Processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS).
PCI Level 1 Certified
Reepay is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
PCI compliance for your business is a shared responsibility between Reepay and you. Anybody accepting payments must do so in a PCI compliant manner.
The Reepay Token and Reepay Checkout solutions use an Iframe solution where the entering of sensitive data is done on a Reepay hosted page so your system never touches the information.
This is the simplest solution for your business to be PCI compliant and only requires the simplest self-assessment called SAQ-A.
Notice that your page needs to be behind HTTPS.
When developing payment or sign-up pages always remember the following best practices in regards to PCI compliance:
- Host web pages where credit card information is entered via TLS (HTTPS).
- Never log sensitive card data (card number or CVV/CVC).
- Never store sensitive card data (card number or CVV/CVC). You may store the first six and the last four digits of the credit card number.
- Secure your website according to the OWASP Top Ten.
Updated over 3 years ago