07 April 2025

PCI compliance

Tribal understands the need for institutions to comply with PCI (Payment Card Industry) regulations when processing card payments, with EBS playing a key role in that process. This topic details how EBS integrates securely with third-party payment providers and details the security controls in EBS that assist with PCI compliance. You can also view the processing sequence for each third-party payment provider.

Integration with ePayment providers

EBS integrates with several third-party ePayment providers to process and validate card payments. All providers are PCI compliant, ensuring that card data is secured during processing and is not shared with EBS.

Your third-party ePayment provider does not expose credit card information to EBS during processing and card information is not retained by EBS.

The following security controls secure ePayments in EBS

You must have the Institution Settings role in the EBS Central Apps/Enqs/Enrols group to view or configure institution settings for ePayments.

Institutions Settings role

You can view, but not alter or amend, references to third-party ePayment transactions on the Receipts tab in the Payments screen of the enrolments module.

ePayments processing

The following diagrams illustrate the ePayments processing sequence for each provider:

The following diagram illustrates the interaction between EBS and Access Paysuite Pay 360 Secure Card Portal.

Refer to Access Paysuite Pay 360 Secure Card Portal for further information about the data transmitted during the payment process.

Capita Secure Card Portal (SCP) processing sequence

Access Paysuite Pay 360 Secure Card Portal is Payment Card Industry Data Security Standard (PCI DSS) certified .

The following diagram illustrates the interaction between EBS and Civica Paylink.

Refer to Civica Paylink for further information about the data transmitted during the payment process.

Civiva Paylink processing sequence

Civica Paylink is Payment Card Industry Data Security Standard (PCI DSS) certified.

The following diagram illustrates the interaction between EBS and Flywire.

Refer to Flywire for further information about the data transmitted during the payment process.

Flywire processing sequence

Flywire is Payment Card Industry Data Security Standard (PCI DSS) certified.

The following diagram illustrates the interaction between EBS and Netbanx.

NETBANX is a legacy integration for Paysafe. New customers should refer to the Paysafe integration for online payments.

Netbanx (v5) processing sequence

Paysafe NETBANX is Payment Card Industry Data Security Standard (PCI DSS) certified.

The following diagram illustrates the interaction between EBS and Paysafe.

Refer to Paysafe for further information about the data transmitted during the payment process.

Paysafe processing sequence

Paysafe is Payment Card Industry Data Security Standard (PCI DSS) certified. Refer to Paysafe for more information about Paysafe checkout integration and compliance with PCI SAQ-A.

The following diagram illustrates the interaction between EBS and Windcave.

Refer to Windcave for further information about the data transmitted during the payment process.

DPS processing sequence

Windcave is Payment Card Industry Data Security Standard (PCI DSS) certified.

The following diagram illustrates the interaction between EBS and Worldpay.

Refer to WorldPay for further information about the data transmitted during the payment process.

Worldpay processing sequence

WorldPay is Payment Card Industry Data Security Standard (PCI DSS) certified.

Further information about how the payment industry develops and adopts data security standards is available from the PCI Security Standards Council.