When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).
If you are unsure about whether your solution is PCI compliant, contact our Support Team for guidance.
PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. It establishes requirements and best practices that all merchants must follow when handling sensitive payment credentials. The standard is administered by the Payment Card Industry Security Standards Council, a group that currently consists of Visa, Mastercard, American Express, Discover and JCB.
Before your system begins to process transactions with sensitive data, you should review the following resources with a contact from your acquiring bank to identify the exact requirements your solution is expected to meet. These requirements are primarily determined by the level associated with your solution, a criteria assigned based on the volume of transactions your solution processes over a 12 month period.
Click here to learn more about PCI DSS levels (link to external site)
As part of these requirements, most merchants will typically be expected to complete a Self-Assessment-Questionnaire (SAQ). The advantage of exclusively using our JavaScript Library to process payments is that you are not required to handle sensitive payment credentials on your system, meaning you may be subject to less stringent self-assessment proceedings.
Click here to learn more about SAQs (link to external site)
