Frequently Asked Questions (FAQ)

This document provides answers to common questions from merchants.

Is PayPipes a gateway?

No. We provide a single API that allows you to work with over 100+ gateways.

How does PayPipes decide which new payment gateways to add?

We add support for gateways based on customer demand or via a strategic partnership with the gateway itself.

Do I have to worry about PCI compliance?

All merchants who process, transmit or store card holder data should comply with the Payment Card Industry Data Security Standards (PCI DSS).

In case you are using our REST API and you process, transmit or store card holder data PCI SAQ D is required.

SAQ D for Merchants applies to SAQ-eligible merchants not meeting the criteria for any other SAQ type. Examples of merchant environments that would use SAQ D may include but are not limited to:

  1. E-commerce merchants who accept cardholder data on their website
  2. Merchants with electronic storage of cardholder data
  3. Merchants that don’t store cardholder data electronically but that do not meet the criteria of another SAQ type
  4. Merchants with environments that might meet the criteria of another SAQ type, but that have additional PCI DSS requirements applicable to their environment

While many organizations completing SAQ D will need to validate compliance with every PCI DSS requirement, some organizations with very specific business models may find that some requirements do not apply. See the SAQ D for information about the exclusion of certain, specific requirements.

In case you are using our REST API with our secure payment page or JavaScript API and you dont process, transmit or store card holder data PCI SAQ A is required.

SAQ A has been developed to address requirements applicable to merchants whose cardholder data functions are completely outsourced to validated third parties, where the merchant retains only paper reports or receipts with cardholder data.

SAQ A merchants may be either e-commerce or mail/telephone-order merchants (card-not-present), and do not store, process, or transmit any cardholder data in electronic format on their systems or premises.

SAQ A merchants confirm that, for this payment channel:

  1. Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions;
  2. All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers;
  3. Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions;
  4. Your company has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant; and
  5. Any cardholder data your company retains is on paper (for example, printed reports or receipts), and these documents are not received electronically.
  6. All elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).

This shortened version of the SAQ includes questions that apply to a specific type of small merchant environment, as defined in the above eligibility criteria. If there are PCI DSS requirements applicable to your environment that are not covered in this SAQ, it may be an indication that this SAQ is not suitable for your environment. Additionally, you must still comply with all applicable PCI DSS requirements in order to be PCI DSS compliant.

How does PayPipes reduce my PCI compliance scope?

By using our secure payment page or JavaScript API we ensure that the sensitive data never touches your servers.

Will PayPipes give me my credit card data back if I wish to change services?

Yes. We believe it's your data, not ours. Given this is sensitive data it will need to be transferred in a secure fashion to another fully certified PCI organization.

Does PayPipes ever hold my funds directly?

No. We never touch your money. Instead, money flows from your customer to your gateway/merchant account.

Does PayPipes support recurring/subscription payments?

You can store the cards so that you can charge the same card again in the future. So in that sense we support recurring charges. However, you have to create the rules and code around when you want to re-charge those cards.

What currencies are supported?

We support the underlying currencies that your particular payment gateway(s) supports.

Who do I contact if I have questions or need support?

Visit our support page.