This document provides answers to common questions from merchants.
No. We provide a single API that allows you to work with over 100+ gateways.
We add support for gateways based on customer demand or via a strategic partnership with the gateway itself.
All merchants who process, transmit or store card holder data should comply with the Payment Card Industry Data Security Standards (PCI DSS).
In case you are using our REST API and you process, transmit or store card holder data PCI SAQ D is required.
SAQ D for Merchants applies to SAQ-eligible merchants not meeting the criteria for any other SAQ type. Examples of merchant environments that would use SAQ D may include but are not limited to:
While many organizations completing SAQ D will need to validate compliance with every PCI DSS requirement, some organizations with very specific business models may find that some requirements do not apply. See the SAQ D for information about the exclusion of certain, specific requirements.
In case you are using our REST API with our secure payment page or JavaScript API and you dont process, transmit or store card holder data PCI SAQ A is required.
SAQ A has been developed to address requirements applicable to merchants whose cardholder data functions are completely outsourced to validated third parties, where the merchant retains only paper reports or receipts with cardholder data.
SAQ A merchants may be either e-commerce or mail/telephone-order merchants (card-not-present), and do not store, process, or transmit any cardholder data in electronic format on their systems or premises.
SAQ A merchants confirm that, for this payment channel:
This shortened version of the SAQ includes questions that apply to a specific type of small merchant environment, as defined in the above eligibility criteria. If there are PCI DSS requirements applicable to your environment that are not covered in this SAQ, it may be an indication that this SAQ is not suitable for your environment. Additionally, you must still comply with all applicable PCI DSS requirements in order to be PCI DSS compliant.
By using our secure payment page or JavaScript API we ensure that the sensitive data never touches your servers.
Yes. We believe it's your data, not ours. Given this is sensitive data it will need to be transferred in a secure fashion to another fully certified PCI organization.
No. We never touch your money. Instead, money flows from your customer to your gateway/merchant account.
You can store the cards so that you can charge the same card again in the future. So in that sense we support recurring charges. However, you have to create the rules and code around when you want to re-charge those cards.
We support the underlying currencies that your particular payment gateway(s) supports.
Visit our support page.