PCI Certified

Processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS).


PCI Level 1 Certified

Reepay is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.

Shared Responsibility

PCI compliance for your business is a shared responsibility between Reepay and you. Anybody accepting payments must do so in a PCI compliant manner.

The Reepay Token and Reepay Checkout solutions use an Iframe solution where the entering of sensitive data is done on a Reepay hosted page so your system never touches the information.

This is the simplest solution for your business to be PCI compliant and only requires the simplest self-assessment called SAQ-A.

Notice that your page needs to be behind HTTPS.

Best Practices

When developing payment or sign-up pages always remember the following best practices in regards to PCI compliance:

  • Host web pages where credit card information is entered via TLS (HTTPS).
  • Never log sensitive card data (card number or CVV/CVC).
  • Never store sensitive card data (card number or CVV/CVC). You may store the first six and the last four digits of the credit card number.
  • Secure your website according to the OWASP Top Ten.