What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    Is JotForm PCI Compliant?

    Asked by jasonh93 on February 09, 2015 at 12:52 AM

    What is the latest update with being PCI (Payment Card Industry) compliant? 

    PCI
  • Profile Image
    JotForm Support

    Answered by Charlie on February 09, 2015 at 08:42 AM

    Hi,

    I believe JotForm was not designed to be PCI Compliant or has certificate on it because it does not necessarily collects and process payments directly from users using their cards. We have Payment integration APIs if users want to process payments using different cards. 

    Here's an answer by my colleague TitusN which I believe would be more sufficient, it's found in this thread and I quoted it here.

    "Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transmitted securely according to set standards by the payment service to their servers.

    Some of the API's use sophisticated methods to collect and encrypt the information.

    To meet the requirements of the API transmission -the following would therefore be essential:

    - Using an SSL encrypted link to share your payment form - this is to prevent XSS and spyware from reading form input from a compromised browser.

    Losing PCI-DSS compliance is possible if the information were logged on our servers, but it is not.

    Even from our back-end access - we have no access to CC information submitted. 

    Our API's transfer the burden of complicance to these services through the API call."

     

    With this, JotForm does not have any certificate for PCI compliance. I hope this helps.

    Kind regards.

  • Profile Image
    JotForm Founder

    Answered by aytekin on August 02, 2016 at 09:01 AM

    Update: JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.