- tsampsonAsked on October 27, 2015 at 09:38 AM
We are thinking of using jotform in our organization for a number of items but need it to be PCI compliant per our Treasury office. Is it? And if so, could you please provide me with an Attestation of Compliance or Report on Compliance signed by a 3rd party PCI expert, a QSA?
- JotForm SupportdavidAnswered on October 27, 2015 at 12:07 PM
Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transferred securely according to a set of standards by the payment service to their servers. Some of the APIs uses methods to collect and encrypt the information. The information is not logged into our servers. Even from our back-end access - we have no access to Credit Card information submitted. Our APIs transfer the compliance to these services through the API call.
Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.
While we do not have a PCI compliance certificate ourselves, all of the Payment processors we use are PCI compliant.
- JotForm FounderaytekinAnswered on August 02, 2016 at 09:01 AM
Update: JotForm is PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.