A dedicated network lane
On a shared public APN, your terminal's data travels alongside every other IoT device on that carrier. A private APN creates a separate, isolated path used only by devices you control. Nothing else gets in.
Every NuvoLinQ connection runs on a dedicated private APN: a network lane used exclusively by your devices. Cardholder data travels a controlled, isolated path from the terminal to your payment processor, never across the public internet.
01 Plain-language explanation
APN stands for Access Point Name. It's the gateway that decides which network your device connects to when it sends data. A private APN means that gateway is yours alone: no other company's devices use it.
On a shared public APN, your terminal's data travels alongside every other IoT device on that carrier. A private APN creates a separate, isolated path used only by devices you control. Nothing else gets in.
Every device gets a fixed private IP address that stays consistent. That makes IP whitelisting possible: your firewall accepts connections only from your terminal IPs and blocks everything else.
Your payment data travels from terminal to processor on a controlled path only. It is never routed through uncontrolled networks or unknown intermediaries along the way.
02 The compliance risk
PCI requires that cardholder data environments be protected from untrusted networks. A public APN puts payment data on shared infrastructure, which is, by definition, untrusted.
03 How it works
Three components work together to give you isolated, controlled, and auditable connectivity for every terminal in your fleet.
When your LinQ1Zero SIM connects, it routes exclusively to NuvoLinQ's private APN, never to the shared public carrier. No configuration required on your side. The private APN is already live.
Each device is assigned a fixed private IP at provisioning. The address is designed to remain consistent across reconnects and supported carrier changes. This makes IP whitelisting stable and reliable.
A private APN isolates your cardholder data environment from untrusted networks, satisfying PCI DSS Requirement 1 and supporting scope reduction so your QSA can exclude the rest of your network from assessment. Every connection is logged and exportable for your audit.
04 Static IP, specifically
A static IP isn't just a technical detail. It's what makes IP whitelisting possible, keeps remote management reliable, and lets firewall rules hold.
Configure your firewall to accept connections only from your fleet's IP range and block everything else. Because the IPs never change, the rules never break, no matter how many times the device reconnects or switches carriers.
Your LinQView dashboard and operations team always know the exact address of every device. Remote configuration, diagnostics, and OTA updates are reliable because the device is always reachable at the same address.
A static IP survives carrier switches and reboots. When a terminal drops and reconnects, it comes back on the same IP, your firewall rules and your compliance documentation stay valid.
Assigned at provisioning. Static IP is configured when your SIM is provisioned before it ships. No setup required on your end. Every device in your fleet arrives with a fixed address already assigned.
05 For POS specifically
Four things that change for a payment operations or compliance team when every terminal runs on a private APN with a static IP address.
From the moment cardholder data leaves the terminal to the moment it reaches your acquirer, it travels exclusively on NuvoLinQ's private APN. At no point in that journey does it cross the public internet or a shared carrier APN.
Because every device keeps the same IP for the life of the deployment, you whitelist your fleet once and leave it. Reconnects, reboots, and carrier switches all return on the same address, so your rules and your audit evidence stay current.
A private APN is a documented, auditable network control. When your QSA asks how cardholder data is isolated in transit, "private APN with static IP whitelisting" answers the question. A shared carrier APN may require additional controls and documentation.
NuvoLinQ's private APN can be configured to keep traffic within defined geographic routing policies, so payment data from a Canadian terminal can be kept on a domestic path to a Canadian processor.
06 Not an add-on
Private APN and static IP are not premium tiers or optional features. Every LinQ1Zero SIM on every NuvoLinQ plan runs on the private APN with a static IP address assigned at provisioning.
Most IoT connectivity providers charge extra for private APN access, if they offer it at all. At NuvoLinQ, it's the default. We built the network this way because payment terminals have no business running on shared infrastructure. Payment connections we provision are private by design.
07 How it compares
For payment infrastructure, the difference between a private and a public APN is the difference between a defensible PCI architecture and one that may raise questions in an audit.
08 Secure by design
Security, monitoring, and payments customers run on our private APN. Here is why.
★ FEATURED INSIGHT · NETWORK SECURITY
A PCI-compliant private APN with static IP and traffic whitelisting keeps payment and monitoring devices isolated from the public internet, with full control over what each device can reach.
→ Private network
See how whitelisting and static IP protect payment and monitoring devices, or browse more.
09 get started
Get a connectivity assessment built around your fleet. We map what you run, find the right private-APN deployment, and hand you a concrete plan. No generic demos, no runaround.
NuvoLinQ runs every device on a private, PCI-compliant APN with a static IP, kept off the public internet, on a backbone with a 99.99% uptime SLA.