PCI Compliance & Information Security
Every organisation that handles card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). Annual compliance is mandated by the payment card schemes and banks.
PCI DSS is a global standard, helping to protect cardholder data and tackle the growing threat of security breaches. It sets the operational and technical requirements for organisations handling card payments, and for software developers and manufacturers of payment applications and devices.
Payrix Integrated's entire infrastructure is fully compliant with PCI DSS - we are certified at Level 1, the highest level of compliance. We are independently audited annually for compliance by qualified security assessors.
What this means for you?
Your integration with Payrix will need to comply with PCI DSS. To help you with your integration, any API requests that require PCI Compliance Level 1 are flagged throughout our REST API documentation with the 🏴 symbol. You will only be able to use these calls if you have AOC for PCI Compliance Level 1.
Whilst Payrix is PCI DSS compliant, if your organisation accepts card payments then it must also be fully compliant. Non-compliance could make you responsible for any losses through fraud, and you may also face considerable fines from the card schemes and banks. We recommend completing a Self-Assessment Questionnaire (SAQ) to gain a better understanding - https://listings.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf.
There are four levels of compliance, dependent on how many transactions you process in a year. Find out how your organisation can reach compliance at the PCI Security Standards Council website
The Payrix team can also advise you on any aspect of your PCI DSS compliance - contact our Sales Team, and they may refer you to our Risk and Fraud Team for further advice.