For any question, we are one click away

Contact us

PCI DSS Compliance

All companies that process credit card data must be compliant with the Payment Card Industry Data Security Standards (PCI DSS). This requirement is also applicable to E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website that doesn’t directly receive cardholder data but can impact the security of the payment transaction.

The steps required to ensure PCI DSS compliance may depend on your PCI compliance level (annual total volume of credit, debit, and prepaid card transactions):

You can read more about PCI compliance levels here.

To ensure PCI DSS compliance, do the following:

  1. If you already have PCI DSS compliance certificate, just submit it to the bank. You don’t have to complete the next steps.
  2. Complete the steps described in the below table depending on the acquiring method you use.
Acquiring method Required steps
Pay by Link None
Redirect integration Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level 1-3, recommended for Level 4).
Web SDK Payment Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level 1-3, recommended for Level 4).
Mobile SDK Core Complete the Self-Assessment Questionnaires SAQ A and SAQ D – requirements 6.3, 6.4, 6.5 (mandatory for all levels).
Mobile SDK Payment Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level1-3, recommended for Level 4).
Server Side SDK If card data is collected on the Payment Gateway side:
Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level1-3, recommended for Level 4).

If card data is collected on your side:
  1. Complete the Self-Assessment Questionnaire SAQ D (mandatory for all levels).
  2. Complete a quarterly network scan by an Approved Scanning Vendor (ASV). The list of Approved Scanning Vendors can be found here.
Categories:
eCommerce
Categories
Search results