Regarding the PCI requirements depending on the integration type, 
Merchants are required to have their own PCI certificate to ensure that their customer’s data is safe.


You may find the following methods that require PCI certification:

  • Obtaining card details using your own form: You have to be PCI certified to a minimum SAQ-D Merchant. This is because card details will be handled by your systems. After receiving the card details from your payment page, you are required to send a payment request using the transaction API. You will need to include the card details within the payment request.
  • Taking card details using the managed form: You have to be PCI certified to a minimum SAQ A-EP Merchant. This is because card details will not be handled by your system, the payment page is displayed from your website. After receiving the payment token details from your payment page, you must send a payment request using the transaction API. You will need to include the token details within the payment request.

 

Meanwhile, the only available options for you as a merchant (without the need for a PCI certificate), would be the following:

  • Hosted Payment Page: if you are not a PCI certified to a minimum SAQ A-EP. All display of the payment page and handling of the card details will be done by the PayTabs systems, including any additional authentication needed such as 3D Secure. You can embed the PayTabs payment page to your website using iframe. You can use the framed option in the hosted payment page – Transaction API. It’s available in the postman script attached.