Every NuvoLinQ connection runs on a dedicated private APN: a network lane used exclusively by your devices. Cardholder data travels a controlled, isolated path from the terminal to your payment processor, never across the public internet.
01Plain-language explanation
APN stands for Access Point Name. It's the gateway that decides which network your device connects to when it sends data. A private APN means that gateway is yours alone: no other company's devices use it.
On a shared public APN, your terminal's data travels alongside every other IoT device on that carrier. A private APN creates a separate, isolated path used only by devices you control. Nothing else gets in.
Every device gets a fixed IP address that never changes. That makes IP whitelisting possible: your firewall accepts connections only from your terminal IPs and blocks everything else.
Your payment data travels from terminal to processor on a controlled path only. It is never routed through uncontrolled networks or unknown intermediaries along the way.
02The compliance risk
PCI DSS requires that cardholder data environments be protected from untrusted networks. A public APN puts payment data on shared infrastructure, which is, by definition, untrusted.
03How it works
Three components work together to give you isolated, controlled, and auditable connectivity for every terminal in your fleet.
When your LinQ1Zero SIM connects, it routes exclusively to NuvoLinQ's private APN, never to the shared public carrier. No configuration required on your side. The private APN is already live.
Each device is assigned a fixed IP at provisioning. That address never changes, not between sessions, not after carrier switches, not after reboots. This makes IP whitelisting stable and permanent.
A private APN isolates your cardholder data environment from untrusted networks, satisfying PCI DSS Requirement 1 and supporting scope reduction so your QSA can exclude the rest of your network from assessment. Every connection is logged and exportable for your audit.
04Static IP, specifically
A static IP isn't just a technical detail. It's what makes IP whitelisting possible, keeps remote management reliable, and lets firewall rules hold.
Configure your firewall to accept connections only from your fleet's IP range and block everything else. Because the IPs never change, the rules never break, no matter how many times the device reconnects or switches carriers.
Your LinQView dashboard and operations team always know the exact address of every device. Remote configuration, diagnostics, and OTA updates are reliable because the device is always reachable at the same address.
A static IP survives carrier switches and reboots. When a terminal drops and reconnects, it comes back on the same IP, your firewall rules and your compliance documentation stay valid.
Assigned at provisioning. Static IP is configured when your SIM is provisioned before it ships. No setup required on your end. Every device in your fleet arrives with a fixed address already assigned.
05For POS specifically
Four things that change for a payment operations or compliance team when every terminal runs on a private APN with a static IP address.
From the moment cardholder data leaves the terminal to the moment it reaches your acquirer, it travels exclusively on NuvoLinQ's private APN. At no point in that journey does it cross the public internet or a shared carrier APN.
Because every device keeps the same IP for life, you whitelist your fleet once and leave it. Reconnects, reboots, and carrier switches all return on the same address, so your rules and your audit evidence never go stale.
A private APN is a documented, auditable network control. When your QSA asks how cardholder data is isolated in transit, "private APN with static IP whitelisting" answers the question. A shared carrier APN does not.
NuvoLinQ's private APN keeps traffic within defined geographic regions. Payment data from a Canadian terminal does not route through an overseas peering point on its way to a Canadian processor.
06Not an add-on
Private APN and static IP are not premium tiers or optional features. Every LinQ1Zero SIM on every NuvoLinQ plan runs on the private APN with a static IP address assigned at provisioning.
Most IoT connectivity providers charge extra for private APN access, if they offer it at all. At NuvoLinQ, it's the default. We built the network this way because payment terminals have no business running on shared infrastructure. Every connection we provision is a private one.
07How it compares
For payment infrastructure, the difference between a private and a public APN is the difference between a defensible PCI DSS architecture and one your auditor will flag.
08 · Get a connectivity review
Our team will review your existing SIM connectivity setup against PCI DSS requirements and show you exactly where a private APN closes the gaps. No obligation, just a clear picture of where you stand.