What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Is JotForm PCI Compliant?

    Asked by wootone on February 21, 2014 at 03:14 PM

    I understand that JotForm is not PCI Compliant at this time- can you tell us why that is?

    JotForm PCI compliant PCI
  • Profile Image
    JotForm Support

    Answered by Mike_T on February 21, 2014 at 03:56 PM

    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team. 

     

     

    Thank you for your interest in our service.

    The main reason is that the JotForm builder was never designed for credit card data collection on our servers. We do have SSL forms, and we care a lot about security, but we recommend to use integrations with third party providers for secure online payments. In other words, our service is completely secure in terms of online payment forms, since we do not store the credit card data on our servers.

    There is a list of available payment integrations:

    Please feel free to contact us if you need any further assistance.

  • Profile Image

    Answered by wootone on February 21, 2014 at 04:20 PM
    Hey,
    Thanks for the reply- I guess my question is- is JotForm not required to
    be PCI Compliant because you re-direct to the third party server and never
    expose or store credit card information? We just want to be sure that we
    are not exposing our customers to vulnerability of identity theft.
    Is there a point when information is decrypted on your servers to be
    relayed to authnet? That is the point at which you loose pci-dss
    compliance... If jotform is logging input somewhere, it is essentially
    storing credit card information.
    Thank you!
    *Emily N. Wooton | Customer Service Manager*
    *TriBike Transport *
    P.O. Box 7435 | Asheville N.C. 28802
    Main: 800.875.0120 x710 Event Hotline: 855.482.8411
    *emily*@tribiketransport.com |
    www.tribiketransport.com
    *

    *
    ...
  • Profile Image
    JotForm Support

    Answered by TitusN on February 21, 2014 at 04:52 PM

    Hello Emily,

    Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transmitted securely according to set standards by the payment service to their servers.

    Some of the API's use sophisticated methods to collect and encrypt the information.

    To meet the requirements of the API transmission -the following would therefore be essential:

    - Using an SSL encrypted link to share your payment form - this is to prevent XSS and spyware from reading form input from a compromised browser.

    Losing PCI-DSS compliance is possible if the information were logged on our servers, but it is not.

    Even from our back-end access - we have no access to CC information submitted. 

    Our API's transfer the burden of complicance to these services through the API call.

    Does this clarify things? Please let us know.

  • Profile Image

    Answered by wootone on February 21, 2014 at 05:00 PM
    That answers my questions :) Thank you!
    *Emily N. Wooton | Customer Service Manager*
    *TriBike Transport *
    P.O. Box 7435 | Asheville N.C. 28802
    Main: 800.875.0120 x710 Event Hotline: 855.482.8411
    *emily*@tribiketransport.com |
    www.tribiketransport.com
    *

    *
    ...
  • Profile Image
    JotForm Founder

    Answered by aytekin on August 02, 2016 at 09:03 AM

    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.