Security

Security is at the core of everything NMI does. Our payments systems exceed industry security standards — and as a PCI SSC Participating Organization, we’re always up to date on emerging threats and changes in data security standards.

NMI has continuously maintained PCI DSS Level 1 certification since 2005, and was one of the first non-bank organizations in the world to hold cross-region compliance. We’re audited annually by independent security assessors to ensure we’re adhering to the industry’s highest level of certification and PCI standards. NMI is listed on Visa’s Global Registry of Service Providers and Mastercard’s Compliant Service Provider List.

Point to point encryption (P2PE) provides the most secure and effective solution to protect sensitive cardholder data in combination with EMV and Tokenization, while potentially reducing the cost and scope of PCI DSS and PA-DSS. Encrypted cardholder data has no value if stolen, as only NMI can decrypt the data.

In order to move your hardware into production, your devices must be injected securely with the NMI data encryption key at a PCI P2PE accredited key injection facility. NMI can support you in organizing the logistics process for key injection via an existing distribution relationship, or can establish a new process with a new key injection facility if required.

Contact your account manager or submit a request to discuss key injection operations for your Direct Connect integrated hardware.