed regularly with minimal disruption.

PCI DSS Compliance of the EGW Solution

The E-Commerce Payment Gateway (EGW) is fully PCI DSS compliant, ensuring that all cardholder data is processed, transmitted, and stored in a secure and industry-compliant environment.

This compliance applies across all deployment models, whether Managed Service or On-Premises, and reflects Tietoevry’s commitment to maintaining the highest level of payment security and trust.

Scope of PCI DSS Compliance

EGW’s compliance covers:

  • Card Data Transmission and Processing - All card payment data handled by EGW is encrypted and processed within PCI DSS-certified infrastructure.

  • Tokenization and Sensitive Data Protection - EGW supports merchant tokenization and does not store raw cardholder data. All sensitive data is tokenized and encrypted in transit and at rest.

  • Secure Interfaces and APIs - EGW APIs follow PCI DSS security requirements for authentication, encryption, access control, and audit logging.

  • Certified Hosting Environment - The managed service version of EGW is hosted in PCI DSS-certified public cloud data centers located in the European Union.

  • Operational Security Controls

    Including:

    • Role-based access management

    • Strong authentication mechanisms

    • Logging and audit trails

    • Regular penetration testing and vulnerability scanning

Audits and Certification

  • EGW undergoes annual PCI DSS audits conducted by a Qualified Security Assessor (QSA).

  • The solution is listed on Visa/Mastercard’s list of validated service providers (upon request).

  • Documentation such as the Attestation of Compliance (AOC) and Responsibility Matrix is available for solution owner (e.g. acquiring banks) under NDA.

PreviousGDPRNextOn-premises

Last updated

Was this helpful?