Payment Card Industry Data Security Standards (PCI DSS) is a set of policies and procedures developed to protect card transactions and prevent misuse of cardholders' personal information. Anyone involved with the processing, handling, transmission or storage of card data must comply with PCI DSS.
PCI compliance is a shared responsibility, and as an Innovator you must also adhere to PCI requirements. The easiest way for you to be PCI compliant is to avoid seeing or accessing card data at all. Weavr allows you to do this through its UX Security Model which makes use of a tokenisation service.
To ensure the simplest possible PCI compliance procedure you should:
- Use our UX Security Model to deliver card details to your customers
- Ensure that your application is running on HTTPS
- Fill in and submit the PCI SAQ A (Self-Assessment Questionnaire) annually
In order to qualify for the lowest level of PCI Compliance (SAQ A), you can use our UX Security Model to tokenise sensitive information such that your application does not have access to card details. Tokens are translated into card details directly in your user's browser, ensuring that your servers and back-end systems remain outside PCI scope.
Native mobile apps need to use Webview for collecting user passwords and to display card details