PCI compliance

If you're processing payments, transmitting and storing card data, you must comply with the Payment Card Industry Data Security Standards (PCI DSS).

Checkout Technology Ltd, a company within the Checkout.com group, is certified for PCI DSS as a Level 1 Service Provider.

PCI compliance is a responsibility shared between both us and your business. So when accepting payments, it is essential that you do so in a PCI compliant manner. The complexity of this depends upon your integration methods, but the simplest way is never to see or access your customers' card data. Here are our tips:

  • Use one of our integration methods that allows you to accept payments without ever handling card data: Frames and Checkout.js.
  • Use Transport Layer Security (TLS) for all payment pages, so that they use HTTPS.
  • Review and validate your PCI compliance once a year.

Validate your PCI compliance

All of our merchants must validate their PCI compliance annually. Most can do this with a Self-Assessment Questionnaire (SAQ), which is provided by the PCI Security Standards Council.

The PCI requirements for our integration methods are as follows:

  • Checkout.js and Frames: Pre-filled SAQ A
  • Mobile SDK: Pre-filled SAQ A
  • Full card details: SAQ D

If you have any questions or are unsure about PCI compliance, please contact your customer success manager.

Can we help?

Thanks for using Checkout.com. If you need any help or support, then message our support team at support@checkout.com.

PCI compliance


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.