- jasonh93Asked on February 09, 2015 at 12:52 AM
What is the latest update with being PCI (Payment Card Industry) compliant?
- CharlieAnswered on February 09, 2015 at 08:42 AM
I believe JotForm was not designed to be PCI Compliant or has certificate on it because it does not necessarily collects and process payments directly from users using their cards. We have Payment integration APIs if users want to process payments using different cards.
Here's an answer by my colleague TitusN which I believe would be more sufficient, it's found in this thread and I quoted it here.
"Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transmitted securely according to set standards by the payment service to their servers.
Some of the API's use sophisticated methods to collect and encrypt the information.
To meet the requirements of the API transmission -the following would therefore be essential:
- Using an SSL encrypted link to share your payment form - this is to prevent XSS and spyware from reading form input from a compromised browser.
Losing PCI-DSS compliance is possible if the information were logged on our servers, but it is not.
Even from our back-end access - we have no access to CC information submitted.
Our API's transfer the burden of complicance to these services through the API call."
With this, JotForm does not have any certificate for PCI compliance. I hope this helps.
- JotForm FounderaytekinAnswered on August 02, 2016 at 09:01 AM
Update: JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.