PCI Certified
Processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS).
Note
PCI Level 1 Certified
Billwerk+ is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry.
Shared Responsibility
PCI compliance for your business is a shared responsibility between Billwerk+ Payments and you. Anybody accepting payments must do so in a PCI-compliant manner.
The Billwerk+ Payments Token and Billwerk+ Payments Checkout solutions use an Iframe solution where the entering of sensitive data is done on a Billwerk+ Payments hosted page, so your system never touches the information.
This is the simplest solution for your business to be PCI-compliant and only requires the simplest self-assessment called SAQ-A.
Notice that your page needs to be behind HTTPS.
Best Practices
When developing payment or sign-up pages, always remember the following best practices regarding PCI compliance:
- Host web pages where credit card information is entered via TLS (HTTPS).
- Never log sensitive card data (card number or CVV/CVC).
- Never store sensitive card data (card number or CVV/CVC). You may store the first six and the last four digits of the credit card number.
- Secure your website according to the OWASP Top Ten.
Updated 8 months ago