PCI DSS Compliance
All companies that process credit card data must be compliant with the Payment Card Industry Data Security Standards (PCI DSS). This requirement is also applicable to E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website that doesn’t directly receive cardholder data but can impact the security of the payment transaction.
The steps required to ensure PCI DSS compliance may depend on your PCI compliance level (annual total volume of credit, debit, and prepaid card transactions):
- Level 1: > 6 million transactions
- Level 2: 1 million – 6 million transactions
- Level 3: 20,000 – 1 million transactions
- Level 4: < 20,000 transactions
You can read more about PCI compliance levels here.
To ensure PCI DSS compliance, do the following:
- If you already have PCI DSS compliance certificate, just submit it to the bank. You don’t have to complete the next steps.
- Complete the steps described in the below table depending on the acquiring method you use.
Acquiring method | Required steps |
---|---|
[Pay by Link](/integration/apiv2/structure/merchant-portal-v2.html#mp3-invoice | None |
Redirect integration | Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level 1-3, recommended for Level 4). |
Direct payment | |
Web SDK Payment | Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level 1-3, recommended for Level 4). |
Mobile SDK Core | Complete the Self-Assessment Questionnaires SAQ A and SAQ D – requirements 6.3, 6.4, 6.5 (mandatory for all levels). |
Mobile SDK Payment | Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level1-3, recommended for Level 4). |
Server Side SDK | If card data is collected on the Payment Gateway side: Complete the Self-Assessment Questionnaire SAQ A (mandatory for Level1-3, recommended for Level 4). If card data is collected on your side: |