Products

LinQ1Zero LinQView ScanLinQ Private APN Tier 1 Carrier Network

Solutions

POS & Payments Self-Serve Kiosks Telematics & Fleet Fixed Wireless

Resources

Insights Case Studies Newsroom eNewsletter

Company

About NuvoLinQ Contact Us
Talk to Sales

Your payment data never crosses the public internet.

Every NuvoLinQ connection runs on a dedicated private APN: a network lane used exclusively by your devices. Cardholder data travels a controlled, isolated path from the terminal to your payment processor, never across the public internet.

Destination lane No public
network exposure
Fixed address Static IP on
every device
Not an add-on Included as
standard

01 Plain-language explanation

What a private APN is, and why it matters for payments.

APN stands for Access Point Name. It's the gateway that decides which network your device connects to when it sends data. A private APN means that gateway is yours alone: no other company's devices use it.

01

A dedicated network lane

On a shared public APN, your terminal's data travels alongside every other IoT device on that carrier. A private APN creates a separate, isolated path used only by devices you control. Nothing else gets in.

Public APN, shared with all devices OPEN
NuvoLinQ Private APN, your devices only PRIVATE
02

Static IP is a fixed, dedicated address

Every device gets a fixed private IP address that stays consistent. That makes IP whitelisting possible: your firewall accepts connections only from your terminal IPs and blocks everything else.

Device Assigned IP
Terminal · Toronto 10.44.22.18
Terminal · Calgary 10.44.22.31
03

Full data sovereignty

Your payment data travels from terminal to processor on a controlled path only. It is never routed through uncontrolled networks or unknown intermediaries along the way.

Terminal Private APN Processor

02 The compliance risk

Why a public APN creates a compliance gap in your PCI scope.

PCI requires that cardholder data environments be protected from untrusted networks. A public APN puts payment data on shared infrastructure, which is, by definition, untrusted.

⚠ Generic IoT SIM · Shared APN

Cardholder data on a road shared with everyone.

Data travels over public carrier infrastructure alongside untrusted IoT traffic from other organizations.
Dynamic IP addresses make stable IP whitelisting unreliable, so it is harder to restrict which organizations connect to your payment infrastructure.
No control over data routing, traffic may traverse unexpected geographic regions.
Shared APN connections expand your cardholder data environment, increasing PCI scope and audit effort.
Limited ability to support straightforward PCI DSS Requirement 1.4 network access controls between your terminal network and untrusted networks.
✓ NuvoLinQ Private APN

A controlled, auditable path your compliance team can document.

All payment data travels exclusively through your private APN, never shared with any other organization's traffic.
A static IP on every device enables complete IP whitelisting, so your firewall accepts connections only from your specific terminal addresses.
Data sovereignty maintained throughout, traffic stays within defined geographic boundaries from terminal to processor.
Supports PCI scope reduction, auditors can verify that cardholder data travels on a controlled, isolated network segment.
Every connection event logged and exportable, full audit trail available for Requirement 10 log management.

03 How it works

How NuvoLinQ's private APN works in practice.

Three components work together to give you isolated, controlled, and auditable connectivity for every terminal in your fleet.

Step 01

Dedicated private APN

When your LinQ1Zero SIM connects, it routes exclusively to NuvoLinQ's private APN, never to the shared public carrier. No configuration required on your side. The private APN is already live.

Step 02

Static IP assignment

Each device is assigned a fixed private IP at provisioning. The address is designed to remain consistent across reconnects and supported carrier changes. This makes IP whitelisting stable and reliable.

Step 03

PCI scope support

A private APN isolates your cardholder data environment from untrusted networks, satisfying PCI DSS Requirement 1 and supporting scope reduction so your QSA can exclude the rest of your network from assessment. Every connection is logged and exportable for your audit.

04 Static IP, specifically

Every device gets a fixed, dedicated IP address.

A static IP isn't just a technical detail. It's what makes IP whitelisting possible, keeps remote management reliable, and lets firewall rules hold.

Fleet IP assignment STATIC · NEVER CHANGES
Device Location IP address
Terminal #4821 Toronto 10.44.22.18
Terminal #2934 Calgary 10.44.22.31
Terminal #1102 Vancouver 10.44.22.45
Terminal #8834 Montréal 10.44.22.59

IP whitelisting

Configure your firewall to accept connections only from your fleet's IP range and block everything else. Because the IPs never change, the rules never break, no matter how many times the device reconnects or switches carriers.

Remote management

Your LinQView dashboard and operations team always know the exact address of every device. Remote configuration, diagnostics, and OTA updates are reliable because the device is always reachable at the same address.

Firewall rules that hold

A static IP survives carrier switches and reboots. When a terminal drops and reconnects, it comes back on the same IP, your firewall rules and your compliance documentation stay valid.

Assigned at provisioning. Static IP is configured when your SIM is provisioned before it ships. No setup required on your end. Every device in your fleet arrives with a fixed address already assigned.

05 For POS specifically

What private APN & static IP mean for your payment fleet.

Four things that change for a payment operations or compliance team when every terminal runs on a private APN with a static IP address.

Cardholder data protection

Your payment data never crosses the public internet

From the moment cardholder data leaves the terminal to the moment it reaches your acquirer, it travels exclusively on NuvoLinQ's private APN. At no point in that journey does it cross the public internet or a shared carrier APN.

Access control

A whitelist you set once

Because every device keeps the same IP for the life of the deployment, you whitelist your fleet once and leave it. Reconnects, reboots, and carrier switches all return on the same address, so your rules and your audit evidence stay current.

PCI audit readiness

A documented answer for your QSA

A private APN is a documented, auditable network control. When your QSA asks how cardholder data is isolated in transit, "private APN with static IP whitelisting" answers the question. A shared carrier APN may require additional controls and documentation.

Geographic data routing

Data stays within defined geographic boundaries

NuvoLinQ's private APN can be configured to keep traffic within defined geographic routing policies, so payment data from a Canadian terminal can be kept on a domestic path to a Canadian processor.

06 Not an add-on

Included with every NuvoLinQ connection. No upgrade required.

Private APN and static IP are not premium tiers or optional features. Every LinQ1Zero SIM on every NuvoLinQ plan runs on the private APN with a static IP address assigned at provisioning.

Most IoT connectivity providers charge extra for private APN access, if they offer it at all. At NuvoLinQ, it's the default. We built the network this way because payment terminals have no business running on shared infrastructure. Payment connections we provision are private by design.

Private APN, included on every plan · No upgrade required
Static IP, assigned at provisioning · Fixed for life of deployment
Data sovereignty, traffic stays within defined geographic boundaries
Connection logging, every event logged and exportable for PCI audit

07 How it compares

NuvoLinQ private APN vs shared public APN from generic IoT SIM providers.

For payment infrastructure, the difference between a private and a public APN is the difference between a defensible PCI architecture and one that may raise questions in an audit.

Capability
Shared public APN · Generic IoT SIM
NuvoLinQ · Private APN
Network isolation
Shared with many other devices on a public or shared APN
Dedicated lane for your devices only
IP address type
Often dynamic or subject to change
Static, fixed at provisioning, stays consistent
IP whitelisting
Not stable without additional controls
Fully supported, whitelist your exact terminal IPs
Firewall rule stability
Rules break when IPs change
Rules persist, static IP survives carrier switches
Data sovereignty
Routing path varies and may cross unexpected regions
Defined geographic boundaries controlled throughout
PCI DSS Req. 1 support
Shared APN may be treated as untrusted and can expand scope
Private APN supports documented network segmentation
Connection audit logs
Limited or not available for compliance export
Full log: timestamp, device, IP, carrier
Cost
Often a premium add-on if available at all
Included as standard, every plan, every connection

08 Secure by design

A private network customers trust with their most sensitive traffic.

Security, monitoring, and payments customers run on our private APN. Here is why.

FEATURED INSIGHT · NETWORK SECURITY

Whitelist, blacklist, and total control over POS traffic

POS security, whitelist and blacklist control

A PCI-compliant private APN with static IP and traffic whitelisting keeps payment and monitoring devices isolated from the public internet, with full control over what each device can reach.

NLNuvoLinQNEWSROOM

PCI-compliantPrivate APN
Static IPEvery device
WhitelistTraffic control

With NuvoLinQ, we feel like we have a partner that always has a solution. The experience has been exceptional. Our teams are thankful for the support, the fast shipping, product availability, and zero connectivity issues. LinQView has been a game-changer for our Deployment and Technical Support teams.

MP Maverick PaymentsPAYMENT PROCESSING PARTNER

NuvoLinQ, as our global wireless partner, has enabled us to recognize IoT patterns that are crucial to managing our business. NuvoLinQ's IoT data connectivity lets us process efficiently, securely and cost effectively. As we expand our Dealer network, we look forward to doing so in partnership with NuvoLinQ.

RW Richard WorrallPRESIDENT · CONNECT2GO

NuvoLinQ offers us wireless technology solutions at our pumps that make for a seamless installation. The network provides access to both Rogers and Bell, connecting to the strongest signal, so there is never a worry about connectivity.

EC EcoTank CanadaUNATTENDED FUEL & RETAIL

NuvoLinQ and its evolutionary, GSMA-approved eSIM allow us to offer our merchants an ‘always on’ posture across North America. The multi-carrier eSIM lets the PSP or the end client choose the best available carrier and switch networks if needed, all on a highly secure private backbone.

DG Danny GurizzanPRESIDENT & CEO · PSP SERVICES

→ Private network

Isolate your most sensitive traffic.

See how whitelisting and static IP protect payment and monitoring devices, or browse more.

Payment processors, fuel retail, vending, security, and connected-device operators across North America

09 get started

See how your connectivity compares, and where a private APN may help.

Get a connectivity assessment built around your fleet. We map what you run, find the right private-APN deployment, and hand you a concrete plan. No generic demos, no runaround.

NuvoLinQ runs every device on a private, PCI-compliant APN with a static IP, kept off the public internet, on a backbone with a 99.99% uptime SLA.

Consultation form
Fleet size e.g. 4,200 terminals
Current connectivity Roaming / direct / mixed
Primary pain point Reliability · PCI · migration
Work email name@company.com