Form for accepting credit card data and PCI compliance?

  • Profile Image
    Kevin Miller 
    Asked on April 04, 2016 at 03:24 PM


        Wondering if your company has the security in place to support "sensitive" forms/data like that used for a credit card authorization form?  This data is subject to PCI compliance requirements.


  • Profile Image
    Answered on April 04, 2016 at 06:11 PM

    Hello Kevin,

    Our payment integration API's are provided by PCI compliant services, which means that we do not process the information, it is transferred securely according to a set of standards by the payment service to their servers. Some of the APIs uses methods to collect and encrypt the information. The information is not logged into our servers. Even from our back-end access - we have no access to Credit Card information submitted. Our APIs transfer the compliance to these services through the API call.

    Please let us know if you have further questions.

  • Profile Image
    Answered on August 02, 2016 at 09:28 AM

    Update: JotForm is now PCI DSS compliant. We have PCI Service Provider Level 2 certificate. We'd happy to provide certificate to any users who would need it for their payment gateway. Just contact our support team.