New Security Update: Only PSP Decides Who Can Use Host-to-Host Integration

We’ve implemented an essential update to our platform: from now on, only the PSP can decide which merchants and their stores can use host-to-host integration when working with the PSP.

This feature maximises PSP protection and reduces the risks associated with processing payments from unregistered or unknown merchant resources.

Why is this important?

Host-to-host integration is a powerful tool that gives merchants direct access to the payment API. However, with this flexibility come potential risks for the PSP, such as:

• A merchant may accept payments through a website that hasn’t been registered with the PSP, which often leads to violations of card scheme rules.
• Improper handling of card data collected on the merchant’s side can result in data compromise, potentially leading to fines or sanctions from the card schemes.
• Such issues can also affect the PSP’s reputation and may even result in MID termination.

How does the new feature work?

The PSP can manually allow or deny host-to-host integration for each merchant store.

By default, access is disabled. You decide who can use this type of connection — and when.

Benefits for you:

• ✅ Full control — eliminate unauthorised direct API connections.
• ✅ Protection from miscoding — no unauthorised merchant behaviour.
• ✅ Compliance with card scheme requirements — reduce the risk of fines and sanctions.
• ✅ Simplified compliance checks — you know who’s connecting and can manage access proactively.