PCI compliance

If you're processing payments, transmitting and storing card data, you must comply with the Payment Card Industry Data Security Standards (PCI DSS).

Checkout Technology Ltd, a company within the Checkout.com group, is certified for PCI DSS as a Level 1 Service Provider.

PCI compliance is a responsibility shared between both us and your business. So when accepting payments, it is essential that you do so in a PCI compliant manner. The complexity of this depends upon your integration methods, but the simplest way is never to see or access your customers' card data. Here are our tips:

  • Use one of our integration methods that allows you to accept payments without ever handling card data: Frames and Checkout.js.
  • Use Transport Layer Security (TLS) for all payment pages, so that they use HTTPS.
  • Review and validate your PCI compliance once a year.

Validate your PCI compliance

All of our merchants must validate their PCI compliance annually. Most can do this with a Self-Assessment Questionnaire (SAQ), which is provided by the PCI Security Standards Council.

The PCI requirements for our integration methods are as follows:

  • Checkout.js and Frames: Pre-filled SAQ A
  • Mobile SDK: Pre-filled SAQ A
  • Full card details: SAQ D

If you have any questions or are unsure about PCI compliance, please contact your Customer Success manager.

Can we help?

Thanks for using Checkout.com. If you need help or have a question, message our Support team at support@checkout.com.