iPayment and Payment Card Industry Data Security Standard (PCI-DSS)

Previous  Next |  Direct link to this topic

When implementing iPayment please consult the PCI-DSS guidelines and understand the conditions presented. iPayment is not PCI certified/validation as the certification process is required to be completed by merchant and not Boyum It A/S. The bottom line is that only an organization/merchant can be validated to be PCI-DSS compliant, never an application or a system[1]. It is up to the merchant to make sure that all the conditions for PCI compliance or PCI certification depending on the route taken is fulfilled when implementing iPayment. As iPayment uses tokenization this reduces the PCI-DSS scope required to be completed by the merchant but it does not remove it entirely. Please see the tokenization chapter to learn more about how iPayment works with tokens.

Boyum It A/S cannot help with the PCI-DSS certification or PCI-DSS compliance as we are not a Qualified Security Assessor (QSA). We also cannot assist in picking the correct Self -Assessment Questionnaires (SAQ) as this depends on the setup of your business. Please contact your local QSA partner or gateway to get assistance on this. We are able to assist on answering technical questions on how iPayment operates if required by the QSA partner.