When processing payments and handling transaction data, you need to ensure your solution is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS).
If you are unsure about whether your solution is PCI compliant, contact our Support Team for guidance.
PCI DSS aims to protect customer data from unauthorised access and ultimately to reduce the risk of fraud when processing payments online. It establishes requirements and best practices that all merchants must follow when handling sensitive payment credentials. The standard is administered by the Payment Card Industry Security Standards Council, a group that currently consists of Visa, Mastercard, American Express, Discover and JCB.
PCI DSS Levels
Before handling sensitive data, your business must first establish the required PCI DSS Level. The PCI DSS Level is a numeric value that is assigned based on the volume of transactions processed annually. It is used to determine the requirements that must be followed to maintain compliance with PCI rules.
Self-Assessment-Questionnaire (SAQ)
As part of these requirements, most merchants will typically be expected to complete a Self-Assessment-Questionnaire (SAQ). The advantage of exclusively using our JavaScript Library to process payments is that you are not required to handle sensitive payment credentials on your system, meaning you may be subject to less stringent self-assessment proceedings.
Approved Scanning Vendor (ASV)
Depending on your PCI DSS Level and how you process payments, you may also need to complete quarterly Approved Scanning Vendor (ASV) scans. These external security scans identify vulnerabilities in your network that could compromise cardholder data and must be performed by a PCI-certified vendor.
