PCI DSS
1. Introduction
The Payment Card Industry Data Security Standard (PCI DSS) is the worldwide standard set up to protect cardholder data and help businesses process card payments securely. It is issued, administered and managed by the Payment Card Industry Security Standards Council (PCI SSC). Its compliance is enforced by the major payment card brands like Visa, MasterCard, American Express, Discover and JCB., and also includes Bancontact and Maestro in the scope.
All companies that accept, process, store or transmit credit cards and debit cards information need to comply with PCI DSS to protect cardholder data.
Our PCI certificate can be found here.
As a merchant, you also have the responsibility to fill out a self-assessment questionnaire on a yearly basis.
Therefore, Ingenico has the obligation to verify that all merchants processing credit /debit card payments and using our acquiring services, comply with PCI DSS standards. The length and rigor of the questions and the questionnaire itself, depend largely on the way you choose to integrate our payment systems.
We’ve listed below the most common Ingenico integrations and their PCI compliancy level*:
| Your Integration with Ingenico** | PCI Compliancy Level |
|---|---|
| Ingenico Hosted Payment Page | SAQ A (14) |
| Hosted Tokenization Page (FlexCheckout) | SAQ A (14) |
| Alias Gateway directly from your website (Card details are filled out on the merchant's page) | SAQ A-EP (185) |
| Server-to-Server Integration | SAQ D (387) |
* The PCI compliancy level indicated above applies to standard integrations – should your integration differ from it, the PCI compliancy level might be impacted!
** Integrations either from your website or through a shopping cart extension.