PCI Compliance

  • Profile Image
    habitatjackson
    Asked on February 19, 2016 at 03:48 PM

    I am filling out this questionnaire and it is asking me :

    Do you use a PCI validated P2PE Solution?

    Can you help?

  • Profile Image
    Boris
    Answered on February 20, 2016 at 05:47 AM

    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team. 

     

    We do not store nor directly process any credit card / payment information, so PCI compliance is not something that we need to worry about on our end - all payment processing through our forms must be done by using one of the supported payment tools:

    http://www.jotform.com/help/323-Mastering-Payment-Form-Integrations-with-JotForm

    When the payment form is submitted, any payment information is forwarded directly to the payment processor you have chosen on your form, according to the PCI compliant API of that payment processor.

    For example, if you use PayPal payment tool, any data is sent to PayPal through PayPal's API, and then any credit card information is collected and stored exclusively on PayPal's end.

    We do not have access to nor store any of the sensitive information that requires PCI compliance. To put it plainly, JotForm does not have PCI compliance, but payments made through our forms are PCI compliant, because you must use one of the PCI compliant payment tools for receiving payments.

    I hope this helps, but please let us know if you need any further clarifications.

  • Profile Image
    aytekin
    Answered on August 02, 2016 at 09:19 AM

    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.