Heartland Data Security

Heartland Secure™

Taking the POS out of PA-DSS since 2010.

Heartland offers a suite of data security solutions to help keep software shielded from cardholder data, whether in motion or at rest.

End-to-End Encryption™ (E3)

End-to-End Encryption™ (E3) combines symmetric and asymmetric cryptography to form an "Identity-Based Encryption" methodology which keeps cardholder data encrypted from the moment of the swipe.

Read More


Tokenization replaces sensitive data values with non-sensitive representations which may be safely stored for card-on-file payments.

Read More


EMV, or chip card technology, guarantees the authenticity of the payment card. The microprocessor within a payment chip card provides strong security features and other capabilities not possible with traditional magnetic stripe cards.

Read More

Secure Submit

Secure Submit for web or mobile applications ("card-not-present") leverages single-use tokenization to prevent card data from passing through the developer's webserver.

Read More


Heartland Secure: Out-of-Scope combines all of the components of Heartland Secure into a pre-certified (EMV "Level 3") and PA-DSS validated payment application, exposing a simple API allowing for a semi-integrated interface with a Point of Sale.

Read More

Your application may need to support one or more of these technologies which are exposed through Heartland's comprehensive SDKs.

If your application stores, processes, or transmits cardholder data in clear-text then it is in scope for the PCI Payment Application Data Security Standard (PA-DSS).

If your app is hosted, or sensitive data otherwise enters directly into your company, then both the app and company are in scope for full PCI DSS audits as either a merchant or service provider.

Many Heartland SDKs and APIs also support the transmission of cleartext cardholder data over a TLS-secured channel. Developers whose applications handle cleartext cardholder data will be expected to demonstrate compliance with the PCI PA-DSS. Likewise, third party developers who are planning on handling cardholder data on behalf of other merchants will be expected to demonstrate PCI DSS compliance as a Service Provider prior to completing certification with Heartland.