📃
Developer Docs
  • Overview
  • Integration Options
  • Webhooks
    • Build a webhook endpoint
    • Check signature
  • Getting Started
    • 1. Creating User Accounts
    • 2. User Account Types & Permissions
    • 3. Generate Access Tokens
    • 4. Choose Integration Options
    • 5. Securing Embedded UIs
      • 5a. Securing Embedded UIs Using HMAC (deprecated)
    • 6. Loading the frontend library
      • 6a. Preloading PayEngine Web-Component in SPA
    • 7. Custom styling the Web-Components
    • 8. Handling Callbacks from Web-Components
    • 9. Available Web-Components
    • 10. Available Webhooks
  • Merchant Onboarding
    • Overview
    • Integration Options
    • Onboarding/Payments Application Workflow
    • Embedded Onboarding UI
    • Merchant onboarding APIs
    • Partner's Onboarding UI
    • Merchant Lifecycle
    • Onboarding to Partner Relationships
  • Processing Payments
    • Introduction
      • Transaction Flow and Status
    • SecureFields JS
      • SecureFields Bank Account
      • Using tokens
    • Credit Card Form
    • Connect with Plaid
    • Connect Mailgun
    • 3D Secure
    • Payments API
    • Searching Transactions
    • Registering a cloud connected device
    • Apple Pay
      • Apple Pay in your native app
    • Google Payâ„¢
    • Level 2 and Level 3 Data
    • Fraud Prevention
    • Reporting
    • PCI Compliance
    • Address Verification Service (AVS) Check
    • Hosted Payments
      • Embedded Payments Session Integration
    • Tap to Pay
  • Card Account Updater
  • ORCHESTRATION SYSTEM
    • Orchestration Overview
    • Onboarding Orchestration
    • Transactions Orchestration
    • Omnicommerce Orchestration
    • Merchant Servicing
    • Universal Reporting
  • TOKENIZATION
    • Automatic Network Tokenization
    • Token Migration Process
  • DISPUTE MANAGEMENT
    • Retrieval Requests & Chargebacks
  • Certification
    • Partner Certification
  • Data Sharing
    • Secure Data Sharing with PayEngine
  • eCommerce Integration
    • PayEngine Payment Gateway for WooCommerce
Powered by GitBook
On this page
  1. Processing Payments

PCI Compliance

A note on PCI Compliance for merchants

PreviousReportingNextAddress Verification Service (AVS) Check

Last updated 10 months ago

Any entity engaged in the processing, transmission, or storage of card data is obligated to adhere to the Payment Card Industry Data Security Standards (PCI DSS). This platform has undergone a comprehensive evaluation conducted by an independent PCI Qualified Security Assessor (QSA) and has obtained certification as a PCI Level 1 Service Provider. This esteemed certification represents the highest level of stringency achievable within the realm of payment services.

When it comes to processing payments, it's crucial for merchants to ensure PCI compliance. The easiest way to achieve PCI compliance is by completely avoiding any interaction with card data. We simplify this process by safeguarding the consumer's card information. By utilizing our suggested payment integrations, partners can enable their merchants to securely gather payment details, which are then directly transmitted to the processor without traversing the merchants' servers. This approach streamlines PCI compliance efforts for merchants.

To be more specific, if the partner is using or to enable their merchants to gather card details from consumers in card-not-present environment, the merchants qualify for the easiest method of PCI validation: SAQ A. To help with compliance efforts, we generate a SAQ A for the merchant, which can be requested from your customer support specialist, if required. This simplicity is achieved because this technology securely hosts all form inputs that contain card data within an iframe served from our domain. Therefore, merchants' servers never come into contact with consumers' card information.

If other integration methods are being used, proper PCI validation may require other questionnaires or methods and our customer support specialists are always happy to help assess the specific use cases and offer guidance.

Note: If the merchant's annual transaction volume exceeds 6 million transactions with Visa or MasterCard, or 2.5 million transactions with American Express, or if the merchant is classified as a Level 1 provider by any of the card networks, then the merchant is not eligible to utilize a SAQ to demonstrate PCI compliance. In such cases, the payment brands require them to complete a Report on Compliance (RoC) on an annual basis to validate their PCI compliance.

Card Forms
SecureFields JS