PCI Compliance
A note on PCI Compliance for merchants
Any entity engaged in the processing, transmission, or storage of card data is obligated to adhere to the Payment Card Industry Data Security Standards (PCI DSS). This platform has undergone a comprehensive evaluation conducted by an independent PCI Qualified Security Assessor (QSA) and has obtained certification as a PCI Level 1 Service Provider. This esteemed certification represents the highest level of stringency achievable within the realm of payment services.
When it comes to processing payments, it's crucial for merchants to ensure PCI compliance. The easiest way to achieve PCI compliance is by completely avoiding any interaction with card data. We simplify this process by safeguarding the consumer's card information. By utilizing our suggested payment integrations, partners can enable their merchants to securely gather payment details, which are then directly transmitted to the processor without traversing the merchants' servers. This approach streamlines PCI compliance efforts for merchants.
To be more specific, if the partner is using Card Forms or SecureFields JS to enable their merchants to gather card details from consumers in card-not-present environment, the merchants qualify for the easiest method of PCI validation: SAQ A. To help with compliance efforts, we generate a SAQ A for the merchant, which can be requested from your customer support specialist, if required. This simplicity is achieved because this technology securely hosts all form inputs that contain card data within an iframe served from our domain. Therefore, merchants' servers never come into contact with consumers' card information.
If other integration methods are being used, proper PCI validation may require other questionnaires or methods and our customer support specialists are always happy to help assess the specific use cases and offer guidance.
Note: If the merchant's annual transaction volume exceeds 6 million transactions with Visa or MasterCard, or 2.5 million transactions with American Express, or if the merchant is classified as a Level 1 provider by any of the card networks, then the merchant is not eligible to utilize a SAQ to demonstrate PCI compliance. In such cases, the payment brands require them to complete a Report on Compliance (RoC) on an annual basis to validate their PCI compliance.
Last updated