The main aim of PCI DSS is to make payments processes safe and secure. Compliance with this standard is important to ensure that the risk of a financial breach is minimized. You may like to check our "What is PCI DSS? and What are the Merchant Requirements?" solution article for more information.
PCI requirements are depending on the integration type, as the merchants are required to have their own PCI certificate to ensure that their customer’s data is safe only if:
- They are obtaining card details using their own form
In this case, they have to be PCI certified to a minimum SAQ-D Merchant. This is because card details will be handled by their systems. After receiving the card details from their payment page, they are required to send a payment request using the transaction API. Hence they will need to include the card details within the payment request.
- They taking card details using our managed form
In this case, they have to be PCI certified to a minimum SAQ A-EP Merchant. This is because card details will not be handled by their system, yet the payment page is displayed from their website. After receiving the payment token details from their payment page, they must send a payment request using the transaction API. Hence they will need to include the token details within the payment request.
Meanwhile, you can still use our service via Hosted Payment Page, APIs endpoints (except the above-mentioned ones), eCommerce Plugins, Mobile SDKs, and Backend Integrations without the need to be PCI certified, to know more about each just click on each to navigate to our detailed helpful solution articles which will guide through it.