How Vori handles card payments
Vori never stores, processes, or transmits cardholder data. All credit and debit card transactions are handled entirely by the payment terminal using point-to-point encryption (P2PE). Card data is encrypted at the terminal the moment a card is dipped, tapped, or swiped, and is sent directly to the payment processor — it never passes through the Vori POS software or Vori’s servers. Because Vori never touches card data, a compromise of the store’s local network would not expose any credit card information.What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements established by the PCI Security Standards Council. Any business that stores, processes, or transmits cardholder data must comply with these standards.Who is PCI compliant in the Vori ecosystem?
| Entity | Role | PCI status |
|---|---|---|
| Payment processor | Processes card transactions and manages merchant accounts | PCI DSS Level 1 certified service provider |
| Payment terminal | Encrypts card data at the point of interaction using P2PE | PCI PTS certified device |
| Vori POS software | Sends transaction amounts to the terminal; never handles card data | Outside PCI scope — no cardholder data is touched |
What does this mean for your store?
- Card data is never on your network. Even if someone gains access to your store’s local network, there is no cardholder data to intercept.
- Simplified PCI compliance. Because you use a P2PE-validated payment solution, you can complete the shortest PCI self-assessment questionnaire (SAQ P2PE) rather than a full audit.
- Encryption from swipe to processor. Card data is encrypted inside the terminal hardware before it ever reaches the network.