Read about PCI compliance.
This section is only relevant to Card payment provider
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
The PCI DSS self-assessment questionnaires (SAQs) are validation tools intended to assist merchants and service providers report the results of their PCI DSS self-assessment.
Your default PCI level is SAQ A. This means that you do not get in touch with credit card data. This is possible because we will render iFrame’s for you, which are hosted on our servers.
|SAQ A||SAQ A applies to Card-not-present merchants (e-commerce or mail/telephone order) who have completely outsourced all cardholder data processing functions and have no electronic storage, processing, or transmitting of cardholder data.
With us, you are automatically PCI compliant - without any action on your part.
|SAQ A-EP||This is one of the newer additions to the SAQ types and has been designed to apply to e-commerce merchants, who partially outsource all payment processing to PCI DSS compliant service providers.
Usually, the merchant’s website forwards the end customers to the landing page of a payment provider. This means that the web server itself does not store, process, or transmit card data.
However, the way in which a customer is routed to the payment providor and from where the payment page components are provided determines whether SAQ A or A-EP is best suited. Many merchants who previously used SAQ A now fall under SAQ A-EP for validation.
SAQ A-EP is also typically used if you have a mobile client that connects to Unzer using our mobile SDK for iOS or mobile SDK for android.
|SAQ D||SAQ D is the final SAQ and applies to any merchants who do not meet the criteria for other SAQs, as well as all service providers. SAQ D encompasses the full set of over 200 requirements and covers the entirety of the PCI DSS. If you are a service provider, this is the only SAQ you are eligible to complete. The only change from previous SAQ reporting is that there are now separateSAQ Ds and AOCs for merchants and service providers.
Because SAQ D is the default catch-all SAQ, there may still be parts of it that are not applicable to your environment. One example is the requirement of tracking data from the magnetic stripe is not stored; this is not relevant for card-not-present transactions. It is acceptable to mark these as ‘Not Applicable’ or ‘N/A’ with appropriate justification.
If you want to change the PCI level, please contact our support at firstname.lastname@example.org.
Please note that changing the PCI level is a process that can take several days.