Skip to main content

PCI Compliance

We are committed to maintaining PCI DSS compliance. When integrating with our API, please follow these guidelines to ensure you remain compliant:

What NOT to Send

To ensure PCI compliance and protect payment card information, do not send us:

Full credit/debit card numbers (PAN) in plain text
Card CVV/CVC codes
Card expiry dates in plain text
Card PIN numbers
Magnetic stripe data

Secure Payment Handling

If your integration involves card payments:

Use tokenization for all card transactions
Implement PCI DSS requirements on your infrastructure
Use our secure payment endpoints (if available)
Store only payment tokens, never raw card data

Additional Information Field

We offer a dynamic field (additionalInfo) for any extra data you need for reconciliation purposes. When using this field:

Only include non-sensitive transaction metadata
Use tokenized payment references where applicable
Never include raw card details or sensitive payment data

Best Practices

Conduct regular security audits of your payment systems
Ensure your PCI DSS certification is up to date
Implement end-to-end encryption for cardholder data
Train your team on PCI compliance requirements
Monitor and log all payment-related activities

Last updated: October 2025

What NOT to Send
Secure Payment Handling
Additional Information Field
Best Practices