The Payment Card Industry Data Security Standard (PCI-DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle branded credit cards from the major card schemes.

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor that creates a Report on Compliance for organisations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

To integrate the Mobile Payment SDK whilst processing customer card details directly, a PCI DSS compliance certificate is needed. If this is not available you will have to make use of our SDK Card collection User Interface (UI). All interactions between your app and the payment service will be done via the pop up/UI. Each section of the documentation has a section for UI Integrators (i.e. those that are not PCI-DSS compliant) and another section for Non-UI (i.e. those that are PCI-DSS compliant).

Below is an image of the card collection UI. Once transaction is completed, status will be passed from the SDK to your application.