PCI DSS Compliance Guide

In card payments, the card payment element (card number expiration date CVV) is a very sensitive piece of user information that, if compromised, could lead to card theft. Therefore, the card world has a special technical compliance framework, PCI DSS, to strictly limit access to and use of sensitive card information.

The full name of PCI DSS is Payment Card Industry Data Security Standard, which translates into Chinese as Payment Card Industry Data Security Standard. It is a global standard used to help protect personal card information.PCI-DSS was developed with the participation of the major credit card organizations (e.g. Visa, MasterCard, American Express, etc.). Its main purpose is to provide a secure environment for any organization that processes, stores or transmits credit card information. The standard plays a vital role in avoiding credit card fraud and data breaches.

According to the card organizations, every merchant that accepts card payments must comply with the PCI DSS requirements. The standard applies globally, and the card groups impose penalties on organizations that do not comply with the requirements. PCI DSS certification, which is subject to certain costs including, but not limited to, breach assessment fees, legal fees, forensic investigation fees, site assessment fees, and security update fees, is subject to an annual requirement to complete an official PCI SSC validation document verifying compliance with the PCI DSS standard.

Note:

For merchants that collect, process, store or transmit cardholder data (e.g., card number, CVV, expiration date, etc.), they must comply with the PCI DSS requirements as well as complete the authentication and provide supporting documentation to PayerMax, which will be reviewed by PayerMax within 1 ~ 3 days after submission .

If a merchant wants to support card payments but doesn't want to incur the cost of PCI DSS authentication, there are two ways to go about it:

Use the integrated mode without PCI DSS requirements: Cashier Payment, Drop In Payment, PaybyLink .
Use Tokenization under direct API payment.

Overview of Integration Modes

Payment Method List

Acquiring Products Integration

Acquiring Basic Products

CARD

GOOGLEPAY

APPLEPAY

Subscription and Autp Debit

Integration Mode Connection

Drop In

Related Capabilities Integration

Tokenization

Auth-Capture

ChargeBack

Risk Control

Integration Testing

Troubleshooting

Integration

API Disbursement

Payment Method List

Europe

Related Capabilities (Notification/Transaction Inquiry)

Transaction Report

Global Collection

PCI DSS Compliance Guide

Overview of Integration Modes

Acquiring Basic Products

CARD

GOOGLEPAY

APPLEPAY

Subscription and Autp Debit

Drop In

Tokenization

Auth-Capture

ChargeBack

Risk Control

Troubleshooting

API Disbursement

Payment Method List

Europe

PCI DSS Compliance Guide ​

PCI DSS Compliance Guide