Note

Depending on your integration scenario, PingPongCheckout may require you to submit PCI DSS documentation before accepting credit card payments in production environments.

What PCI Means

The Payment Card Industry Data Security Standard (PCI DSS) is a set of global security standards created by the Payment Card Industry Security Standards Council (PCI SSC) designed to ensure that every company collecting, processing, storing, or transmitting cardholder data maintains a secure cardholder data environment. PCI DSS applies to all entities that accept credit cards or participate in payment processing, such as payment processors, acquirers, issuers, and service providers.

What PCI Does

PCI certification primarily applies to organizations that process payment card information, including merchants, banks, payment service providers, and other institutions involved in payment card data. The core objective of this certification is to protect the security of cardholder data and prevent data breaches, theft, and fraudulent activities. PCI DSS is a global standard adopted by major card organizations (Mastercard, Visa, JCB, Diners, and American Express). It defines a set of technical and operational requirements that, when properly implemented, can help you protect cardholder data, reduce fraud, and minimize the likelihood of data breaches caused by malicious attacks. Compliance with these requirements can help you maintain shoppers' trust.

How to Obtain PCI Certification

Obtaining PCI certification requires passing a series of security assessments and compliance tests, including the following aspects:

1. Comply with PCI Data Security Standard (PCI DSS): This standard specifies the security measures required for processing payment card information, including establishing and maintaining secure networks, protecting cardholder data, implementing strong password policies, regularly monitoring and testing systems, etc.

2. Complete Self-Assessment Questionnaire (SAQ) or conduct external audits: Depending on the type of organization and how payment card data is processed, you need to complete the corresponding SAQ or undergo independent external audits to verify compliance with PCI DSS requirements.

3. Security scanning of payment applications: Organizations using payment applications need to conduct regular security scans to ensure that applications do not contain known security vulnerabilities.

Checkout Integration

You can use PingPongCheckout's checkout or use PingPongCheckout's plugin, embedding web pages into your website using iframe elements. The content of embedded elements is isolated from your web page, and cardholder data is encrypted in shoppers' browsers. You don't have access to decryption keys, so you don't have access to your shoppers' cardholder data.

API Integration

You can build your own UI and only use our API. This integration is typically used when you want complete control over the payment process. The checkout page is hosted, served, and controlled by you. According to PCI DSS requirements, you receive cardholder data from shoppers' browsers, process the data, and then send the raw card data to PingPongCheckout via Transport Layer Security (TLS 1.2). This integration requires stricter PCI DSS scope because your system receives, transmits, and may store and process cardholder data—giving you complete control over the payment process and payment data. Once your website is maliciously attacked, the website or your system will potentially be able to access large amounts of cardholder data. Therefore, you must comply with all applicable PCI DSS requirements.

Previous pagegroupId

Next pagesalt