PCI Compliance
Merchants who accept card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). This standard is a set of security requirements designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Starfish GmbH & Co. KG is a PCI DSS Level 1 Service Provider. This is the highest level of certification available in the payments industry.
Easy Compliance
In general you have to handle card payments in a PCI/DSS compliant way. This means there is no way around it, but you can make it much easier if you follow this general advice:
- Make use of managed solutions like our Web SDK such that you can accept card payments without having to touch the card data.
- Ensure Transport Layer Security (TLS) for all payment pages.
- Assess your PCI compliance yearly using a Self-Assessment Questionnaire (SAQ) which are provided by the PCI Security Standards Council.
Compliance as a Service
We offer two ways to make PCI compliance easy for you:
SAQ A Compliance
Our SDKs are designed to be used in a way that you can achieve SAQ A compliance. This is the easiest way to be PCI/DSS compliant. You can use our SDKs to accept card payments without having to touch the card data. We handle the sensitive data and exchange it for a non-sensitive token, which you can safely store and use to charge the card.
SAQ D Compliance
If you are SAQ D PCI/DSS compliant, you can also send us cardholder data in raw format. Still, you don't have to worry about storing the cardholder information and we will provide you with the same convenient token in exchange.
If you are SAQ D PCI/DSS compliant and you want to use our API to send us cardholder data in raw format, please contact hellgate.support@starfish.team.